Jump to content

Whats safe to remove from scans??


Recommended Posts

Hi All,

I just started having this problem with my HD running a lot longer(then before) durning startup it will stop it's accessing/checking but instead of say 5-10min, it now takes 30-60mins before you hear the HD stop. I "sort" of connected it with the last Windows Vista/SQL server update, it was about that time that the HD run problem(?) started.

I have a Dell XPS 420 3mhz, dual core with 4 gb of mem. using Vista Ultimate and running NIS 2009 all fully updated. I got on the Dell fourm and was told to D/L and run in safe mode both SuperAnti Spyware and Malwarebytes and to see what results that I get, But for some reason I have not got any more replies, so I thought I'd ask here....

NIS 2009 comes up clean on full scans except for the normal cookies. I guess it's the same with Super-AntiSpyware but a bit more are reported which I delete. But on the Malwarebytes I'm not sure if I should delete the files reported incase they are needed(safer malware:))

Anyhow this is the log from both SuperAntiSpyware and Malwarebytes.. As I said I deleted all but what was reported on malwarebytes. Are these safe to delete, I used the jump to location and checks online but I'm a real rookie at this and the info if any really did not help me.

I'll include the log files below from both, and if they are safe to delete, but does not cure my longer HD run problem is there any other checks that I should do to insure that my system is as clean as possible??

And just for a bit more info, I have used Windows cleaner/defrag. and also CCleaner and System Mechanic 9 tools to clean/defrag. So the system is as clean as these tools can clean them..

All were updated just before scans. Anyway here's the logs:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 03/13/2009 at 12:19 PM

Application Version : 4.25.1014

Core Rules Database Version : 3794

Trace Rules Database Version: 1750

Scan type : Complete Scan

Total Scan Time : 00:30:24

Memory items scanned : 816

Memory threats detected : 0

Registry items scanned : 9084

Registry threats detected : 0

File items scanned : 33559

File threats detected : 25

Adware.Tracking Cookie

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\ron@2o7[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ads.bleepingcomputer[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@collective-media[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ad.yieldmanager[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@adinterax[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ads.lucidmedia[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@tribalfusion[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@adrevolver[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@www.mynortonaccount[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ads.nascar[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@advertising[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@atdmt[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@doubleclick[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@dynamic.media.adrevolver[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@e-2dj6wdmyooazwgo.stats.esomniture[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@e-2dj6wjl4kidziap.stats.esomniture[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@fastclick[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@insightexpressai[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@media.adrevolver[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@mediaplex[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@microsoftwindows.112.2o7[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@paypal.112.2o7[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@richmedia.yahoo[2].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@specificmedia[1].txt

C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@stats.paypal[2].txt

Malwarebytes' Anti-Malware 1.34

Database version: 1845

Windows 6.0.6001 Service Pack 1

3/13/2009 1:58:05 PM

mbam-log-2009-03-13 (13-57-59).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 249519

Time elapsed: 1 hour(s), 19 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\CouponPrinter.ocx (Adware.Coupons) -> No action taken

Link to post
Share on other sites

  • Root Admin

The cookies from SAS are no threat.

The entries from MBAM should be scanned from Normal mode, NOT from Safe Mode. Unless specifically directed to MBAM should NEVER be ran in Safe Mode.

Please restart the computer in Normal mode and do a Scan. Then if you still have issues follow the information below.

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Thanks for the quick reply,

I did also run Malwarebytes in the normal startup mode and I had the same infection that are listed above..

So I should just go ahead and click the remove selection?? Sorry for re-asking this, but I just want to be sure that no "needed" files will be deleted..

Thanks again

Ron

Link to post
Share on other sites

You need to post your logs in the HJT forum as requested. We don't work on the logs here because anyone could reply and give you bad advice, in the other forum if someone un-authorized replies to you we just delete their post.

Thanks

Thanks again... Sorry about that.... But all's fine and clean... I'll remember the HJT fourm if there is a next time.... B Good

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.