I have recently been plagued by random system crashes and inability to open programs consistently.
I have followed your instructions and run ATF cleaner.
Also Malwarebytes' Anti-Malware log below
Malwarebytes' Anti-Malware 1.11
Database version: 709
Scan type: Quick Scan
Objects scanned: 37832
Time elapsed: 4 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{313300da-0267-4825-b7f5-841e3503fe31} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0afea888-b97b-4ede-ac47-1fee31d5cee5} (Trojan.Vundo) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> No action taken.
Also ran SUPERAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/03/2008 at 01:44 PM
Application Version : 4.0.1154
Core Rules Database Version : 3452
Trace Rules Database Version: 1444
Scan type : Quick Scan
Total Scan Time : 00:01:18
Memory items scanned : 437
Memory threats detected : 0
Registry items scanned : 429
Registry threats detected : 0
File items scanned : 650
File threats detected : 0
Ran AVG
Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed;"0"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Saturday, May 03, 2008, 12:04:43 AM"
Total object scanned:;"775890"
Time needed:;"1 hour(s) 14 minute(s) 46 second(s) "
Errors encountered:;"0"
Warnings
File;"Infection";"Result"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Healed"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt;"Found Tracking cookie.Webtrends";"Healed"
Finally Hijack this log
Hello;
I have recently been plagued by random system crashes and inability to open programs consistently.
I have followed your instructions and run ATF cleaner.
Also Malwarebytes' Anti-Malware log below
Malwarebytes' Anti-Malware 1.11
Database version: 709
Scan type: Quick Scan
Objects scanned: 37832
Time elapsed: 4 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{313300da-0267-4825-b7f5-841e3503fe31} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0afea888-b97b-4ede-ac47-1fee31d5cee5} (Trojan.Vundo) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> No action taken.
Also ran SUPERAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/03/2008 at 01:44 PM
Application Version : 4.0.1154
Core Rules Database Version : 3452
Trace Rules Database Version: 1444
Scan type : Quick Scan
Total Scan Time : 00:01:18
Memory items scanned : 437
Memory threats detected : 0
Registry items scanned : 429
Registry threats detected : 0
File items scanned : 650
File threats detected : 0
Ran AVG
Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed;"0"
Not removed or healed.;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"Saturday, May 03, 2008, 12:04:43 AM"
Total object scanned:;"775890"
Time needed:;"1 hour(s) 14 minute(s) 46 second(s) "
Errors encountered:;"0"
Warnings
File;"Infection";"Result"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Healed"
C:\Documents and Settings\Unknown User\Application Data\Mozilla\Firefox\Profiles\oao9jljv.default\cookies.txt;"Found Tracking cookie.Webtrends";"Healed"
Finally Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:35 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\hphmon03.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Garmin\gStart.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ThreatFire\TFService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com/adw.html?s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-19\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user')
O4 - Startup: MotionBased Agent.lnk = C:\Program Files\MotionBased\Agent\MBAgent.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.../WonSearchX.ocx
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://www.installfr...ll/iftwclix.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132521938937
O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors...ocx/WonList.ocx
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash...geUploader3.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
--
End of file - 9848 bytes
Any help would be appreciated. Thank you.
Any help would be appreciated. Thank you.