[ashfrog]

I have a activeX issue or flash issue (actually i think its a shared file problem). Please note, I'm not a computer expert by any means so bare with my greenhorn lingo and hopefully it will make sense.

ISSUE
It appears both browsers I use (Explorer and Mozilla) are not recognizing I have ActiveX and Flash installed on my computer. Every website that requires these constantly asks me to insall ActiveX or Flash. I have done this several times and it appears installations were fine however, my browser still doesn't recognize these programs installed. It consistently asks me again and again to install these programs. One example is microsoftupdate.com....As soon as I go on it tells me this site requires ActiveX and shows me simply how to install it. I go thru the quick process, it appears everything installs (atleast no errors come up), but the site doesn't recognize it. I don't know what to do. I also cannot stream internet radio thru my media player anymore as I used to. this comes up with a general error everytime. Is there a common file (driver maybe?) that maybe corrupt or missing that may not let these programs communicate? properly.

Infact as I'm typing, I'm not getting the button images to show up on this website (i.e. Bold, Italic, Underline, etc. above), which tells me this site probably uses flash, or activex or something my browser isn't recognizing.

Anybody's thoughts would be much appreciated...hopefully this doesn't require a full re-installation to fix.....

Best Regards,
Ashfrog

[Advertisements]

did you try rebooting after installing flash...no joy..
go here and download Shockwave and Flash Player 10.1.3.018 and install it..should work

Edited by happyrck, 18 May 2007 - 08:35 AM.

[happyrock]

did you try rebooting after installing flash...no joy..
go here and download Shockwave and Flash Player 10.1.3.018 and install it..should work

Edited by happyrck, 18 May 2007 - 08:35 AM.

[The Skeptic]

Go to the malware forum (link in my signature) and run the initial steps before posting hjt log. Please report the results of the scan. Try to download activex again and see if there is any difference.

[ashfrog]

skeptic,

I started the cleanup process as directed (ran ATF Cleaner), however, I have come across another issue. System Restore came up as a White Blank Screen with no data inside when opened. Just a white blank screen / titled System Restore in the Blue Header (i.e. top of Internet Explorer)? I'm not sure if I should proceed with the other steps until I receive instruction on this matter.

Note, I tried System Restore logged on as Administrator, tried both Normal and Safe Mode with same result, white blank screen. Now I'm gettnig really concerned.

Any thoughts? Thank you.

[anzenketh]

Were you cleared by the Malware Team. We do not want to run system resore until your are cleared by the Malware team.

We now need to make certain that this issue is not malware because if we troubleshoot otherwize we may be wasting our time.

Please go to the malware forum and follow the instructions at the top....Especially the Instructions things to do before posting in the malware fourm.

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

[The Skeptic]

Please continue as instructed. Don't worry about the system restore at the moment. Run the other scans. These are preliminary steps that you will have to take anyway if you post in the malware forum. According to the results I'll instruct you how to proceed and it is very possible that I'll ask you to post in the malware forum. Since they are quite busy there and you may have to wait few days for response, I wanted to save this time. If however, you prefer to post on the malware forum then, by all means, do so.

[ashfrog]

OK...I ran all programs/instructions on the Malware Log, except for, System Restore (comes up blank window) and Panda ActiveScan (cannot use internet site due to ActiveX issues...I also tried downloading the program but received error below during installation:

Error Code: -5004 : 0x80070005
Error Information:
>SetupDLL\SetupDLL.cpp (3078)
PAPP:Panda ActiveScan
PVENDOR:Panda Software (http://www.pandasoftware.com)
PGUID:68EB6BDB-3BA2-40A3-8561-B4B2AB94DEEB
$11.0.0.28844
@Windows XP (2600) BT_OTHER 376.22

STEPS TAKEN

1. Ran SmitFraudFix - Finished (2 Reports below one prior to cleaning, one after cleaning)

SmitFraudFix v2.195

Scan done at 10:21:01.57, 06/12/2007
Run from C:\Documents and Settings\Jeff Thompson\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff Thompson


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeff Thompson\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

SmitFraudFix Report after Cleaning (Report Below)

SmitFraudFix v2.195

Scan done at 10:27:26.46, 06/12/2007
Run from C:\Documents and Settings\Jeff Thompson\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 adsubtract # added by adsubtract for auto-dial.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

2. Ran Smitrem.exe (Report below)


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: 06/12/2007
The current time is: 10:48:43.37

Running from
C:\Documents and Settings\Jeff Thompson\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\SYSTEM32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\SYSTEM32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 800 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\SYSTEM32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\SYSTEM32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN!

3. Ran ATF Cleaner Successfully

4. Ran AVG (log Report Below)


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:20:07 PM 06/12/2007

+ Scan result:



HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : No action taken.


::Report end

5. Ran SuperAnitSpyware Home Edition (report log below)

SUPERAntiSpyware Scan Log
Generated 06/12/2007 at 02:06 PM

Application Version : 3.6.1000

Core Rules Database Version : 3250
Trace Rules Database Version: 1261

Scan type : Complete Scan
Total Scan Time : 01:49:25

Memory items scanned : 405
Memory threats detected : 0
Registry items scanned : 5794
Registry threats detected : 15
File items scanned : 42204
File threats detected : 1

Spyware.WebSearch (WinTools/HuntBar)
HKLM\Software\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}
HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}
HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}
HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32
HKCR\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}\InprocServer32#ThreadingModel
C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories
HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32
HKCR\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\LocalServer32#ThreadingModel
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\InprocServer32#ThreadingModel
HKCR\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D}\ProgID

6. Ran Ad-Aware Personal (log below)


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, June 12, 2007 11:17:27 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


