Internet slow, No Malware, PLEASE HELP

[Sheehan]

I just reformatted a few weeks back due to a very mean Trojan. After I got Windows XP Installed, I noticed the internet was slow. I have an adsl connection. And right now, it's just a little bit faster than dial up. When I run a traceroute the 1st hop always times out. I do not have a router. Just an external adsl modem. I will include a hijackthis log and a traceroute log.  Any help is really appreciated. Thanks, Logan.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Logan Sheehan>tracert www.google.com

Tracing route to www.l.google.com [64.233.161.103]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2    10 ms     9 ms    10 ms  216.134.229.213
  3    26 ms    24 ms    27 ms  kcm-edge-02.inet.qwest.net [63.239.89.113]
  4    23 ms    26 ms    23 ms  kcm-core-02.inet.qwest.net [205.171.29.30]
  5    51 ms    51 ms    53 ms  atl-core-01.inet.qwest.net [67.14.14.2]
  6    52 ms    52 ms    51 ms  atl-edge-18.inet.qwest.net [205.171.21.162]
  7    65 ms    65 ms    66 ms  63.144.1.6
  8    64 ms    63 ms    65 ms  72.14.236.12
  9    64 ms    66 ms    68 ms  216.239.49.44
 10    66 ms    66 ms    64 ms  64.233.175.109
 11    68 ms    67 ms    66 ms  64.233.175.169
 12    65 ms    64 ms   165 ms  64.233.175.111
 13    66 ms    64 ms    64 ms  od-in-f103.google.com [64.233.161.103]

Trace complete.

C:\Documents and Settings\Logan Sheehan>




Logfile of HijackThis v1.99.1
Scan saved at 5:40:18 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\Logan Sheehan\Desktop\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[CBMatt]

That's the shortest HijackThis log I've ever seen.  It looks very suspicious...especially the lack of O2 entries...



1. Download VundoFix and save it to your desktop.
2. Run VundoFix and click on Scan For Vundo.
3. Once it's done scanning, click on Remove Vundo.
4. When it prompts you to remove the files, click on Yes.
5. Your desktop will go blank as it's removing files.  Don't worry, this is normal.
6. It will prompt you to restart your computer, so click OK.
7. When your computer is turned back on, your problem should be gone.
8. The program normally produces a Vundofix.txt file.  Please locate this file and paste the contents in your next post.

And then, just to be thorough...
1. Download VirtumundoBeGone and save it to your desktop.
2. Reboot into Safe Mode.
3. Once you are in Safe Mode, run VirtumundoBeGone and follow the instructions.
4. Exit when it has finished and reboot back into normal mode.  Vundo should now be removed from your computer.



After that...
Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.



Also, close all windows and fix the following entry with HijackThis...
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)

Enable hidden files and folders and use Pocket KillBox to delete C:\WINDOWS\System32\urdvxc.exe

[patio]

Looks pruned to me...