[Vista x64 NoActiveDesktopChanges]

Windows Vista SP2 64 Bit

Does Vista even have Active Desktop?

Malwarebytes' Anti-Malware 1.37

Database version: 2265

Windows 6.0.6002 Service Pack 2

6/11/2009 10:56:23 PM

mbam-log-2009-06-11 (22-56-16).txt

Scan type: Quick Scan

Objects scanned: 74966

Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688

38084807185615674796980888461368683837079855570838474807961498077746874708461388

9

81778083708393478034688574877037708476858081367366797270843018130117]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Trojan.BHO]

Got a new Acer Aspire One for Christmas. Uninstalled all bloatware from Acer, updated Windows and installed firefox, pidgin and VLC player.

Ran MBAM and it found this. I can't help but think it's a FP.

Malwarebytes' Anti-Malware 1.31

Database version: 1549

Windows 5.1.2600 Service Pack 3

12/26/2008 2:20:11 AM

mbam-log-2008-12-26 (02-20-09).txt

Scan type: Quick Scan

Objects scanned: 44619

Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301922520717125177121142568242114216725171467226

7661468256969692120217022682194]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Start_ShowRun (Hijack.StartMenu)]

okay I think I figured out the problem. On my laptop I had the "recent items" button removed on the start menu. My desktop had it and after I disabled it I got the same "infection" with MBAM. Strange but I'm sure it's a FP now.

Apparently it only detects it if you have removed the recent items list as well (which I do)

[Start_ShowRun (Hijack.StartMenu)]

The problem is that in XP its not and access is removed by this infection .

We have removed several of the less important ones from defs and this may be another that I consider .

At some point we are adding a tool to correct multiple windows issues both related and unrelated to malware damage and some of these will be moved to that tool .

I am going to ask our coder if I can have the ability to add a , XP flag to this def form to allow filtering by OS , that would also fix this issue .

Thanks for your speedy replies. I am notoriously careful about what I install on my machine so I was very worried for a while. I am still wondering as to why this "infection" does not appear on my desktop computer which runs the same OS and has the default Vista start menu like my laptop does.

I will take a look at this further tonight when I have access to both computers.

Thanks again.

[Start_ShowRun (Hijack.StartMenu)]

There is a common infection that is hijacking this component and this will correct that problrm .

We cant tell if run has been hidden intentionally .

Right click the entry and tell MBAM to ignore it , you wont see it again in scan results .

Correct me if I'm wrong but I believe the default in Vista is for run to not be on the start menu.

[Start_ShowRun (Hijack.StartMenu)]

Hi, I get this result on my laptop which runs Vista premium but not on my desktop which runs the same OS. I am not sure if it is a FP but I can avoid getting this "infection" detected if I allow run in the start menu. I am worried however as to why it happens on one pc but not another.

Malwarebytes' Anti-Malware 1.14

Database version: 819

11:23:17 PM 6/3/2008

mbam-log-6-3-2008 (23-23-14).txt

Scan type: Quick Scan

Objects scanned: 31555

Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)