Bandwidth Mystery, help!

[Zurles]

Sup, well..

i once foolish clicked a porno link, and yep, i got some kind of virus.
i use AVG antivirus, freeversion and at first, my computer was saying that my version of windows is counterfeit. so ok i followed the instructions on this site, ran all the antivirus, safe mode.. step by step, perfect...

ok so the counterfeit problem is gone, windows now recognizes itself as genuine, and everything else is fine. except for one problem my internet speed is up and down like a yo-yo. i'm from the uk and i use the adsl service freedom 2 surf. so i ring the tech support, they their latency to me is around 1500ms, which should be around 17. so i turn my computer off and he says the latency to me becomes 17. which is perfect. there are 3 computers on my network. 1 is broken, 1 is a wireless laptop which works perfectly online if it runs without this computer on at the same time. and this one, which is wired and the latency turns huge every for long lengths of time, and is rarely what it should be. it is making things unplayable and i have no idea how to remove it. i have followed every step and have since deleted the logs because i thought the problem was fixed.

before i am forced to do the WHOLE procedure all over again, which takes a damn few hours on my computer. is there any easy simple method to attempt to fix this? what should i do?.. thanks, Dean

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

If you`ve already followed the above instructions, then post the log files as requested below.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

k, avg found nothing thats why i didnt post

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {3301A7C2-0ABD-11D4-914D-00C04F610D24} - D:\WINDOWS\system\comcrt32.dll

O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - (no file)

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -

O20 - Winlogon Notify: WBSrv - D:\WINDOWS\<Only fix this, if you`re not running Stardock/Windowblinds.

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

D:\WINDOWS\system\comcrt32.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

it's perfect right now, thanks

 

[howard_hopkinso]

Your HJT log is as clean as a whistle.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

HJT log 8D

problem with internet connection, up and down like yo-yo, this has happened before, its came back, mighta gotten some spyware, and you guys rocked last time

 

[howard_hopkinso]

I have merged your new thread into this one.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - (no file)

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -

Click on the fix checked button.

Close HJT and reboot your computer.

Other than the above, your HJT log is clean.

Contact your ISP and see if they are having any problems in your area.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

came back on and its all back 8D, but slightly more, werid, here it is

 

[howard_hopkinso]

I agree, that is wierd.

Go HERE and follow the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard


This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

i already did it that and it didnt find anything

what to do!

 

[howard_hopkinso]

Download and install one of the firewall programmes in this thread HERE.

Then, run HJT and fix these entries.

O2 - BHO: (no name) - {3301A7C2-0ABD-11D4-914D-00C04F610D24} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - (no file)

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -

Reboot your computer and post a fresh HJT log.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

>.< already got avg installed, sorry for doublepost, accidental didnt want to seem impatient or obnocious

 

[howard_hopkinso]

AVG free is an antivirus programme not a firewall. It will stop viruses, but won`t do anything to stop your system from being hacked. That`s why you need some firewall software.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

i have a firewall built into my router, i have a firewall with windows, and a firewall with norton

 

[howard_hopkinso]

Ok, in that case do the following.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Fix the entries I pointed out in my post above.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

they're still there when i reboot in normal mode, followed everything exactly

 

[howard_hopkinso]

That`s strange.

I`d like you to disable SS&D teatimer as it may be stopping the fix.

# Run Spybot-S&D in Advanced Mode.
# If it is not already set to do this Go to the Mode menu select "Advanced Mode"
# On the left hand side, Click on Tools
# Then click on the Resident Icon in the List
# Uncheck "Resident TeaTimer" and OK any prompts.
# Restart your computer.

Now run HJT and fix the entries I suggested in normal mode. Reboot your system again and run a HJT scan. See if the entries still show up.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

it's gone, problems fixed, you're the man

 

[howard_hopkinso]

Excellent, don`t forget to re-enable SS&D teatimer.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Zurles]

k problem came back and i cant contact my isp until monday,
all the anti spyware scans and all that precedure get nothing, so heres the log, anything that could be doing it?

 

[howard_hopkinso]

Your HJT log is still clean.

Unfortunately, you`ll need to contact your ISP on monday and see what they say.

Regards Howard

This thread is for the use of Zurles only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.