check up

Discussion in 'adware, spyware & hijack cleaning' started by Vi, Mar 2, 2004.

Thread Status:
Not open for further replies.
  1. Vi

    Vi Guest

    a checkup would be greatly appreciated

    Logfile of HijackThis v1.97.7
    Scan saved at 7:32:22 PM, on 3/2/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SOYO\HW Monitor\Itesmart.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\MystikOne\My Documents\framxpro\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Beware of Dog\Screaming Broccoli.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\MYSTIK~1\LOCALS~1\Temp\Rar$EX00.605\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\SOYO\HW Monitor\Itesmart.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\MystikOne\My Documents\framxpro\FreeRAM XP Pro 1.40.exe" -win
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2682B7-6C6C-4630-B729-69DE193D0B6E}: NameServer = 64.136.20.133 64.136.28.133
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Vi,

    You need to visit Windows Update.
    I would fix this one:
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    since it is not necessary and BackWeb Lite comes with some privacy issues.
    And to satisfy my curiosity: what is
    C:\Program Files\Beware of Dog\Screaming Broccoli.exe

    Reagrds,

    Pieter
     
  3. Kevin_b_er

    Kevin_b_er Registered Member

    Joined:
    Dec 1, 2002
    Posts:
    13
    Woah, talk about a blast from the past, its the Screaming Broccoli!!!!!!


    Back in the dotcom heyday, there were over a dozen free ISPs, a community emerged to remove the ads from the free ISP software and/or connect through a pure PPP link. This was accomplished by many means.

    One group, produced a program that killed the free ISP software (which had annoying ads and lowered screen size) without terminating the connection. It came with a program called Screaming Broccoli, which just did timed pings to the gateway to try to avoid early disconnection.

    I'm surpised to still see this relic running, I lost my copy of it over a year ago.


    To sum it up:
    The program is otherwise harmless, it just auto pings the gateway at timed intervals. (for the layman: pings the computer your own computer is connected to when you get online)


    Also on a side note: Hello felllow dunner, Vi!!!!!!
     
  4. Vi

    Vi Guest

    heh juno doesnt work no more they foudn a way around it finally heh..well i had just reformatted my computer so the check-up was to see if i was clean, since hten i downloaded some programs and went to websites and what not..i have a grip of ads any help please?

    Logfile of HijackThis v1.97.7
    Scan saved at 9:29:51 PM, on 3/3/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SOYO\HW Monitor\Itesmart.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\AIM95\aim.exe
    C:\Documents and Settings\MystikOne\My Documents\framxpro\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\America Online 9.0\aolwbspd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\MYSTIK~1\LOCALS~1\Temp\Rar$EX00.143\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://animelayer.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\SOYO\HW Monitor\Itesmart.exe
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\MystikOne\My Documents\framxpro\FreeRAM XP Pro 1.40.exe" -win
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2682B7-6C6C-4630-B729-69DE193D0B6E}: NameServer = 198.81.19.4

    thanks.
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Still clean, but please, please update Windows while you still are.
    And get some protection.

    Read this on how to minimize the risk of infection: http://boards.cexx.org/viewtopic.php?t=957.

    Thanks for the info on the "broccoli" Kevin. :)

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.