Internet speed drops whenever my laptop connects

March 23, 2015 at 14:49:02
Specs: Windows 7
Hello,

I've been facing a very strange problem for last 2 months or so. I have a 4Mbps internet connection and its wifi works perfectly on all the devices (iphone, Galaxy Tab, Galaxy s4 etc ) but when I switch on my laptop, internet works fine for sometime like 10-15 mints , after that the whole network speed drops tremendously (ping rate goes higher and internet speed drops down to 0.5-1 mbps) and i would not be able to get good speed in any of my devices as if it has affected the whole wifi network. I use Netspeedtest app on my iphone to observe the whole scenario. And when i switch off my laptop's wifi, internet speed comes back to normal in a matter of few minutes.

I have already tried following.

1) I tried ethernet cable, problem was still there meaning there was nothing wrong with my WLAN card.
2) Someone told me, it could be virus, so i installed Bitdefender and ran the scan, it removed few viruses and laptop started working properly but just for a day or two then the same problem started again. I ran the scan again and it found no virus (anti Virus is fully updated) But now the problem is still there.
3) Also tried a different browser, no improvement. Though i use google chrome normally.

That's the whole situation i'm experiencing. It's really annoying, i mean this laptop is of no use to me now and i get frustrated whenever i have to use it :(

I would really appreciate if someone could help me out. Thanks in advance.


See More: Internet speed drops whenever my laptop connects

Report •


#1
March 23, 2015 at 15:37:23
I would doubt it's a virus but it is possible. These three programs would be better at checking it out because they often find what AV's miss, particularly malware which can be as bad as a virus:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
http://filehippo.com/download_malwa...
(green Download button top right - not anything else on the page)
Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy/paste the logs on here if anything is found.

Always pop back and let us know the outcome - thanks


Report •

#2
March 23, 2015 at 15:43:31
Okay thanks, Derek. I'll post the results here right after the scan.
But you said you doubt it's a virus, if it's not a virus what do you think it is?

Report •

#3
March 23, 2015 at 15:47:29
And please tell me should i run these all three tools you mentioned or just the one you would like to recommend?

Report •

Related Solutions

#4
March 23, 2015 at 15:52:37
Lets make sure there isn't an obvious virus or malware issue first. If not we need to fathom out what might be happening as the symptoms are unusual.

Run all three programs in the order given one at a time because they look for different things. By all means post the logs back one at a time if that is neater for you.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#5
March 23, 2015 at 15:54:43
Run each one, one at a time. Post the logs back here (copy/paste) for others to review.

You have to be a little bit crazy to keep you from going insane.


Report •

#6
March 23, 2015 at 16:07:58
Ok thanks, i get it.
I'll post the log here one by one once i'm done.

Report •

#7
March 24, 2015 at 13:42:41
There are the logs i got after running above mentioned tools.

Each one of them detected some of the malwares running on my laptop and cleaned after that but the sad thing is my problem is still there :( Internet is still lagging like it used to be.

AdxCleaner:

# AdwCleaner v4.113 - Logfile created 24/03/2015 at 06:44:23
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Nauman Akram - NAUMANAKRAM-PC
# Running from : C:\Users\Nauman Akram\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : IBUpdaterService
Service Found : SPBIUpd
Service Found : SPBIUpdd

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.williamhill.com_0.localstorage
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.williamhill.com_0.localstorage-journal
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Nauman Akram\AppData\LocalLow\SkwConfig.bin
File Found : C:\Windows\System32\dmwu.exe
File Found : C:\Windows\System32\ImhxxpComm.dll
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Gophoto.it
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Nauman Akram\AppData\Local\Bundled software uninstaller
Folder Found : C:\Users\Nauman Akram\AppData\Local\globalUpdate
Folder Found : C:\Users\Nauman Akram\AppData\Local\onlysearch
Folder Found : C:\Users\Nauman Akram\AppData\LocalLow\Delta
Folder Found : C:\Users\Nauman Akram\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\Nauman Akram\AppData\Roaming\Babylon
Folder Found : C:\Users\Nauman Akram\AppData\Roaming\Delta
Folder Found : C:\Users\Nauman Akram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found : C:\Users\Nauman Akram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Found : C:\Users\Nauman Akram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\Nauman Akram\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\torntv@torntv.com.xpi
Folder Found : C:\Windows\System32\ARFC
Folder Found : C:\Windows\System32\ljkb
Folder Found : C:\Windows\SysWOW64\ARFC
Folder Found : C:\Windows\SysWOW64\BrowserProtect
Folder Found : C:\Windows\SysWOW64\jmdp
Folder Found : C:\Windows\SysWOW64\WNLT

***** [ Scheduled tasks ] *****

Task Found : ShopperPro
Task Found : ShopperProJSUpd
Task Found : SPDriver

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8555;hxxps=127.0.0.1:8555
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5d0d7dfe169ba15
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Classes\keepmysearch
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Goobzo
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\incredibar.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\ShopperPro
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\WNLT
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\BabylonToolbar
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Goobzo
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : [x64] HKCU\Software\ShopperPro
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\5d0d7dfe169ba15
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\d
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\FTDownloader
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Goobzo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\SOFTWARE\IB Updater
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\SOFTWARE\PerformerSoft
Key Found : HKLM\SOFTWARE\ShopperPro
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\WNLT
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : [x64] HKLM\SOFTWARE\IB Updater
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Key Found : [x64] HKLM\SOFTWARE\SweetIM
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\WNLT
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.delta-search.com/?affID=119816&tt=130313_80nocr&babsrc=NT_ss&mntrId=669600FF0139C9C1
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://search.babylon.com/?affID=119816&tt=130313_80nocr&babsrc=HP_ss_din2g&mntrId=669600FF0139C9C1

-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.101

*************************

AdwCleaner[R0].txt - [17954 bytes] - [24/03/2015 06:44:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18014 bytes] ##########


Report •

#8
March 24, 2015 at 13:43:26
JRT Log:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x64
Ran by Nauman Akram on 25-Mar-15 at 0:14:51.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551110}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411821192}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Nauman Akram\appdata\local\{096902DA-1A83-4350-AA63-F90123B273FF}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25-Mar-15 at 0:18:41.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#9
March 24, 2015 at 13:44:18
Malwarebytes:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/03/25 00:32:00 +0500</date>
<logfile>mbam-log-2015-03-25 (00-31-37).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.01.4.1018</version>
<malware-database>v2015.03.24.08</malware-database>
<rootkit-database>v2015.02.25.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7</osversion>
<arch>x64</arch>
<username>Nauman Akram</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>363524</objects>
<time>1969</time>
<processes>0</processes>
<modules>0</modules>
<keys>3</keys>
<values>1</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKU\S-1-5-18\SOFTWARE\SweetIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>b1a72128bbcf02345cd67f45ed16d828</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\iWebar</path><vendor>PUP.Optional.iWebar.A</vendor><action>success</action><hash>8ccc82c72d5d979f615007b6e3206b95</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\WNLT</path><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><hash>b7a1a7a2f09a9d9982eef62c15f0d22e</hash></key>
<value><path>HKU\S-1-5-18\SOFTWARE\WNLT</path><valuename>URL</valuename><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><valuedata>MYSTART</valuedata><hash>b7a1a7a2f09a9d9982eef62c15f0d22e</hash></value>
<file><path>C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\chromepreferences</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>replaced</action><baddata> "homepage_url": "http://www.sweetpacks.com",</baddata><gooddata></gooddata><hash>64f4b19898f2171f8970de55e6206799</hash></file>
<file><path>C:\Users\Nauman Akram\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>replaced</action><baddata> "homepage_url": "http://www.sweetpacks.com",</baddata><gooddata></gooddata><hash>273149004a409e9862973ff4897d3dc3</hash></file>
</items>
</mbam-log>


Report •

#10
March 24, 2015 at 13:47:08
@Derek
So what do you think what's the problem, do you see any? i'm just so confused whats's happening :(

Report •

#11
March 24, 2015 at 15:32:46
I can't be certain whether your reported issue is anything to do with malware/viruses but the three programs certainly found some - far better off without it anyhow.

When you get that much it is best to go for a full malware clean on your computer anyhow, then if the problem still remains it can be tackled knowing malware is not the issue.

I will ask a helper (Johnw from Australia) to come in if he is available. He is a specialist on malware removal and will probably take you through some other programs to remove whatever else is still lurking.

Don't worry, you did well and these things happen quite frequently. Let's get your computer cleaned up.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#12
March 24, 2015 at 15:49:13
Nice work Nauman91

Next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#13
March 25, 2015 at 00:08:16
Derek, I have already run the fulll scan on my computer through Bitdefender, it says my computer is clean, found no virus. But the problme still remains.
Also I want to ask one more thing, are you certain its the software issue and not the hardware one?

Report •

#14
March 25, 2015 at 00:11:31
Thank you Johnw for participating :)
Ok i'll get back to you with the results after i run the tool you just mentioned. I hope it works.

Report •

#15
March 25, 2015 at 03:05:13
Here is the link for FRST.txt
http://www20.zippyshare.com/v/MiCuw...

Report •

#16
March 25, 2015 at 03:06:48

Report •

#17
March 25, 2015 at 03:07:08
Got it, one to go.

message edited by Johnw


Report •

#18
March 25, 2015 at 03:07:39
"I have already run the fulll scan on my computer through Bitdefender, it says my computer is clean, found no virus"
Once you get these type of nasties, an AV is of no value, once I get you clean, I shall explain how you got them.

"Also I want to ask one more thing, are you certain its the software issue and not the hardware one?"
It's impossible to know at this stage, first things first, you must be infection free.

I shall have the next step ready in about 15 mins.


Report •

#19
March 25, 2015 at 03:18:52
We are in the process of dismantling your nasties, bit by bit. As Derek says, this is your first priorority.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
cmd: netsh winsock reset
cmd: ipconfig /flushdns
Task: {06AB30FD-5A06-4C47-9871-4E051C654974} - \UNELEVATE_18810 No Task File <==== ATTENTION
Task: {1F2E5F65-E3C9-4DB8-8E7F-6E3A1563003E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {34DE0F77-5809-4BCC-8D31-B17A74A39A31} - \UNELEVATE_284 No Task File <==== ATTENTION
Task: {7BF42B28-1006-414D-B244-8AC2933E18B7} - \UNELEVATE_29711 No Task File <==== ATTENTION
Task: {868176FF-C65E-4E8B-B7EE-42244F073523} - \SPBIW_UpdateTask_Time_343234323736313932392d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {B736BE60-B0AF-4366-A167-5A8BD0569314} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\LavasoftTcpService.dll:BDU
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Nauman Akram\Desktop\Adaware_Installer.exe:BDU
AlternateDataStreams: C:\Users\Nauman Akram\Desktop\FRST.exe:BDU
AlternateDataStreams: C:\Users\Nauman Akram\Desktop\FRST64.exe:BDU
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {1a38e07b-87f5-11e2-8497-c80aa9cab610} - H:\Setup.exe
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {2b623d5e-9b66-11e2-becc-c80aa9cab610} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {faaecd7e-dd75-11e2-83d1-c80aa9cab610} - H:\AutoRun.exe
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {faaecd81-dd75-11e2-83d1-c80aa9cab610} - H:\AutoRun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
S1 bafexapr; \??\C:\Windows\system32\drivers\bafexapr.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S1 cxmqlhrp; \??\C:\Windows\system32\drivers\cxmqlhrp.sys [X]
S1 dgrcpdmp; \??\C:\Windows\system32\drivers\dgrcpdmp.sys [X]
S1 gpjjfebl; \??\C:\Windows\system32\drivers\gpjjfebl.sys [X]
S1 kplutygc; \??\C:\Windows\system32\drivers\kplutygc.sys [X]
S1 krhosksw; \??\C:\Windows\system32\drivers\krhosksw.sys [X]
S1 laaidiil; \??\C:\Windows\system32\drivers\laaidiil.sys [X]
S1 lghgpotz; \??\C:\Windows\system32\drivers\lghgpotz.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 nptiqxzx; \??\C:\Windows\system32\drivers\nptiqxzx.sys [X]
S1 ntdtchhe; \??\C:\Windows\system32\drivers\ntdtchhe.sys [X]
S1 oatdlsan; \??\C:\Windows\system32\drivers\oatdlsan.sys [X]
S1 qprejujd; \??\C:\Windows\system32\drivers\qprejujd.sys [X]
S2 SPDRIVER_1.39.0.1590; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.39.0.1590\jsdrv.sys [X]
S1 unxxkcxe; \??\C:\Windows\system32\drivers\unxxkcxe.sys [X]
C:\ProgramData\win_mpwd_sys.dat

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#20
March 25, 2015 at 09:04:21
Keep going, you are doing fine. It probably seems a tedious process but that is normal and you are gradually getting there. I'm sure the outcome will be a virus / malware free computer. Then we can see what further, if anything, needs looking at.

Always pop back and let us know the outcome - thanks


Report •

#21
March 25, 2015 at 13:08:22
Johnw, here are the contents of Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Nauman Akram at 2015-03-26 00:56:18 Run:1
Running from C:\Users\Nauman Akram\Desktop
Loaded Profiles: Nauman Akram (Available profiles: Nauman Akram)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
cmd: netsh winsock reset
cmd: ipconfig /flushdns
Task: {06AB30FD-5A06-4C47-9871-4E051C654974} - \UNELEVATE_18810 No Task File <==== ATTENTION
Task: {1F2E5F65-E3C9-4DB8-8E7F-6E3A1563003E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {34DE0F77-5809-4BCC-8D31-B17A74A39A31} - \UNELEVATE_284 No Task File <==== ATTENTION
Task: {7BF42B28-1006-414D-B244-8AC2933E18B7} - \UNELEVATE_29711 No Task File <==== ATTENTION
Task: {868176FF-C65E-4E8B-B7EE-42244F073523} - \SPBIW_UpdateTask_Time_343234323736313932392d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {B736BE60-B0AF-4366-A167-5A8BD0569314} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\LavasoftTcpService.dll:BDU
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\Nauman Akram\Desktop\Adaware_Installer.exe:BDU
AlternateDataStreams: C:\Users\Nauman Akram\Desktop\FRST.exe:BDU
AlternateDataStreams: C:\Users\Nauman Akram\Desktop\FRST64.exe:BDU
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {1a38e07b-87f5-11e2-8497-c80aa9cab610} - H:\Setup.exe
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {2b623d5e-9b66-11e2-becc-c80aa9cab610} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {faaecd7e-dd75-11e2-83d1-c80aa9cab610} - H:\AutoRun.exe
HKU\S-1-5-21-362216462-1493851779-2920380214-1000\...\MountPoints2: {faaecd81-dd75-11e2-83d1-c80aa9cab610} - H:\AutoRun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
S1 bafexapr; \??\C:\Windows\system32\drivers\bafexapr.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S1 cxmqlhrp; \??\C:\Windows\system32\drivers\cxmqlhrp.sys [X]
S1 dgrcpdmp; \??\C:\Windows\system32\drivers\dgrcpdmp.sys [X]
S1 gpjjfebl; \??\C:\Windows\system32\drivers\gpjjfebl.sys [X]
S1 kplutygc; \??\C:\Windows\system32\drivers\kplutygc.sys [X]
S1 krhosksw; \??\C:\Windows\system32\drivers\krhosksw.sys [X]
S1 laaidiil; \??\C:\Windows\system32\drivers\laaidiil.sys [X]
S1 lghgpotz; \??\C:\Windows\system32\drivers\lghgpotz.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 nptiqxzx; \??\C:\Windows\system32\drivers\nptiqxzx.sys [X]
S1 ntdtchhe; \??\C:\Windows\system32\drivers\ntdtchhe.sys [X]
S1 oatdlsan; \??\C:\Windows\system32\drivers\oatdlsan.sys [X]
S1 qprejujd; \??\C:\Windows\system32\drivers\qprejujd.sys [X]
S2 SPDRIVER_1.39.0.1590; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.39.0.1590\jsdrv.sys [X]
S1 unxxkcxe; \??\C:\Windows\system32\drivers\unxxkcxe.sys [X]
C:\ProgramData\win_mpwd_sys.dat
*****************

Processes closed successfully.

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06AB30FD-5A06-4C47-9871-4E051C654974}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06AB30FD-5A06-4C47-9871-4E051C654974}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_18810" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F2E5F65-E3C9-4DB8-8E7F-6E3A1563003E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F2E5F65-E3C9-4DB8-8E7F-6E3A1563003E}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34DE0F77-5809-4BCC-8D31-B17A74A39A31}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34DE0F77-5809-4BCC-8D31-B17A74A39A31}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_284" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BF42B28-1006-414D-B244-8AC2933E18B7}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BF42B28-1006-414D-B244-8AC2933E18B7}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_29711" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{868176FF-C65E-4E8B-B7EE-42244F073523}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{868176FF-C65E-4E8B-B7EE-42244F073523}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_343234323736313932392d3437415a556c2a3223346c41" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B736BE60-B0AF-4366-A167-5A8BD0569314}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B736BE60-B0AF-4366-A167-5A8BD0569314}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => Key Deleted successfully.
C:\Windows\SysWOW64\LavasoftTcpService.dll => ":BDU" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Users\Nauman Akram\Desktop\Adaware_Installer.exe => ":BDU" ADS removed successfully.
C:\Users\Nauman Akram\Desktop\FRST.exe => ":BDU" ADS removed successfully.
C:\Users\Nauman Akram\Desktop\FRST64.exe => ":BDU" ADS removed successfully.
"HKU\S-1-5-21-362216462-1493851779-2920380214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a38e07b-87f5-11e2-8497-c80aa9cab610}" => Key deleted successfully.
HKCR\CLSID\{1a38e07b-87f5-11e2-8497-c80aa9cab610} => Key not found.
"HKU\S-1-5-21-362216462-1493851779-2920380214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b623d5e-9b66-11e2-becc-c80aa9cab610}" => Key deleted successfully.
HKCR\CLSID\{2b623d5e-9b66-11e2-becc-c80aa9cab610} => Key not found.
"HKU\S-1-5-21-362216462-1493851779-2920380214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faaecd7e-dd75-11e2-83d1-c80aa9cab610}" => Key deleted successfully.
HKCR\CLSID\{faaecd7e-dd75-11e2-83d1-c80aa9cab610} => Key not found.
"HKU\S-1-5-21-362216462-1493851779-2920380214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{faaecd81-dd75-11e2-83d1-c80aa9cab610}" => Key deleted successfully.
HKCR\CLSID\{faaecd81-dd75-11e2-83d1-c80aa9cab610} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
"HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
bafexapr => Service deleted successfully.
clwvd => Service deleted successfully.
cxmqlhrp => Service deleted successfully.
dgrcpdmp => Service deleted successfully.
gpjjfebl => Service deleted successfully.
kplutygc => Service deleted successfully.
krhosksw => Service deleted successfully.
laaidiil => Service deleted successfully.
lghgpotz => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
nptiqxzx => Service deleted successfully.
ntdtchhe => Service deleted successfully.
oatdlsan => Service deleted successfully.
qprejujd => Service deleted successfully.
SPDRIVER_1.39.0.1590 => Service deleted successfully.
unxxkcxe => Service deleted successfully.
C:\ProgramData\win_mpwd_sys.dat => Moved successfully.
EmptyTemp: => Removed 499.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 00:56:33 ====


Report •

#22
March 25, 2015 at 15:54:15
Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

#23
March 25, 2015 at 16:11:00
Johnw, does it actually work? I mean I've never installed or used such type of tools before. Actually i'm being extra careful about this issue and that's why i'm afraid it shouldn't harm my PC anymore. Hope you understand.

Report •

#24
March 25, 2015 at 16:14:28
And also when will i know that my PC is all cleaned up? I'd apprecaite if you could tell me a little more about this. Thanks

Report •

#25
March 25, 2015 at 16:14:54
" Hope you understand"
Fully Nauman91, proceed, a user has got the comp into a big mess & we now have to use these special tools, nothing else will work.

Report •

#26
March 26, 2015 at 06:57:41
Johnw and Derek, there is one thing which I forgot to mention at the start which might have helped you in guessing my issue more clearly. The thing is whenever my internet starts crashing, the only thing which remains unaffected is "uTorrent" , it keeps giving me perfect downloading speed. Its a strange behavior i know, do you guys have any idea why is it so?

Report •

#27
March 26, 2015 at 07:00:06
Johnw, I'm going to start working on ComboFix tool, will get back to you in a while. Thanks

Report •

#28
March 26, 2015 at 07:55:57
Here is the link for ComboFix.txt

http://www23.zippyshare.com/v/inXdY...


Report •

#29
March 26, 2015 at 08:00:55
Re #91.
"the only thing which remains unaffected is "uTorrent"
Torrents have a poor reputation for viruses - anything could have happened.

Keep going with John. It is a matter of removing these nasties layer by layer, with bigger guns as necessary.

Always pop back and let us know the outcome - thanks


Report •

#30
March 26, 2015 at 10:51:51
Thanks folks. Back to bed fro me.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#31
March 26, 2015 at 11:04:47
Johnw, could you please tell me when will it be all cleaned up? I mean how many tests do i have to run more and on what basis you recommend these particular tools to run? Please tell me a little about this, just for the sake of my info...I'd really appreciate that. Thanks

message edited by Nauman91


Report •

#32
March 26, 2015 at 11:39:04
RKreport[1].txt

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Nauman Akram [Administrator]
Started from : C:\Users\Nauman Akram\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/26/2015 23:36:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 71fd0e0ef8c4e4a7113576363ad331f9
[BSP] fcaa4a9211ca08f4b69a5463ea23cb91 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_03262015_233146.log - RKreport_SCN_03262015_233002.log - RKreport_SCN_03262015_233630.log


Report •

#33
March 26, 2015 at 14:37:48
Run AdwCleaner again please.
Important, click on the Clean button after the scan, then Copy & Paste the contents of the log in your reply please.

Report •

#34
March 26, 2015 at 14:39:55
Okay i'm on it. Let me get back to you in few minutes.

Report •

#35
March 26, 2015 at 14:47:45
Here is the log file:

# AdwCleaner v4.113 - Logfile created 27/03/2015 at 02:43:34
# Updated 22/03/2015 by Xplode
# Database : 2015-03-26.1 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Nauman Akram - NAUMANAKRAM-PC
# Running from : C:\Users\Nauman Akram\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v41.0.2272.101


*************************

AdwCleaner[R0].txt - [18298 bytes] - [24/03/2015 06:44:23]
AdwCleaner[R1].txt - [1253 bytes] - [25/03/2015 00:08:28]
AdwCleaner[R2].txt - [1071 bytes] - [25/03/2015 02:04:43]
AdwCleaner[R3].txt - [1149 bytes] - [27/03/2015 02:41:49]
AdwCleaner[S0].txt - [17404 bytes] - [24/03/2015 06:48:28]
AdwCleaner[S1].txt - [1297 bytes] - [25/03/2015 00:10:50]
AdwCleaner[S2].txt - [1079 bytes] - [27/03/2015 02:43:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1138 bytes] ##########


Report •

#36
March 26, 2015 at 15:00:33
Run Malwarebytes again. Quarantine anything it finds.
Copy & Paste the contents of the log in your reply please.

Report •

#37
March 26, 2015 at 15:54:59
Nothing is found, so no log file was created. However I have extracted the results file.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27-Mar-15
Scan Time: 3:18:15 AM
Logfile: abc.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.09.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Nauman Akram

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374966
Time Elapsed: 31 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#38
March 26, 2015 at 15:56:00
Can i uninstall Malwarebytes now?

Report •

#39
March 26, 2015 at 16:01:18
My internet started working fine from like 3-4 hours but after the Malwarebytes scan it starts crashing again :/ why is it so?

Report •

#40
March 26, 2015 at 16:02:33
Malwarebytes should be part of you permanent armory.

You have installed the Premium version, which is a very good & can be run in conjunction with your current Anti-Virus ( AV ) It would have prevented the adware installs. If you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version.

Why is scan for rootkit off by default?
https://helpdesk.malwarebytes.org/h...

Run the ESET Services Repair tool.
Download the ESET Services Repair tool and extract it to your Desktop, run servicesrepair.exe and allow it to make repairs. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://kb.eset.com/library/ESET/KB%...
Please post the content of the log it creates which can be found in the folder the tool will have created on your Desktop.

message edited by Johnw


Report •

#41
March 26, 2015 at 16:10:47
Ok I'm going to do run this services repair tool.
Johnw, do you see any progress in what we have been doing? Because this all is above my knowledge.

Report •

#42
March 26, 2015 at 16:14:54
I am focused on memorizing your problems, I now know you are clean infection wise & am now addressing problems listed in the Farbar logs.

Report •

#43
March 26, 2015 at 16:34:29
SvcRepair Log:

Log Opened: 2015-03-27 @ 04:29:12
04:29:12 - -----------------
04:29:12 - | Begin Logging |
04:29:12 - -----------------
04:29:12 - Fix started on a WIN_7 X64 computer
04:29:12 - Prep in progress. Please Wait.
04:29:13 - Prep complete
04:29:13 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
04:29:43 - Services Repair Complete.
04:29:51 - Reboot Initiated


Report •

#44
March 26, 2015 at 16:45:14
Testing time, let me know how it is going.

Report •

#45
March 26, 2015 at 16:48:26
Sorry, which time you mean?

Report •

#46
March 26, 2015 at 16:51:02
How is the comp running?

Report •

#47
March 26, 2015 at 16:55:32
It started lagging after the Malwarebytes scan, before that it was good and now its normal again :) I should keep observing it and see if it remains normal, i hope it does.

Report •

#48
March 26, 2015 at 17:02:09
Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

Report •

#49
March 27, 2015 at 11:27:26
Johnw, I just ran DelFix on my comp, it didn't create any log file. Do you have any idea why this happened?

Actually what happened was DelFix was running and in the mean time my AV (Bitdefender) said it detected something and then my whole desktop items disappeared, like only the wallpaper, nothing left...I had to restart my PC. and then i checked there was no log file in C drive.
Though every tool we used for disinfection was gone, as you said.

message edited by Nauman91


Report •

#50
March 27, 2015 at 11:35:21
You did look here?
"All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)"



Report •

#51
March 27, 2015 at 11:39:58
yeah I did. There is no report there.

Report •

#52
March 27, 2015 at 11:46:53
and my internet starts lagging again :( it was all fine before the scan, i don't know what just happened.

Report •

#53
March 27, 2015 at 11:57:41
"and my internet starts lagging again"
Have you rebooted?

Report •

#54
March 27, 2015 at 12:01:34
Yes, i told you after delfix finished its work, my while desktop disappeared, i pressed ctrl+alt+del and then restarted my computer.

Report •

#55
March 27, 2015 at 12:16:45
"Yes, i told you after delfix finished its work, my while desktop disappeared, i pressed ctrl+alt+del and then restarted my computer"
Ok, I see you edited it, after I read it.

Bitfender has behaved abnormally, uninistall it & run your computer without it.
You will then be running on Windows antivirus ( AV ) which is what I use.

Use their uninstall tool.
http://www.bitdefender.com.au/suppo...

Reboot & see ( test ) how it runs.



Report •

#56
March 27, 2015 at 12:22:48
By windows anti virus you mean windows security essesntials?

Report •

#57
March 27, 2015 at 12:23:47
"By windows anti virus you mean windows security essesntials?"
Yes.

Report •

#58
March 27, 2015 at 12:28:45
Okay I get it. After that will i have to run DelFix again?

Report •

#59
March 27, 2015 at 12:33:46
"After that will i have to run DelFix again?"
You read my mind, yes, but only after you are happy with your comp.

After uninstalling Bitdefender, make sure your Windows updates are done.
Keep in mind that it will be slow whilst doing so.


Report •

#60
March 27, 2015 at 12:43:27
"You read my mind"
Lol, that's cool.

"After uninstalling Bitdefender, make sure your Windows updates are done."
Oh really, you want me to update my windows? I had kept the updates off from a very long time.


Report •

#61
March 27, 2015 at 13:57:04
It's still lagging exactly the way it used to be :(
(Ping rate goes from 40ms-50ms to 1000ms-2000ms & net speed from 4 mbps to 0.5-1 mbps)

It started getting normal yesterday and I thought we did it but its back to that state now.

Johnw and Derek, you guys have already done a lot for me, i shouldn't be asking for more. I don't like to disturb you guys with the problem which just can't be sorted.


Report •

#62
March 27, 2015 at 14:17:13
Re #60
Is there any reason you are avoiding Windows updates?

Re #61
If you bring up task manager (Ctrl-Alt-Del) you could see what processes are running when you get this slowdown. That might give a clue. You could even End Task on any you suspect are causing this, just to see what happens. Also, while you are there, you could check in the Startup tab and try temporarily disabling things (other than Microsoft) to see if you can find the culprit.

It seems to me that something is doing a lot of sending and/or receiving on your network. At first a virus was suspected (they can phone home, and slow the computer down) but although it is great that your computer is now clean it seems nothing like that has been unearthed.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#63
March 27, 2015 at 14:29:27
No reason, Derek. Its just that some of the update are really unnecessary and keeps consuming space, so i just shut down the updates.

Task manager:
I have alreday tried that and there was nothing that looked suspicious to me.
Yes the good thing is my computer is now clean. But you said initially virus was suspected being the cause of this problem, now there is no virus/malware and the problem is still there, now what do you think could be the actual cause? Anything you can think of?


Report •

#64
March 27, 2015 at 14:48:54
I agree that some updates might be unnecessary, as long as you are taking the important ones including those for security.

The virus idea started with a quick check, which found stacks - hence the full clean follow up. When that lot was around it was hard to see the wood for the trees and left the suspicion that the whole issue might have been virus/malware related.

What I think you now need is this looking at by a Networking specialist with some fresh ideas. Unfortunately the length of this post and the fact that it is now lower down the list probably means no such person will join us. I think you should repost it saying that the computer has now been cleaned of malware on this forum. By all means say that reposting was suggested by another helper, so that you don't get moaned at for double posting. Changing the wording a bit will probably prevent it being picked up as a double post anyhow.

Hope you don't mind but I think that would be in your best interest.

[If Johnw has any tips about avoiding malware in future, or anything else, I'm sure he'll put them right here on this long thread]

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#65
March 27, 2015 at 15:44:23
Thanks Derek, its no problem.
I have re-posted the problem with networking experts.

Report •

#66
March 27, 2015 at 15:52:36
I've seen it - right there at the top of the list, so it should get noticed. Worded just right if you don't mind me saying. I have tagged your new post and will be watching (almost certainly silently) to see if you get it sorted and hopefully what was needed to do so. Good luck with it.

message edited by Derek


Report •

#67
March 27, 2015 at 16:55:08
Thanks Derek, here is my next step Nauman91.

Run Tweaking.com - Windows Repair

Disable your antivirus program before running Windows Repair.
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...

Start at Step 1 ( very, very important ) & when you get to the final step ( Repairs ) check/tick all the boxes. Reboot when finished.
http://i1-win.softpedia-static.com/...
http://www.softpedia.com/get/Tweak/...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Exclude Step 2 ( Malwarebytes scan )
http://i.imgur.com/va6V4tw.gif
http://i.imgur.com/ryjNIEV.gif
http://i.imgur.com/zV5VeU0.gif

The logs are large, upload them using ZippyShare.

Another way to find the logs.
32-bit
C:\Program Files > Tweaking.com > Windows Repair (All in One) > Tweaking.com_Windows_Repair > Logs
64-bit
C:\Program Files (x86) > Tweaking.com > Windows Repair (All in One) > Tweaking.com_Windows_Repair > Logs
Refer SS ( screenshots )
http://i.imgur.com/6zQBU9H.gif
http://i.imgur.com/e63WNzy.gif


Report •

#68
March 28, 2015 at 10:26:52
Log File:

http://www40.zippyshare.com/v/Iv01O...


Report •

#69
March 28, 2015 at 15:16:32
After using the comp for a period of time ( test ) let me see the latest Farbar logs. We are getting very close to having everything sorted out.

Download the latest version and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Run Farbar again please, follow this SS & upload the 2 new logs.
http://i.imgur.com/i3fg3Pf.gif


Report •

Ask Question