[B]I was away from my computer with it being off, but on standby. Furthermore the Ethernet cable was still plugged in. Upon return, I have had internet problems. The issue has arisen between 28th March to 18th April.
I am mildly computer fluent and have tried to follow many routes, but haven't had good results.
Is it possible that malware, virus, rootkit etc has been removed, but settings are still changed and therefore prohibiting my internet speeds?
I would really appreciate any help as being a student, this computer is my lifeline, especially during exam time at the moment.
Using SpeedOf.me, results shown below,
Latency:1685ms
Max Download 140kbps
Max Upload: 10kbps
Whilst pages load extremely slowly, the internet is still up and online. It feels like something is restricting the speeds. Also,my computer is running slower in relation to normal file browsing processes etc.
I have uninstalled and re-downloaded the Realtek PCIe GBE Family Controller Drivers before and after each of these steps.
This has applied to all browsers, even after deleting and reinstalling chrome. Chrome had its home page settings changed and after being changed, would revert to the homepage in question. After running malwarebytes and changing it back, this was no longer an issue.
I also discovered that Bullguard settings had been altered and had lowered security level for antivirus. I was able to change these without them reversing.
Tdss killer found no issues.
I have flushed the dns cache using ipconfig /flushdns in administrator CMD prompt.
I have performed this in adminstator CMD Prompt as well "netsh winsock reset".
I have restarted the computer and performed all updates, apart from windows 10.
Malware Bytes found and removed several issues, but the logs do not extend far back enough now, so I don't think there is a way for me to find out what it removed.
In Folder options, having selected:
Show hidden files, folders, and drives,
and unselected:
hide extensions for known file types
Hide protected operating system files (recommended)
I ran malwarebytes3 again with no more issues found.
I am not sure if it does it automatically, but
Hide protected operating system files (recommended)
has automatically been reselected.
Bullguard has reported on these issues.
---------------------------------------------
C:\Users\James\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe
Details
Risk: HIGH
Behaviour: The program unins000.exe attempted to delete itself.
Time: 2017/05/02 22:47:15
Actions
Move to quarantine: Succeeded
-------------------------------------
C:\Users\James\AppData\Local\Apowersoft\Online Video Converter\unins000.exe
Details
Risk: HIGH
Behaviour: The program unins000.exe attempted to delete itself.
Time: 2017/05/02 22:46:35
Actions
Move to quarantine: Succeeded
--------------------------------------------
(handtyped this due to no export log)
ATTACK NAME- PORT SCAN
ATTACKER IP- 10.201.34.216 (v3749-0ac92d8.wifi.cf.ac.uk
EVENT TIME- 2017-05-12 14:14:12
ATTACKER MAC- 74-D4-35-E7-1F-89
--------------------------------
Malware Bytes discovered this.
Suspected file: unins000.exe
Risk: high
Path: C:\Users\James\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe
Details
The program unins000.exe attempted to delete itself.
Files modified
C:\USERS\JAMES\APPDATA\LOCAL\TEMP\_IU14D2N.TMP (created)
Registry modified
\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER:PendingFileRenameOperations (modified: old_value=[\??\C:\ProgramData\BullGuard\BdAgent.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BdAgent.log, \??\C:\ProgramData\BullGuard\BsMailProxy.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BsMailProxy.log], new_value =[\??\C:\ProgramData\BullGuard\BdAgent.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BdAgent.log, \??\C:\ProgramData\BullGuard\BsMailProxy.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BsMailProxy.log, \??\C:\Users\James\AppData\Local\Temp\_iu14D2N.tmp
--------------------------------------------
"_IU14D2N.TMP" is still in "C:\Users\James\AppData\Local\Temp"
1.13 MB and modified on 02/05/17.
- I have not done any of the following steps in safe-mode.
- No other users on this desktop have been utilized in years.
- It is not a problem of internet as several other devices work perfectly from my port and through my login (as it is university internet).
- On looking at the network connection properties, it is automatically obtaining an IPv6 address, a DNS server address and an IP address.
I am mildly computer fluent and have tried to follow many routes, but haven't had good results.
Is it possible that malware, virus, rootkit etc has been removed, but settings are still changed and therefore prohibiting my internet speeds?
I would really appreciate any help as being a student, this computer is my lifeline, especially during exam time at the moment.
Using SpeedOf.me, results shown below,
Latency:1685ms
Max Download 140kbps
Max Upload: 10kbps
Whilst pages load extremely slowly, the internet is still up and online. It feels like something is restricting the speeds. Also,my computer is running slower in relation to normal file browsing processes etc.
I have uninstalled and re-downloaded the Realtek PCIe GBE Family Controller Drivers before and after each of these steps.
- Bullguard antivrus full scan,
- Malware bytes 3
- Hitman Pro
- Kasperky tdsskiller
This has applied to all browsers, even after deleting and reinstalling chrome. Chrome had its home page settings changed and after being changed, would revert to the homepage in question. After running malwarebytes and changing it back, this was no longer an issue.
I also discovered that Bullguard settings had been altered and had lowered security level for antivirus. I was able to change these without them reversing.
Tdss killer found no issues.
I have flushed the dns cache using ipconfig /flushdns in administrator CMD prompt.
I have performed this in adminstator CMD Prompt as well "netsh winsock reset".
I have restarted the computer and performed all updates, apart from windows 10.
Malware Bytes found and removed several issues, but the logs do not extend far back enough now, so I don't think there is a way for me to find out what it removed.
In Folder options, having selected:
Show hidden files, folders, and drives,
and unselected:
hide extensions for known file types
Hide protected operating system files (recommended)
I ran malwarebytes3 again with no more issues found.
I am not sure if it does it automatically, but
Hide protected operating system files (recommended)
has automatically been reselected.
Bullguard has reported on these issues.
---------------------------------------------
C:\Users\James\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe
Details
Risk: HIGH
Behaviour: The program unins000.exe attempted to delete itself.
Time: 2017/05/02 22:47:15
Actions
Move to quarantine: Succeeded
-------------------------------------
C:\Users\James\AppData\Local\Apowersoft\Online Video Converter\unins000.exe
Details
Risk: HIGH
Behaviour: The program unins000.exe attempted to delete itself.
Time: 2017/05/02 22:46:35
Actions
Move to quarantine: Succeeded
--------------------------------------------
(handtyped this due to no export log)
ATTACK NAME- PORT SCAN
ATTACKER IP- 10.201.34.216 (v3749-0ac92d8.wifi.cf.ac.uk
EVENT TIME- 2017-05-12 14:14:12
ATTACKER MAC- 74-D4-35-E7-1F-89
--------------------------------
Malware Bytes discovered this.
Suspected file: unins000.exe
Risk: high
Path: C:\Users\James\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe
Details
The program unins000.exe attempted to delete itself.
Files modified
C:\USERS\JAMES\APPDATA\LOCAL\TEMP\_IU14D2N.TMP (created)
Registry modified
\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER:PendingFileRenameOperations (modified: old_value=[\??\C:\ProgramData\BullGuard\BdAgent.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BdAgent.log, \??\C:\ProgramData\BullGuard\BsMailProxy.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BsMailProxy.log], new_value =[\??\C:\ProgramData\BullGuard\BdAgent.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BdAgent.log, \??\C:\ProgramData\BullGuard\BsMailProxy.log, \??\C:\ProgramData\BullGuard\CompressedLogs\BsMailProxy.log, \??\C:\Users\James\AppData\Local\Temp\_iu14D2N.tmp
--------------------------------------------
"_IU14D2N.TMP" is still in "C:\Users\James\AppData\Local\Temp"
1.13 MB and modified on 02/05/17.