HijackThis Log - Could somebody please check..

There are some entries in this log that I'm not too sure about, would appreciate somebody checking to see if there are any nasties. Thanks !!

Logfile of HijackThis v1.97.7

Scan saved at 3:53:03 PM, on 22/06/04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\TASKMON.EXE

C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE

C:\WINDOWS\ESSOLO.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\ANY PASSWORD\ANYPASS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\HJT CWS STARTUP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PopUpKiller] C:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE

O4 - HKLM\..\Run: [ESSOLO] ESSOLO.EXE

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: AIM (HKLM)

O16 - DPF: {17490F14-B6E6-11D2-8E5C-0000F87A4946} (MSN Communities Upload Control) - http://content.communities.msn.com/cs/msnupld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/controls/mcsi/mcsimenu.cab

O16 - DPF: {340FBD92-B7BB-11D2-8299-00104B27F81B} (ScanCtl Class) - http://outpost.zdnet.com/updates/resources/updates.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.ca/r/neutral/controls/MsnPUpld.cab?5,0,1730,0

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37940.2374189815

O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab

 

I posted under the log for perusal today as well if somebody could take a look. SInce I have also went into safe mode to delete the dll,exe, and ini files as advised in another thread. I am about ready to take some c4 to it!


Thanks

 

Logfile of HijackThis v1.97.7
Scan saved at 3:53:03 PM, on 22/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Revised to show logitems not sure of:

C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

These items may be OK or not, but they were not on my last clean logfile.

How the hey do you google for this stuff?????

Have a feeling my knowledge vs yours would fit on my pinky fingernail.
I do have some knowledge, but right now feel pretty stupid....

Thanks for your help!!!

 

Looks to be for telephony. tapisrv.exe. The following site says its not a bug virus or malware etc. DON"T click if your unsure as I cannot gaurantee it is a safe link. (good on my mac) It talks about wintask4 for dial up networking, so if you don't do dialup, you can probably can it. On the site there is reference to telephony, so if you use that it must stay. Enter at you own risk, looks legit to me.
http://www.liutilities.com/products/wintaskspro/processlibrary/tapisrv/

The bho entry is probably a leftover.

The internet explorer stuff can most likely be gotten again if you need it. (make sure you have backup browser or IE software)

As far a Googling, just go to http://www.google.com and type in part or all of the entries and go to the pages that come back from your search. Be carefull tho as some of the sites could bite back. I use my mac for research as most bugs are written for windows.

 

Thanks mag00 for taking the time to answer my 'not sure of' stuff in HijackThis Log.

Did do a find for the bho in Spywareblaster - it came up with nada. It has 2972 nasties to check against, so perhaps that one is OK too.

Will be careful when googling for this kind of info. Good of you to point that out.

Never had a Mac, is it good??

A very grateful HUDIK

 

Nope

Glad I could be of some help, I try a little with some on xp and since I haven't delved into the bowels of the xp, I don't know much about it. I play on 3 different 98 machines. Software titles are abundant for windows.

I've been a mac guy for most my computing life, and only recently bought a pc. I like them both for different reasons. I particularily like the messages, this is not win 32 compatable after a dialer has tried to install, just cracks me up.

At least once a day IE locks up, but other than that, pretty stable. The new os x seems to be getting attacked now some.

I'll still buy a new G5 dual one of these days, and also probably a newer hyperthreading amd type also. It's either that or I'll just give up technology completely and go back to the stoe age. NOT!