GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Virus which is causing my internet connection to slow/stop

View previous topic View next topic Go down

Virus which is causing my internet connection to slow/stop

Post by hem111 on Wed Jun 09, 2010 6:22 pm

Hi, I really hope you can help me.

I have been experiencing problems with my internet connection over the last few months which I suspect is due to a virus. I am running vista. I downloaded a file from a torrent site which had a virus. My AVG free/Windows defender setup did flag it up at the time but I think it was too late. My router now shows constant activity every time I switch on my pc even before I have signed in. (All lights flash very very fast) . My Local Area Connection Status window shows contstant activity with increasing bytes Sent & Received even though I am not using the internet or the network in any way.

I have again recently run avg scanners, Spybot, Panda to find and remove the virus, none of which did the job. The Panda AV scan did highlight the following file as virus but could not remove it :

c:\windows\system32\drivers\lrzjdb.sys

I google lrzjdb.sys with no results which makes me very suspicious. My ntblog.txt shows "Loaded driver \SystemRoot\System32\Drivers\lrzjdb.sys". I tried to delete the file normally, at command prompt, in safe mode and I get the message "cannot read from the source file or disk". The file itself always has a current date/time stamp on it.

If I start my PC in safe mode without networking the problem does not surface as I suspect the virus/driver is not loading then.

Am I correct in thinking this file is causing the problem. If so, I hope you guys can help me remove it and fix it.

hem111
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-08
OS : vista
Points : 23778
# Likes : 0

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by Belahzur on Wed Jun 09, 2010 11:54 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by hem111 on Thu Jun 10, 2010 1:24 pm

Thanks for your quick response. The combofix.txt is .....

ComboFix 10-06-09.02 - Emi-Turn 10/06/2010 14:06:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.944 [GMT 1:00]
Running from: c:\users\Emi-Turn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\RegGenie
c:\program files\RegGenie\RegGenie.ini
c:\users\Emi-Turn\AppData\Roaming\inst.exe
c:\windows\1614915101.dll
c:\windows\1614915102.dll
c:\windows\161491591.dll
c:\windows\161491592.dll
c:\windows\1616925101.dll
c:\windows\1616925102.dll
c:\windows\161692591.dll
c:\windows\161692592.dll
c:\windows\RegGenieOnUninstall.exe
c:\windows\system32\install.exe
c:\windows\system32\drivers\lrzjdb.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_lrzjdb
-------\Service_lrzjdb


((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-10 13:10 . 2010-06-10 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-10 13:04 . 2010-06-10 13:05 -------- d-----w- C:\32788R22FWJFW
2010-06-09 15:12 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 15:12 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 15:12 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 15:11 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 18:17 . 2010-06-08 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 18:17 . 2010-06-08 18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-08 13:07 . 2010-06-08 18:06 -------- d-----w- c:\program files\Unlocker
2010-06-08 09:04 . 2010-06-08 13:19 -------- d-----w- c:\program files\Panda Security
2010-06-07 13:45 . 2010-06-07 13:45 68672 ----a-w- c:\windows\system32\drivers\2WirePCP.sys
2010-06-07 13:45 . 2010-06-07 13:45 -------- d-----w- c:\windows\2Wire.0000
2010-06-01 13:48 . 2010-06-01 13:48 -------- d-----w- c:\users\Emi-Turn\AppData\Roaming\PandoraRecovery
2010-06-01 13:48 . 2010-06-01 13:48 -------- d-----w- c:\program files\Pandora Recovery
2010-05-26 08:14 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-12 13:12 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 13:14 . 2010-02-20 14:22 860672 ----a-w- c:\windows\system32\drivers\lrzjdb.sys
2010-06-10 13:11 . 2008-04-20 14:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-10 08:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-04 16:24 . 2010-02-27 18:41 -------- d-----w- c:\programdata\IRIS Software Ltd
2010-06-03 08:34 . 2010-02-28 16:09 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 08:34 . 2008-08-03 17:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-07 16:47 . 2010-04-16 16:22 -------- d-----w- c:\users\Emi-Turn\AppData\Roaming\uTorrent
2010-05-07 08:08 . 2007-02-26 20:33 -------- d-----w- c:\program files\Java
2010-04-27 18:03 . 2010-04-27 18:03 -------- d-----w- c:\users\Emi-Turn\AppData\Roaming\GARMIN
2010-04-16 16:23 . 2007-07-02 19:47 -------- d-----w- c:\program files\uTorrent
2010-04-12 16:29 . 2010-05-07 08:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\System32\CdI5T.drv
2006-11-22 14:57 . 2006-11-22 14:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Snappy Fax"="c:\program files\Snappy Fax Version 4\sf4.exe" [2008-02-28 13649408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Snappy Fax Printer Agent"="c:\program files\Snappy Fax Version 4\sfpagent.exe" [2007-07-19 94208]
"Snappy Fax Printer virtual printer agent"="c:\program files\Snappy Fax Version 4\sfpagent.exe" [2007-07-19 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

