Sign In
Create Account
0
Hi All,
I just started having this problem with my HD running a lot longer(then before) durning startup it will stop it's accessing/checking but instead of say 5-10min, it now takes 30-60mins before you hear the HD stop. I "sort" of connected it with the last Windows Vista/SQL server update, it was about that time that the HD run problem(?) started.
I have a Dell XPS 420 3mhz, dual core with 4 gb of mem. using Vista Ultimate and running NIS 2009 all fully updated. I got on the Dell fourm and was told to D/L and run in safe mode both SuperAnti Spyware and Malwarebytes and to see what results that I get, But for some reason I have not got any more replies, so I thought I'd ask here....
NIS 2009 comes up clean on full scans except for the normal cookies. I guess it's the same with Super-AntiSpyware but a bit more are reported which I delete. But on the Malwarebytes I'm not sure if I should delete the files reported incase they are needed(safer malware:))
Anyhow this is the log from both SuperAntiSpyware and Malwarebytes.. As I said I deleted all but what was reported on malwarebytes. Are these safe to delete, I used the jump to location and checks online but I'm a real rookie at this and the info if any really did not help me.
I'll include the log files below from both, and if they are safe to delete, but does not cure my longer HD run problem is there any other checks that I should do to insure that my system is as clean as possible??
And just for a bit more info, I have used Windows cleaner/defrag. and also CCleaner and System Mechanic 9 tools to clean/defrag. So the system is as clean as these tools can clean them..
All were updated just before scans. Anyway here's the logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/13/2009 at 12:19 PM
Application Version : 4.25.1014
Core Rules Database Version : 3794
Trace Rules Database Version: 1750
Scan type : Complete Scan
Total Scan Time : 00:30:24
Memory items scanned : 816
Memory threats detected : 0
Registry items scanned : 9084
Registry threats detected : 0
File items scanned : 33559
File threats detected : 25
Adware.Tracking Cookie
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\ron@2o7[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ads.bleepingcomputer[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@collective-media[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ad.yieldmanager[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@adinterax[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ads.lucidmedia[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@tribalfusion[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@adrevolver[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@www.mynortonaccount[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@ads.nascar[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@advertising[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@atdmt[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@doubleclick[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@dynamic.media.adrevolver[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@e-2dj6wdmyooazwgo.stats.esomniture[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@e-2dj6wjl4kidziap.stats.esomniture[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@fastclick[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@insightexpressai[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@media.adrevolver[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@mediaplex[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@microsoftwindows.112.2o7[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@paypal.112.2o7[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@richmedia.yahoo[2].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@specificmedia[1].txt
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Cookies\Low\ron@stats.paypal[2].txt
Malwarebytes' Anti-Malware 1.34
Database version: 1845
Windows 6.0.6001 Service Pack 1
3/13/2009 1:58:05 PM
mbam-log-2009-03-13 (13-57-59).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 249519
Time elapsed: 1 hour(s), 19 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\CouponPrinter.ocx (Adware.Coupons) -> No action taken
Back to top
#2
Posted 13 March 2009 - 10:19 PM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
The cookies from SAS are no threat.
The entries from MBAM should be scanned from Normal mode, NOT from Safe Mode. Unless specifically directed to MBAM should NEVER be ran in Safe Mode.
Please restart the computer in Normal mode and do a Scan. Then if you still have issues follow the information below.
Hello and Welcome to Malwarebytes.org
If you're having Malware related issues with your computer that you're unable to resolve.
The entries from MBAM should be scanned from Normal mode, NOT from Safe Mode. Unless specifically directed to MBAM should NEVER be ran in Safe Mode.
Please restart the computer in Normal mode and do a Scan. Then if you still have issues follow the information below.
Hello and Welcome to Malwarebytes.org
If you're having Malware related issues with your computer that you're unable to resolve.
- Please read and follow the instructions provided here: I'm infected - What do I do now?
- If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
- When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
- Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
- Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
- Using these other tools often makes the cleanup task more difficult and time consuming.
- If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
- Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
- There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
- NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
#3
Posted 13 March 2009 - 11:13 PM
-
- Members
-
- 3 posts
New Member
Thanks for the quick reply,
I did also run Malwarebytes in the normal startup mode and I had the same infection that are listed above..
So I should just go ahead and click the remove selection?? Sorry for re-asking this, but I just want to be sure that no "needed" files will be deleted..
Thanks again
Ron
I did also run Malwarebytes in the normal startup mode and I had the same infection that are listed above..
So I should just go ahead and click the remove selection?? Sorry for re-asking this, but I just want to be sure that no "needed" files will be deleted..
Thanks again
Ron
#4
Posted 14 March 2009 - 12:21 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
You need to post your logs in the HJT forum as requested. We don't work on the logs here because anyone could reply and give you bad advice, in the other forum if someone un-authorized replies to you we just delete their post.
Thanks
Thanks
#5
Posted 14 March 2009 - 10:16 PM
-
- Members
-
- 3 posts
New Member
AdvancedSetup, on Mar 13 2009, 05:21 PM, said:
You need to post your logs in the HJT forum as requested. We don't work on the logs here because anyone could reply and give you bad advice, in the other forum if someone un-authorized replies to you we just delete their post.
Thanks
Thanks
Thanks again... Sorry about that.... But all's fine and clean... I'll remember the HJT fourm if there is a next time.... B Good
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
