• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
AgentZero

AgentZero's problem

4 posts in this topic

This is driving me nutz: I've got rid of the automove.exe, run spybot and adaware. both are reporting a healthy system but bazooka keeps telling me thats not true. so I look in the registry and every time I reboot the entry for "adstartup" keeps appearing.

 

Bazooka log:

****************************************

Bazooka Spyware Scanner v1.13.01

http://www.kephyr.com/spywarescanner/

http://www.kephyr.com/spywarescanner/library/

support@kephyr.com

Log created 16:26:08.

OS: Windows 98

Database version: 2.090000

Database format version: 1.020000

Database date: 20040622

Current date: 2004-06-23 16:26

 

 

****************************************

Result when scanning:

 

Adstartup 423.787.000 Adstartup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adstartup

http://www.kephyr.com/spywarescanner/libra...tup/index.phtml

 

****************************************

Auto start entries:

 

****************************************

Run entries:

SystemTray SysTray.Exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemTray

 

IntelliType "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IntelliType

 

EnsoniqMixer starter.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\EnsoniqMixer

 

LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LoadPowerProfile

 

Zone Labs Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client

 

Adstartup C:\WINDOWS\SYSTEM\automove.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adstartup

 

Ad-aware "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Ad-aware

 

LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\LoadPowerProfile

 

TrueVector C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\TrueVector

 

 

Go here to analyse the run entries and the associated files:

http://www.kephyr.com/filedb/index.php

 

****************************************

Browser helper objects:

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

 

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

 

{5FA6752A-C4A0-4222-88C2-928AE5AB4966} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{5FA6752A-C4A0-4222-88C2-928AE5AB4966}\InprocServer32

 

System error message: The system cannot find the file specified.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FA6752A-C4A0-4222-88C2-928AE5AB4966}

 

 

****************************************

Toolbars:

 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

 

{8E718888-423F-11D2-876E-00A0C9082467} C:\WINDOWS\SYSTEM\MSDXM.OCX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8E718888-423F-11D2-876E-00A0C9082467}

 

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

 

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

 

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

 

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\SYSTEM\BROWSEUI.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

 

{2318C2B1-4965-11D4-9B18-009027A5CD4F} c:\program files\google\googletoolbar2.dll

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

 

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\SYSTEM\SHDOCVW.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

 

{EFA24E64-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\SYSTEM\SHDOCVW.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}

 

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\SYSTEM\SHDOCVW.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

 

{32683183-48a0-441b-a342-7c2a440a9478} C:\WINDOWS\SYSTEM\BROWSEUI.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

 

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\SYSTEM\SHDOCVW.DLL

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

 

 

****************************************

All processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE

C:\PROGRAM FILES\BAZOOKA SPYWARE SCANNER\SPYWARESCANNER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\REGEDIT.EXE

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

 

Go here to analyse the running processes:

http://www.kephyr.com/filedb/index.php

 

****************************************

Internet Explorer Settings:

 

Default_Page_URL http://www.google.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

 

Default_Search_URL

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

 

Local Page C:\WINDOWS\SYSTEM\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

 

Search Bar

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

 

Search Page http://www.google.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

 

Start Page http://www.google.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

 

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\

 

SearchAssistant http://www.google.com/ie

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

 

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

 

http://

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

 

www http://

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

 

http://www.google.com/keyword/%s

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\

 

provider gogl

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

 

Local Page C:\WINDOWS\SYSTEM\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

 

Search Bar http://www.google.com/ie

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

 

Search Page http://www.google.com

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

 

Start Page http://www.google.co.uk/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

 

Use Search Asst no

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst

 

 

****************************************

Hijackthis log

 

Logfile of HijackThis v1.97.7

Scan saved at 11:10:22, on 23/06/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\TYPE32.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\EXCEL.EXE

C:\WINDOWS\MSAGENT\AGENTSVR.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\HPZSTC03.EXE

C:\WINDOWS\SYSTEM\HPZSTATX.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\WINDOWS\TEMP\HIJACKTHIS.EXE

C:\WINDOWS\SYSTEM\HPZENG03.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\SYSTEM\automove.exe

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://signup.server.worldonline.co.uk/registrations

O15 - Trusted Zone: http://www.bbc.co.uk

O15 - Trusted Zone: http://board1.mantisforums.com

O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

 

---------------------------------------------------------------

 

 

Can anyone help ?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0