1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

not sure

Discussion in 'Virus & Other Malware Removal' started by sgb, Oct 18, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    hi
    I am new to this section on virus and I am not sure if this is a virus or not, When I go on line and open my browser is Lycos terra, it comes up as a voice that says he ha ha, and i can't get rid of it, so i loaded www. spybot.com and the voice is still there, does that mean i have a virus I am running Windows 98SE. When I scan with norton virus it said I had none. So far everything is working ok for now . The voice is driving me cazy, I am a beginer at this computer virus stuff. Please help me this has never happen to me before. It started when I went to my email (outlook express) so i don't know if it came through email but I think that is where it started and also when i browse.

    thank you
    sgb
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or

    even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. Deathdealer

    Deathdealer Guest

    Please do this. Go here

    http://www.tomcoyote.org/hjt/hijackthis.zip

    and download Hijack This. Un Zip it and click on the Hijackthis.exe.


    Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

    Do NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
     
  4. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    to open file after i download it , it come up what program do you want to use to open program I am not sure if I should IE or the other ones I have , what am I to do use ie to open I am running windows 98se
    thks
    sgb
     
  5. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    HT comes in a zip form ... you'll need something to unzip it to make it useable.

    If you don't have one, you can download an evaluation version of WinZip here: http://www.winzip.com/ddchomea.htm
     
  6. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    i loaded the winzip file and when i try to open the hijackthis.exe file i get an error message DLL file MSVBVM60.LL is not found so now what do i do, is there an other way to do this because is not working.
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  8. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    I loaded the missingfile set up and when i tried to unzip it still came up as required MSVBVM60.LL is not found so now what?
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
  10. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    Logfile of HijackThis v1.97.3
    Scan saved at 8:14:49 PM, on 10/19/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMON32A.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\DESK98.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.starpower.net/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.starpower.net/home/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUpld32.exe" -l
    O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMon32a.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O14 - IERESET.INF: START_PAGE_URL=http://start.starpower.net/home/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/195a37fca505dffeb106/netzip/RdxIE.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37896.7640625
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Your log is clean and very tidy..
    Can you do this......In HijackThis hit the "config" and "misc tools" button and click on "generate startuplist" do the same with that......... IE: copy/paste the list in your next post.

    Scan here:http://www.anti-trojan.net/en/onlinecheck.aspx
    and let us know the result.

    ;)
     
  12. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    StartupList report, 10/20/03, 8:22:57 AM
    StartupList version: 1.52
    Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v5.50 (5.50.4134.0600)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMON32A.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\DESK98.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    HydarVisionDesktopManager = desk98.exe
    AtiPTA = Atiptaxx.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    zBrowser Launcher = C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    AccessRampLAN 01 = "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUpld32.exe" -l
    AccessRampMonitor 01 = "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMon32a.exe"
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ATI Launchpad =
    AIM = C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 1/9/2003, 16:11:40)

    [rename]
    The Learning Company=The Learning Company

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [RdxIE Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
    CODEBASE = http://207.188.7.150/195a37fca505dffeb106/netzip/RdxIE.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37896.7640625

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 5,180 bytes
    Report generated in 0.033 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
    StartupList report, 10/20/03, 8:22:57 AM
    StartupList version: 1.52
    Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v5.50 (5.50.4134.0600)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMON32A.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\DESK98.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    HydarVisionDesktopManager = desk98.exe
    AtiPTA = Atiptaxx.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    zBrowser Launcher = C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    AccessRampLAN 01 = "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUpld32.exe" -l
    AccessRampMonitor 01 = "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMon32a.exe"
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ATI Launchpad =
    AIM = C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 1/9/2003, 16:11:40)

    [rename]
    The Learning Company=The Learning Company

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [RdxIE Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
    CODEBASE = http://207.188.7.150/195a37fca505dffeb106/netzip/RdxIE.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37896.7640625

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 5,180 bytes
    Report generated in 0.033 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
    StartupList report, 10/20/03, 8:22:57 AM
    StartupList version: 1.52
    Started from : C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v5.50 (5.50.4134.0600)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMON32A.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\DESK98.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY\KBDTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUPLD32.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    HydarVisionDesktopManager = desk98.exe
    AtiPTA = Atiptaxx.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    zBrowser Launcher = C:\PROGRA~1\LOGITECH\ITOUCH\iTouch.exe
    EM_EXEC = C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    AccessRampLAN 01 = "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARUpld32.exe" -l
    AccessRampMonitor 01 = "C:\PROGRAM FILES\INVERSE IP INSIGHT\STARPOWER\ARMon32a.exe"
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ATI Launchpad =
    AIM = C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 1/9/2003, 16:11:40)

    [rename]
    The Learning Company=The Learning Company

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [RdxIE Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RDXIE.DLL
    CODEBASE = http://207.188.7.150/195a37fca505dffeb106/netzip/RdxIE.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37896.7640625

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 5,180 bytes
    Report generated in 0.033 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  13. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Nothing at all that would sugest where your "voice" is coming from....Is it just on the one page?
     
