Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Program Files (x86) not executing

  1. 2009-03-26, 21:56 #11
    Tobias Nightbringer
    Tobias Nightbringer is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    Here is the Malwarebytes Log

    Malwarebytes' Anti-Malware 1.34
    Database version: 1903
    Windows 6.0.6001 Service Pack 1

    3/26/2009 1:54:29 PM
    mbam-log-2009-03-26 (13-54-24).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 275596
    Time elapsed: 1 hour(s), 5 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  2. 2009-03-26, 21:58 #12
    Tobias Nightbringer
    Tobias Nightbringer is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    Disregard that last log. This is the 'updated' log after deleting the infected Registry Data File.

    Malwarebytes' Anti-Malware 1.34
    Database version: 1903
    Windows 6.0.6001 Service Pack 1

    3/26/2009 1:57:29 PM
    mbam-log-2009-03-26 (13-57-29).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 275596
    Time elapsed: 1 hour(s), 5 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  3. 2009-03-27, 00:31 #13
    Tobias Nightbringer
    Tobias Nightbringer is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    Active Scan

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-03-26 16:29:42
    PROTECTIONS: 2
    MALWARE: 23
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    COMODO Defense+ 3.5 No Yes
    Windows Defender 1.1.1505.0 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@trafficmp[2].txt
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@trafficmp[1].txt
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@trafficmp[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@doubleclick[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\mom_and_sis@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\mom_and_sis@atdmt[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@atdmt[1].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@tradedoubler[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@tribalfusion[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@tribalfusion[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@mediaplex[1].txt
    00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@clickbank[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@com[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@xiti[1].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@statcounter[2].txt
    00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@perf.overture[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@ad.yieldmanager[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@ad.yieldmanager[2].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@apmebf[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@serving-sys[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@bs.serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@bs.serving-sys[1].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@server.iad.liveperson[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@advertising[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@advertising[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@advertising[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@ads.pointroll[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@ads.pointroll[1].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@realmedia[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@questionmarket[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\mom_and_sis@questionmarket[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@questionmarket[2].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@zedo[2].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@zedo[2].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@zedo[1].txt
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@adrevolver[2].txt
    00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Mom and Sis\AppData\Roaming\Microsoft\Windows\Cookies\Low\mom_and_sis@atwola[2].txt
    00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\Low\tobias@atwola[2].txt
    00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Cookies\tobias@atwola[1].txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location $����39
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description $����39
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
  4. 2009-03-27, 14:36 #14
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Nothing to worry about there, just a few cookies.

    Let's make sure there is nothing hiding .....


    Please Download GMER to your desktop

    Download GMER and extract it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click Yes.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
  5. 2009-03-29, 09:06 #15
    Tobias Nightbringer
    Tobias Nightbringer is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    I apologize for the late response. Life threw me a curve ball so I haven't been online in the last few days.

    GMER 1.0.15.14966 - http://www.gmer.net
    Rootkit scan 2009-03-27 13:32:54
    Windows 6.0.6001 Service Pack 1


    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM (size mismatch) 294912/262144 bytes

    ---- EOF - GMER 1.0.15 ----
  6. 2009-03-29, 18:32 #16
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Well, I am fairly sure that your machine is infection free

    From your description of the problem, it sounds as if one of the programs you use is corrupting the registry.

    Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

    http://www.techsupportforum.com/
    http://www.bleepingcomputer.com/forums/
    http://forums.whatthetech.com/forums.html

    All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

    When you start your thread, explain what the problem is and let them know that you have been checked for malware.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
  7. 2009-03-30, 11:48 #17
    Tobias Nightbringer
    Tobias Nightbringer is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    HUZZAH! Thank you so very much Very much appreciate all of your help and patience!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules