Well I've tried everything:
Malwarebytes, Spyware Doctor, Bitdefender (with online support), Combofix, gmer tools, Spybot Search & Destroy, and many more.
Combofix says that system file is infected (ndis.sys "...The file is a Windows core system file. The program is not visible. It is a Microsoft signed file. The service has no detailed description. NDIS.sys seems to be a compressed file. Therefore the technical security rating is 1% dangerous, however also read the users reviews. " - copy from one website). After normal scan it reboots computer and does a full scan before services are started. After that everything looks normal, at least for a while. After couple of minutes the system again starts bugging, everything is slowed up, connection if almost invisible, and it stops and starts in extremely big rates. Should I mention how is this all frustrating?! Rhetorical question.
Well that's for Combofix anyways.
Bitdefender has also successfully deleted and/or disinfected the file(for several times) but after some time, or rebooting everything is again the same. Same thing with other anti virus , anti spyware, rootkits any malicious software removal tools I've used. Bitdefender says that my system is infected with Rootkit.Agent.AJBY, referring to path c:\WINDOWS\system32\drivers\tcpsr.sys. I've been very surprised to find out that I couldn't find much information about this infection. "tcpsr.sys" infection was a reason of my low internet activity , but root of my problem was ndis.sys. Although those massive scans didn't resolve my problem they did help me a lot to find out what exactly was cause of problems. NDIS.sys is system file, and a Windows root file, it cannot be removed that "easily" or changed.
It was human versus machine and human was losing. Then it came up to me: "Why shouldn't I try manual replacing of the file?" It was a desperate try (yes I could always do format but stubborn as I am I simply didn't want to give up). Anyways it's a small file but I couldn't find it anywhere on internet to download. Then I've tried my luck on MSN. I've told one of my friends a problem I've been having and he sent me that file(He is also using Windows XP2 like me). Since you can't save that file under "sys" extension on hdd I saved simply like "NDIS", then copied it to USB and renamed itto "ndis.sys". After that I used program called Killbox (http://killbox.net/
) and with it successfully replaced it. After reboot everything was back to normal and then Spyware Doctor easily removed leftovers.
Later I remembered SFC (system File Checker) command. Somehow I completely forgot about it. Damn (forgive me please)
I should mention that I am not computer specialist, programmer, or maintenance "wizzard". I was simply using my logic.
Brain is the strongest "computer", and any machine made of "pipes" chip and wires cannot replace it.
Oh yes, human versus machine 1:0.
I hope this thread will help someone to solve this issue.
Edited by stormec, 03 December 2009 - 06:23 PM.