IE and Firefox really slow

[woualex]

Hi,

Since 2 days, my IE and Firefox became really slow. I can't send an email, the page still loading after 15 min. But when I download something, the speed is the usual. So, it has to be the Internet connection or some spam crap I caught. I'm pretty sure it isn't the connection, but I run like 5 scan with many programs and it didn't find anything. I made a scan with highjackthis, here's the log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:27, on 2008-03-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C222E8CF-22A4-4F02-A64C-AFCC6F4F16CF} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106009658749
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135639063531
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: mljgd - C:\WINDOWS\
O20 - Winlogon Notify: rqrpnkj - rqrpnkj.dll (file missing)
O20 - Winlogon Notify: vtuuutr - C:\WINDOWS\
O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7048 bytes

 

[woualex]

Just realized that in safe mode, the Internet just run as usual, maybe it can help (in fact, I had to post in safe mode, after 20 min of waiting in normal mode for posting this thread)

 

[woualex]

I just finish a scan with SDFix, and it found some trojan crap, here's the report:

SDFix: Version 1.161

Run by Alexandre on 2008-03-25 at 16:41

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ALEXAN~1\Bureau\SDFix

Checking Services :

Name:
NtmlSvc

Path:

NtmlSvc - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\KQDUA.DLL - Deleted
C:\WINDOWS\SYSTEM32\NEB47A~1.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~2.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~3.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~4.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~2.XML - Deleted
C:\WINDOWS\SYSTEM32\NEWJZA~3.XML - Deleted
C:\WINDOWS\hosts - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 16:47:46
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"="C:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe:*:Enabled:mserver"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\ALEXAN~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 3 Mar 2006 80 ..SHR --- "C:\WINDOWS\system32\57E29F705C.dll"
Wed 15 Aug 2007 6,652 ..SH. --- "C:\WINDOWS\system32\dgjlm.tmp"
Wed 15 Aug 2007 6,486 ..SH. --- "C:\WINDOWS\system32\dgjlm.bak1"
Tue 24 Jul 2007 12,160 ..SH. --- "C:\WINDOWS\system32\ttvwa.tmp"
Sat 9 Sep 2006 243,712 A..H. --- "C:\Documents and Settings\Alexandre\Mes documents\Alex.bak"
Sat 9 Sep 2006 165,888 A..H. --- "C:\Documents and Settings\Alexandre\Mes documents\Nicole Fournier.bak"
Wed 13 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 28 Dec 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Wed 28 Dec 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Wed 28 Dec 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Wed 24 Jul 2002 42,948 A..H. --- "C:\Documents and Settings\Alexandre\Alexandre\Bureau\JOJ_War3.exe"
Wed 24 Jul 2002 57,864 A..H. --- "C:\Documents and Settings\Alexandre\Alexandre\Bureau\JOJ_WorldEdit.exe"
Sat 16 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Oct 2005 22,528 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0004.tmp"
Tue 3 Apr 2007 56,832 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 20 May 2007 77,824 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL0853.tmp"
Sun 20 May 2007 70,144 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1251.tmp"
Sun 20 May 2007 79,360 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1635.tmp"
Sun 20 May 2007 81,920 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL1674.tmp"
Thu 2 Feb 2006 244,736 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2040.tmp"
Sun 20 May 2007 73,216 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2879.tmp"
Tue 3 Apr 2007 57,856 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL2957.tmp"
Sat 15 Sep 2007 77,312 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\Microsoft\Word\~WRL3369.tmp"
Fri 20 Jan 2006 15,616 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll"
Thu 19 Aug 2004 4,096 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll"
Mon 26 Dec 2005 638,976 A..H. --- "C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.bak"

Finished!

But, the Internet doesn't seem to be correct, it's maybe a little bit faster, but still slow. (After 10 min waiting for the "Post Quick Reply"... I reboot in safe mode and Did A Real QUICK reply).




Sorry, it really piss me off.