c:\users\Emi-Turn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Table Of Contents.onetoc2 [2010-5-17 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\windows\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2007-8-21 1718]
Printfil.lnk - c:\program files\Printfil\Printfil.exe [2010-3-11 888320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-03-17 15:56 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-09-28 23:58 43008 ----a-w- c:\windows\System32\WFXSNT40.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9d,65,f4,74,44,27,ca,01

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{7FA63A1F-71E5-4D08-B131-92727CEBAF46}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{82E8B1D0-B752-4D1D-980F-E909C72B4602}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{8A0B99A4-9BF9-44F0-9ABA-1AA85F830ECA}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{F4AD60EF-1835-4155-9019-2B85B43A4079}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -

BHO-{e2653163-ddb8-46fc-8901-3882d07504e5} - (no file)
HKLM-Run-NWEReboot - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-10 14:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-06-10 14:20:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 13:20

Pre-Run: 227,837,911,040 bytes free
Post-Run: 227,880,456,192 bytes free

- - End Of File - - 63A3EC853D33107298AA323EE173D59E

hem111
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-08
OS : vista
Points : 23778
# Likes : 0

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by Belahzur on Thu Jun 10, 2010 9:06 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\windows\system32\drivers\lrzjdb.sys

    Driver::
    lrzjdb

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by hem111 on Fri Jun 11, 2010 9:23 am

Hi,

ComboFix 10-06-10.03 - Emi-Turn 11/06/2010 9:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1155 [GMT 1:00]
Running from: c:\users\Emi-Turn\Desktop\ComboFix.exe
Command switches used :: c:\users\Emi-Turn\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\lrzjdb.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\lrzjdb.sys

