Computer Running Extremely Slow (Vundo Trojan)

If asked to restart the computer, please do so immediately. Run the CCleaner programme as per these instructions. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\WAVVGE70\w[1].bin (Trojan.Agent) -> No action taken.

I have two copies of the file both created on same date and same size (20.2kb, Jan 1999) Locations are: C:\WINNT\system32\dllcache C:\WINNT\system32\ new HJT log attached - kept one item - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtuoomgh -> Delete on reboot. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. c:\RECYCLER\s-1-5-21-2907011200-645757453-568730901-1007\Dc94.exe (Trojan.Dropper) -> No action taken. page

HKEY_CLASSES_ROOT\CLSID\{af2c392c-ac67-43e3-9b71-faaf85c36892} (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\SYSTEM32\sdcvddd.dll (Trojan.Zlob.H) -> No action taken. c:\system volume information\_restore{12855640-7d70-4bd9-bbea-f3a6839fbaea}\RP73\A0037635.exe (Trojan.Agent) -> No action taken. Javascript Disabled Detected You currently have javascript disabled.

C:\System Volume Information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP891\A0057532.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\DRIVERS\smss.exe (Trojan.Agent) -> No action taken.

c:\system volume information\_restore{12855640-7d70-4bd9-bbea-f3a6839fbaea}\RP73\A0044739.exe (Trojan.Agent) -> No action taken.

c:\system volume information\_restore{12855640-7d70-4bd9-bbea-f3a6839fbaea}\RP73\A0039667.exe (Trojan.Agent) -> No action taken. click for more info The scan will begin and "Scan in progress" will show at the top. c:\documents and settings\Sarah\local settings\Temp\a.exe (Trojan.FakeAlert) -> No action taken. c:\documents and settings\Sarah\local settings\Temp\msb.dll (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.

I performed them in the order you said, not in the order they are listed here. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> No action taken. Malwarebytes' Anti-Malware 1.39 Database version: 2421 Windows 5.1.2600 Service Pack 3 7/14/2009 2:42:55 PM mbam-log-2009-07-14 (14-42-13).txt Scan type: Full Scan (C:\|) Objects scanned: 61206 Time elapsed: 1 hour(s), 53 minute(s), 11 http://wikisky.net/computer-running/need-some-help-computer-running-very-slow.html Sensationalist journalism?

HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken. c:\WINDOWS\Fonts\windef.dll (Trojan.Dropper) -> No action taken. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.

This file can be good or bad depending on it`s whereabouts on your system.

C:\WINDOWS\SYSTEM32\msxml71.dll (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\smss.exe -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\fccaBRHy.dll (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{d8b18564-fd12-468c-b273-45445c670351} (Trojan.Vundo.H) -> Delete on reboot. I ran a Norton scan and it located a Trojan.Vundo. If you have any further virus/spyware problems, please post in this thread.