Hijack perusal again please

  Diemmess 11:03 10 Dec 04
Locked

This forum, Nellie2 and Mark2 has been a total saver for my "dependant" family computers in the district, where eldest grandson in particular seems capable of trashing an otherwise sweet running all purpose W2K system within one session on the net.

Recently have made a short cut to recovery possible, by a Ghost image which gives a 'clean' start again by overwriting the disordered drive C:

Now 3rd time around, I wonder if this image is as clean as I have supposed?

It has been scanned with AVG, CClean, SpyBot Adaware, protected by Zone Alarm, and SpywareGuard. (All updated).

I have run Hijack immediately after booting from the latest C: overwrite and will post the log file next.

Two things......... I have just noticed the weird date/time. The figure should be more like 0930 today. Presumbably needs a new battery but unlikely to be a major cause of this trouble.
Also the available updates for IE and 2000 have not been installed.

  Diemmess 11:06 10 Dec 04

Logfile of HijackThis v1.98.2
Scan saved at 09:26:43, on 03/11/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE

d:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\ZONELABS\vsmon.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Musicmatch\Musicmatch
Jukebox\mm_tray.exe

D:\Program Files\Grisoft\AVG6\avgcc32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\Program Files\AOL 9.0a\aoltray.exe

D:\Program Files\SpywareGuard\sgmain.exe

D:\Program Files\SpywareGuard\sgbhp.exe

C:\WINNT\system32\wuauclt.exe

D:\hijack\HijackThis.exe

  Diemmess 11:08 10 Dec 04

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - d:\Program Files\SpywareGuard\dlprotect.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\MSDXM.OCX

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [AVG_CC] D:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=click here

  ChrisRLG 12:29 10 Dec 04

Your log looks clean. (apart from the malware AOL :) lol )


BUT you have AVG6 as your AV - you need to upgrade to the AVG7 as the older version is not going to get updates to signature files etc after 31st December 2004.

  Diemmess 14:22 10 Dec 04

^

  Fruit Bat /\0/\ 14:31 10 Dec 04

Agree with ChrisRLG log looks clean.

Update to AVG7 or change to Avast.

  gudgulf 16:02 10 Dec 04

I'm afraid there is nothing else for it....grandson.exe will have to be uninstalled.

  Diemmess 17:15 10 Dec 04

(gudgulf - Some child protection agency would pop-up)

Well next time it misbehaves anyway! ......
Another 6 mile round trip completed, but isn't it almost human, that whatever you plan for a computer there is always some catch you didn't expect?

This time I was prepared to download the updates for W2000 and add IE-spyad for good measure.

The fresh image restored from yesterday fell about all over the place just as it had done for George, only this time it was me.

After several attempts including an incompleted visit to Safe Mode where it rebooted without developing fully. I had to direct Aol to the modem and accept various objections there.

Managed to install about half of the 29 updates offered before it lost interest in that too!

Eventually left after testing with several reboots and the odd shut down. Made a new image file and came home still with the feeling that I may have to go back.

If I do, it will be to collect the lot and reinstall everything. Not my favourite pastime.

This thread is now locked and can not be replied to.

The Legend of Zelda Breath of the Wild review: Five hours with Zelda on the Nintendo Switch

1995-2015: How technology has changed the world in 20 years

How the painting-like animated sequences in A Monster Calls were created by Glassworks Barcelona

The 22 best Safari extensions | Best Safari plugins: Improve Apple's Safari web browser with these…