.
((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-11 08:37 . 2010-06-11 09:16 -------- d-----w- c:\users\Emi-Turn\AppData\Local\temp
2010-06-11 08:37 . 2010-06-11 08:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-11 08:37 . 2010-06-11 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-11 08:29 . 2010-06-11 08:29 -------- d-----w- C:\32788R22FWJFW
2010-06-09 15:11 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 18:17 . 2010-06-08 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 18:17 . 2010-06-08 18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-08 13:07 . 2010-06-08 18:06 -------- d-----w- c:\program files\Unlocker
2010-06-08 09:04 . 2010-06-08 13:19 -------- d-----w- c:\program files\Panda Security
2010-06-07 13:45 . 2010-06-07 13:45 68672 ----a-w- c:\windows\system32\drivers\2WirePCP.sys
2010-06-07 13:45 . 2010-06-07 13:45 -------- d-----w- c:\windows\2Wire.0000
2010-06-01 13:48 . 2010-06-01 13:48 -------- d-----w- c:\users\Emi-Turn\AppData\Roaming\PandoraRecovery
2010-06-01 13:48 . 2010-06-01 13:48 -------- d-----w- c:\program files\Pandora Recovery
2010-05-26 08:14 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-12 13:12 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 08:38 . 2008-04-20 14:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-10 08:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-04 16:24 . 2010-02-27 18:41 -------- d-----w- c:\programdata\IRIS Software Ltd
2010-06-03 08:34 . 2010-02-28 16:09 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 08:34 . 2008-08-03 17:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 17:06 . 2010-06-09 15:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 15:12 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-07 16:47 . 2010-04-16 16:22 -------- d-----w- c:\users\Emi-Turn\AppData\Roaming\uTorrent
2010-05-07 08:08 . 2007-02-26 20:33 -------- d-----w- c:\program files\Java
2010-05-04 05:59 . 2010-06-09 15:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 15:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 15:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 15:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-27 18:03 . 2010-04-27 18:03 -------- d-----w- c:\users\Emi-Turn\AppData\Roaming\GARMIN
2010-04-16 16:23 . 2007-07-02 19:47 -------- d-----w- c:\program files\uTorrent
2010-04-12 16:29 . 2010-05-07 08:08 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 17:01 . 2010-06-09 15:12 67072 ----a-w- c:\windows\system32\asycfilt.dll
2002-04-16 11:27 . 2002-04-16 11:27 5 --sha-w- c:\windows\System32\CdI5T.drv
2006-11-22 14:57 . 2006-11-22 14:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Snappy Fax"="c:\program files\Snappy Fax Version 4\sf4.exe" [2008-02-28 13649408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Snappy Fax Printer Agent"="c:\program files\Snappy Fax Version 4\sfpagent.exe" [2007-07-19 94208]
"Snappy Fax Printer virtual printer agent"="c:\program files\Snappy Fax Version 4\sfpagent.exe" [2007-07-19 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

c:\users\Emi-Turn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Table Of Contents.onetoc2 [2010-5-17 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\windows\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2007-8-21 1718]
Printfil.lnk - c:\program files\Printfil\Printfil.exe [2010-3-11 888320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-03-17 15:56 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
2000-09-28 23:58 43008 ----a-w- c:\windows\System32\WFXSNT40.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9d,65,f4,74,44,27,ca,01

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-03 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{7FA63A1F-71E5-4D08-B131-92727CEBAF46}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{82E8B1D0-B752-4D1D-980F-E909C72B4602}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{8A0B99A4-9BF9-44F0-9ABA-1AA85F830ECA}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]

2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{F4AD60EF-1835-4155-9019-2B85B43A4079}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-11 10:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-06-11 10:20:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-11 09:19
ComboFix2.txt 2010-06-10 13:20

Pre-Run: 231,151,767,552 bytes free
Post-Run: 230,994,374,656 bytes free

- - End Of File - - 598484FC4E04D7EDDC683323FC601F68

hem111
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-08
OS : vista
Points : 23778
# Likes : 0

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by Belahzur on Fri Jun 11, 2010 12:39 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by hem111 on Fri Jun 11, 2010 12:50 pm

Thanks for the quick response again. I have uninstalled combofix and am running the eset scan. Should I post the contents of ESET log.txt?

hem111
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-08
OS : vista
Points : 23778
# Likes : 0

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by hem111 on Fri Jun 11, 2010 2:09 pm

Hi. ESET reported No Threats Found. Does this mean the problem has been fixed?

hem111
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-08
OS : vista
Points : 23778
# Likes : 0

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by Belahzur on Sat Jun 12, 2010 9:19 pm

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Virus which is causing my internet connection to slow/stop

Post by hem111 on Tue Jun 15, 2010 8:26 am

Hi,

I have run the machine now for a few days and all looks good. No more connection problems!!

Thank you for all your efforts. It is much appreciated and I will be making a donation to your site.

hem111
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2010-06-08
OS : vista
Points : 23778
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum