Solve : Internet slow, No Malware, PLEASE HELP? – InterviewSolution

InterviewSolution

1.	Solve : Internet slow, No Malware, PLEASE HELP?
Answer» I just reformatted a few weeks back due to a very mean Trojan. After I got Windows XP Installed, I noticed the internet was slow. I have an adsl connection. And right now, it's just a little bit faster than dial up. When I run a traceroute the 1st hop always times out. I do not have a router. Just an external adsl modem. I will include a hijackthis log and a traceroute log. Any help is really appreciated. Thanks, Logan. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Logan Sheehan>tracert www.google.com Tracing route to www.l.google.com [64.233.161.103] over a MAXIMUM of 30 hops: 1 * * * Request timed out. 2 10 ms 9 ms 10 ms 216.134.229.213 3 26 ms 24 ms 27 ms kcm-edge-02.inet.qwest.net [63.239.89.113] 4 23 ms 26 ms 23 ms kcm-core-02.inet.qwest.net [205.171.29.30] 5 51 ms 51 ms 53 ms atl-core-01.inet.qwest.net [67.14.14.2] 6 52 ms 52 ms 51 ms atl-edge-18.inet.qwest.net [205.171.21.162] 7 65 ms 65 ms 66 ms 63.144.1.6 8 64 ms 63 ms 65 ms 72.14.236.12 9 64 ms 66 ms 68 ms 216.239.49.44 10 66 ms 66 ms 64 ms 64.233.175.109 11 68 ms 67 ms 66 ms 64.233.175.169 12 65 ms 64 ms 165 ms 64.233.175.111 13 66 ms 64 ms 64 ms od-in-f103.google.com [64.233.161.103] Trace complete. C:\Documents and Settings\Logan Sheehan> Logfile of HijackThis v1.99.1 SCAN saved at 5:40:18 PM, on 6/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\urdvxc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Valve\Steam\Steam.exe C:\Documents and Settings\Logan Sheehan\Desktop\utorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon NOTIFY: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe That's the shortest HijackThis log I've ever seen. It looks very suspicious...especially the lack of O2 entries... 1. Download VundoFix and save it to your desktop. 2. Run VundoFix and click on Scan For Vundo. 3. Once it's done scanning, click on Remove Vundo. 4. When it prompts you to remove the files, click on Yes. 5. Your desktop will go blank as it's removing files. Don't worry, this is normal. 6. It will prompt you to restart your computer, so click OK. 7. When your computer is turned back on, your problem should be gone. 8. The program normally produces a Vundofix.txt file. Please locate this file and paste the contents in your next post. And then, just to be thorough... 1. Download VirtumundoBeGone and save it to your desktop. 2. Reboot into Safe Mode. 3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions. 4. Exit when it has finished and reboot back into normal mode. Vundo should now be removed from your computer. After that... Download ComboFix and save it to your desktop. Run the program and READ its disclaimer (it's fairly short) and MAKE sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls. Also, close all windows and fix the following entry with HijackThis... O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing) Enable hidden files and folders and use Pocket KillBox to delete C:\WINDOWS\System32\urdvxc.exeLooks pruned to me...

Discussion

No Comment Found

Related InterviewSolutions