[Gazmondo]

Hey, would really appreciate some help with my pc. I built it temporarily, and was by no means slow when it was first running, although now it's been used for a few weeks, (still barely anything on it) it's decided to start lagging real bad, with some websites refusing to load, google, scan and pistonheads being the most noticeable. I have read the sticky and done the necessary:

SuperAntiSpyware LOG:

SUPERAntiSpyware Scan Log
<Link hidden. Register for free to see this link!>

Generated 04/16/2008 at 12:15 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 00:09:17

Memory items scanned : 335
Memory threats detected : 2
Registry items scanned : 4072
Registry threats detected : 9
File items scanned : 7990
File threats detected : 6

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\MLJYRRPO.DLL
C:\WINDOWS\SYSTEM32\MLJYRRPO.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\JJXPVDIK.DLL
C:\WINDOWS\SYSTEM32\JJXPVDIK.DLL
HKLM\Software\Classes\CLSID\{c1906e9a-e2a4-45c8-a448-9629c4400c9f}
HKCR\CLSID\{C1906E9A-E2A4-45C8-A448-9629C4400C9F}
HKCR\CLSID\{C1906E9A-E2A4-45C8-A448-9629C4400C9F}\InprocServer32
HKCR\CLSID\{C1906E9A-E2A4-45C8-A448-9629C4400C9F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ENUQLDFK.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{c1906e9a-e2a4-45c8-a448-9629c4400c9f}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C828958A-0D2A-4EBD-BF70-DC2465BC7F92}
HKCR\CLSID\{C828958A-0D2A-4EBD-BF70-DC2465BC7F92}
HKCR\CLSID\{C828958A-0D2A-4EBD-BF70-DC2465BC7F92}\InprocServer32
HKCR\CLSID\{C828958A-0D2A-4EBD-BF70-DC2465BC7F92}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Gazmondo\Cookies\gazmondo@mediaplex[2].txt
C:\Documents and Settings\Gazmondo\Cookies\gazmondo@ad.yieldmanager[2].txt
C:\Documents and Settings\Gazmondo\Cookies\gazmondo@msnportal.112.2 o7[1].txt


MalwareBytes LOG:

Malwarebytes' Anti-Malware 1.11
Database version: 636

Scan type: Full Scan (C:\|)
Objects scanned: 45717
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jjxpvdik.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mlJYrrpo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMffFVO.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c828958a-0d2a-4ebd-bf70-dc2465bc7f92} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c828958a-0d2a-4ebd-bf70-dc2465bc7f92} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomfffvo (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\b417c6f2 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{c14e6230-757d-4246-81ce-b34e2940c722} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BMb724f56e (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljyrrpo -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljyrrpo -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jjxpvdik.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kidvpxjj.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mlJYrrpo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oprrYJlm.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oprrYJlm.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qoMffFVO.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Gazmondo\Local Settings\Temporary Internet Files\Content.IE5\GFMBCN83\CAWPAJ0P (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Gazmondo\Local Settings\Temporary Internet Files\Content.IE5\GFMBCN83\kriv[1] (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hcmvfwag.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ljJdcaxv.dll (Trojan.Vundo) -> No action taken.

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:32, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [b417c6f2] rundll32.exe "C:\WINDOWS\system32\jjxpvdik.dll",b
O4 - HKLM\..\Run: [BMb724f56e] Rundll32.exe "C:\WINDOWS\system32\hcmvfwag.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <Link hidden. Register for free to see this link!>
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3372 bytes

[SUPERAntiSpy]

You are scanning with very old (from 2/28/2008) SUPERAntiSpyware definitions, you should update your definitions and perform the scan again. You can see the current definitions here:
<Link hidden. Register for free to see this link!>

Click the Check for Updates button on the main screen and make sure your firewall is not blocking SUPERANTISPYWARE.EXE.

Nick Skrepetos
SUPERAntiSpyware.com

[kanoakavirus]

Think ef has got some competition. Ps did it start lagging after any specif changes or downloads?

[evilfantasy]

Thanks for joining up and for the input Nick. Your input is welcome any time!

Gazmondo please update SAS and do another full scan and remove anything found. I won't need the log.

Then rename HJT as shown in the removal instructions and post a new log.