06-12-2007 11:17:27 AM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 06-12-2007 4:14:50 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 06-12-2007 4:14:58 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-12-2007 4:15:01 PM
BasePriority : Normal
FileSize : 105 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 08/18/2001 11:00:00 AM
Last accessed : 06/12/2007 4:06:15 PM
Last modified : 08/04/2004 7:56:55 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-12-2007 4:15:01 PM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 08/18/2001 11:00:00 AM
Last accessed : 06/12/2007 4:05:36 PM
Last modified : 08/04/2004 7:56:50 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-12-2007 4:15:05 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 08/18/2001 11:00:00 AM
Last accessed : 06/12/2007 4:06:20 PM
Last modified : 08/04/2004 7:56:57 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 06-12-2007 4:15:07 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 08/18/2001 11:00:00 AM
Last accessed : 06/12/2007 4:06:20 PM
Last modified : 08/04/2004 7:56:57 AM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 06-12-2007 4:15:51 PM
BasePriority : Normal
FileSize : 1008 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 05/12/2003 2:12:10 AM
Last accessed : 06/12/2007 4:15:52 PM
Last modified : 08/04/2004 7:56:49 AM

#:8 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 06-12-2007 4:16:16 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 07/06/2004 11:53:43 AM
Last accessed : 06/12/2007 4:16:16 PM
Last modified : 07/13/2003 1:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@2o7[1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 2:21:36 PM
Last accessed : 06/12/2007 3:35:38 PM
Last modified : 06/12/2007 2:22:13 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@advertising[1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 3:02:59 PM
Last accessed : 06/12/2007 4:20:49 PM
Last modified : 06/12/2007 3:02:59 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@atdmt[2].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 1:51:03 PM
Last accessed : 06/12/2007 4:20:49 PM
Last modified : 06/12/2007 1:51:03 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@casalemedia[1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 2:21:28 PM
Last accessed : 06/12/2007 4:20:49 PM
Last modified : 06/12/2007 2:21:28 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff [email protected][1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\
FileSize : 1 KB
Created on : 06/12/2007 3:02:59 PM
Last accessed : 06/12/2007 4:20:50 PM
Last modified : 06/12/2007 3:02:59 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff [email protected][1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 2:21:29 PM
Last accessed : 06/12/2007 4:20:50 PM
Last modified : 06/12/2007 2:21:30 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff [email protected][1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 2:56:07 PM
Last accessed : 06/12/2007 4:20:50 PM
Last modified : 06/12/2007 2:56:36 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@fastclick[1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 3:02:59 PM
Last accessed : 06/12/2007 4:20:50 PM
Last modified : 06/12/2007 3:02:59 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@hitbox[2].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 2:21:30 PM
Last accessed : 06/12/2007 4:20:51 PM
Last modified : 06/12/2007 2:56:36 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@mediaplex[2].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 3:09:26 PM
Last accessed : 06/12/2007 4:20:51 PM
Last modified : 06/12/2007 3:09:26 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@questionmarket[1].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 3:02:44 PM
Last accessed : 06/12/2007 4:20:52 PM
Last modified : 06/12/2007 3:02:44 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@realmedia[2].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 3:02:59 PM
Last accessed : 06/12/2007 4:20:52 PM
Last modified : 06/12/2007 3:02:59 PM



Tracking Cookie Object recognized!
Type : File
Data : jeff thompson@tribalfusion[2].txt
Object : C:\Documents and Settings\Jeff Thompson\Cookies\

Created on : 06/12/2007 3:09:27 PM
Last accessed : 06/12/2007 4:20:53 PM
Last modified : 06/12/2007 3:09:27 PM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 13


11:23:19 AM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:05:42:62
Objects scanned :51342
Objects identified :13
Objects ignored :0
New objects :13


PLEASE LET ME KNOW WHAT OTHER STEPS I NEED TO TAKE TO HELP YOU ASSIST. AGAIN, THANK YOU.

ASHFROG

[krmooo]

my friend.. the first step to take is let the malware team have a look at that log.after they give you a clean bill of health and we can be of service by all means return...

[ashfrog]

OK,

I believe I'm fixed and clean: See the origin of my problem below.

It was a chance read in an unrelated forum post that convinced me it was tied to the VBS (Visual Basic Script) references in the Registry, so I fired up Registrar Lite and narrowed down the location of the problem to the "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBS" through to the "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile.HostEncode" keys. What surprised me was that the majority of these entries had sub-key values marked as "ACCESS DENIED" -- even when logged in as the Administrator of that computer. I had seen that a few times before and really paid it no attention because I was looking at different values within the Registry for different reasons. Now, this "ACCESS DENIED" was staring me right in the face and I couldn't get away from it.

This time, I was convinced that there was some other key in the Registry that was now blocking the scrrun.dll file's registration. However, I didn't want to dig any further (I was tired!). I learned by this time that the "ACCESS DENIED" values in the Registry were likely created by some scumware which created a bogus user profile in Windows and took ownership of the affected registry keys then deleted that profile, thus locking any changes to those keys even by the Administrator account user. A fix that finally allowed me to successfully install Windows Script 5.6 was a suggestion on a blog to try a Microsoft tool called "SubInACL" which would allow me to reset ALL keys to their appropriate Administrator permissions (run in Safe Mode with Command Prompt).

How to:

I found my problem and its fixed. I found out, my registry was infected by malware

1. Download and install SubInACL

2. Create a file named reset.cmd in C:\Program Files\Windows Resource
Kits\Tools folder.

3. Edit the reset.cmd file with the following content.

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

4. Enter into CMD prompt.

5. Enter the following commands one at a time and click Enter.

cdcd "C:\Program Files\Windows Resource Kits\Tools"
reset.cmd

6. After a few minutes by processing subinacl, the permission will be reset