  14. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    no it starts when i start my ie and then when the computer is not doing anything also when i was downing loading zip file and other things. this is crazy , i think it only happens when I am on line. Is there anything I can do? this voice goes he ha like a cowboy and it just did it again as I am writing to you . it does it where there is a pause I think a long pause maybe very long pause before it does again.
     
  15. sgb

    sgb Thread Starter

    Joined:
    Jan 21, 2000
    Messages:
    173
    Total Selected Updates
    Review and install your selected updates
    Your total selected updates include an exclusive item that must be installed separately from other updates. To install the exclusive item, click Install Now. If you wish to install other critical updates, remove the exclusive item by clicking Remove.
    There are no updates selected
    Review the list of items you have chosen to download and install on your computer. You can remove any item you don't want. To select updates for installation, click a category beneath Pick updates to install (or click Pick updates to install if no categories appear), and then click Add next to any update that you want. To install an update, you must accept the license agreement. The license agreement for one or more of the items in the following list must still be accepted. If you do not want to install an item, you can remove it.
    Install Now Total: 19 = 12.7 MB
    Microsoft Internet Explorer 6 Service Pack 1 (Windows 98, Windows Me)*
    Download size: 452 KB
    Internet Explorer 6 Service Pack 1 (SP1) is the most recent version of the Internet Explorer 6 core technologies in Windows® XP Home Edition and Windows XP Professional. Internet Explorer 6 Service Pack 1 helps provide a private, reliable, and flexible browsing experience and the freedom to experience the best of the Internet for users of Windows XP, Windows Millennium Edition (Windows Me), Windows 2000, Windows 98, and Windows NT® 4.0 Service Pack 6a. Total download size for a typical installation is approximately 25 megabytes (MB). However, because setup downloads only those files that are necessary for your computer, this size can vary between 11 and 75 MB. Read more...

    * Must be installed separately from other updates

    Remove
    Security Update for Microsoft Windows (KB819696)
    Download size: 790 KB
    An identified security issue in Microsoft DirectX could allow an attacker to run programs on a computer running Microsoft Windows. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site. You can help protect your computer by installing this update from Microsoft. Once you have installed this item, it cannot be removed. Read more...

    Remove
    823559: Security Update for Microsoft Windows
    Download size: 305 KB
    An identified security issue in Microsoft Windows could allow an attacker to compromise a Microsoft Windows-based system and then take a variety of actions. For example, an attacker could execute code on the system. By installing this update, you can help protect your computer. After you install this item, you may have to restart your computer. Read more...

    Remove
    816093: Security Update Microsoft Virtual Machine (Microsoft VM)
    Download size: 5.1 MB
    This update helps resolve a vulnerability in the Microsoft virtual machine. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed. Read more...

    Remove
    814078: Security Update (Microsoft Jscript version 5.5, Windows 98, Windows Millennium Edition, Windows NT 4.0)
    Download size: 345 KB
    A security issue has been identified that could allow an attacker to run programs on a computer running Microsoft® Windows®. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed. Read more...

    Remove
    Q329414: Security Update (MDAC 2.1)
    Download size: 814 KB
    This security update applies to a component of Windows known as the Microsoft Data Access Component (MDAC). Please install now to help protect your Windows-based computer. For more information, read the associated Microsoft Security Bulletin at http://www.microsoft.com/security. Read more...

    Remove
    Q329115: Security Update (Windows 98)
    Download size: 407 KB
    This update resolves the "Certificate Validation Flaw Could Enable Identity Spoofing" vulnerability in Windows 98. Download now to help prevent an attacker from attempting identity spoofing using certificates. Read more...

    Remove
    Windows Share Level Password Update
    Download size: 210 KB
    This update resolves the "Windows Share Level Password" vulnerability in Windows 98 and Windows 98 Second Edition. If a computer that is linked to a network has File and Print Sharing enabled, and has at least one password-protected folder shared, it may be possible for a user on the network to gain unauthorized access to the folder. This vulnerability exists because of the way the password feature of share level access is implemented for computers running Windows 98. A malicious user can exploit this vulnerability and use a special client utility to gain access to a share without knowing the entire password, and may be able to retrieve, modify, or delete any file within that share. Download now to prevent unauthorized access to files that are shared over a network that uses share level security. Read more...

    Remove
    Q323172: Security Update (Windows 98)
    Download size: 214 KB
    This update resolves the "Flaw in Digital Certificate Enrollment Component Allows Certificate Deletion" security vulnerability in Windows 98. Download now to help stop a Web site or HTML e-mail from deleting digital certificates on your computer and preventing you from using the services they are associated with. Read more...

    Remove
    Q323255: Security Update (Windows 98)
    Download size: 496 KB
    This update resolves the "Unchecked buffer in HTML Help can lead to Code Execution" security vulnerability in Windows 98. Download now to help prevent a malicious user from running an unauthorized program on your computer. Read more...

    Remove
    Security Update, May 19, 2000
    Download size: 193 KB
    This update resolves the "IP Fragment Reassembly" security vulnerability in Windows 98 and Windows 98 Second Edition (SE), and is discussed in Microsoft Security Bulletin MS00-029. Read more...

    Remove
    Q320920: Security Update (Windows Media Player 6.4)
    Download size: 935 KB
    This update, the "26 June 2002 Cumulative Patch for Windows Media Player," resolves several vulnerabilities in Windows Media Player 6.4. Download now to help prevent a malicious user from running code of his or her choice on your computer. This item has been updated since it was released in June, 2002. Microsoft recommends that you install this item, even if you installed it when it was first released. Read more...

    Remove
    Security Update, November 12, 1999
    Download size: 169 KB
    This update eliminates the "File Access URL" vulnerability in Windows 98, and is discussed in Microsoft Security Bulletin MS99-049. Download now to help prevent a malicious user or Web site operator from exploiting the vulnerability to run arbitrary code or cause your computer to crash. Read more...

    Remove
    Security Update, February 14, 2002 (Internet Explorer 5.5)
    Download size: 307 KB
    This is an updated version of Security Update, February 14, 2002. This update resolves the "Incorrect VBScript Handling can Allow Web Pages to Read Local Files" security vulnerability in Internet Explorer 5.5 and Windows Millennium Edition (Windows Me), Windows 98, or Windows NT® 4.0, and is discussed in Microsoft Security Bulletin MS02-009. Download now to prevent a malicious user from using an unauthorized Web site to read the contents of files on your local computer. Read more...

    Remove
    Security Update, March 7, 2002
    Download size: 834 KB
    This update resolves the "Unchecked Buffer in Windows Shell Could Lead to Code Execution" security vulnerability in Windows 98 and is discussed in Microsoft Security Bulletin MS02-014. Download now to help prevent a malicious user from running programs on your computer. Read more...

    Remove
    Security Update, November 20, 2001
    Download size: 789 KB
    This update resolves the "Windows Media Player .asf processor contains unchecked buffer" security vulnerability in Windows Media Player, Windows Millennium Edition (Windows Me), and Windows 2000, and is discussed in Microsoft Security Bulletin MS01-056. Download now to prevent a malicious user from running code of his or her choice on your computer. Read more...

    Remove
    Security Update, April 2, 2001
    Download size: 125 KB
    This update resolves the "Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard" security vulnerability, and is discussed in Microsoft Security Bulletin MS01-017. Download now to help prevent an unauthorized user from running code on your computer by digitally signing programs as "Microsoft Corporation." Read more...

    Remove
    Security Update, March 17, 2000
    Download size: 222 KB
    This update eliminates the "DOS Device in Path Name" security vulnerability found in Windows 98 and Windows 98 Second Edition, and is discussed in Microsoft Security Bulletin MS00-017. Download now to help prevent a malicious user from causing your computer to crash by accessing a file or folder with a path that contains certain reserved words. Read more...

    Remove
    Security Update 1, November 29, 1999
    Download size: 197 KB
    This update eliminates the "Spoofed Route Pointer" and "Fragmented IGMP Packet" vulnerabilities in Microsoft Windows 98. Download now to help prevent a malicious user from using source routing to obtain network information through your Windows 98 computer, and to protect your computer's performance when it encounters fragmented data packets. Read more...

    Remove
    There are no updates selected.
    I went to the windows update and found all these,
    I am suppose to download all of these files because some say you can't remove them once install
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172917

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice