Url re-direct, weird and slow internet, setting change?
- Thread starter SuperMann
- Start date
-
Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.
Why not Click Here To Sign Up and start enjoying great FREE Tech Support.
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
- Status
Thanks alot, I really appreciate! I have nothing important on my pc, but I need it secure, I can't work when I dont have the control of my OWN pc .OK, I just got the alert. I will take a look at the logs here in about an hour.
Adware Cleaner
Download Malwarebytes v.4 . Install and run.
- Download AdwCleaner and save it to your Desktop
- Right-click on AdwCleaner.exeand select, Run as Administrator
- Accept the EULA (I accept), then click on Scan Now
- Let the scan complete
- Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
- Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
- Close all other open windows and allow it to restart
- After the restart, Notepad will open with the AdwCleaner cleaning log
- Please Attach the contents of that log into your next reply to me
Download Malwarebytes v.4 . Install and run.
- Once the MBAM dashboard opens, click on Settings (gear icon).
- Click on Security tab and make sure that all four Scan options are enabled.
- Close Settings and click on the Scan button on the dashboard.
- Once the scan is completed make sure you have it quarantine any detections it finds.
- If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
- If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
- If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.
@SuperMann
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.
Code:
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKLM-x32\...\RunOnce: [360safeuninst_1f0fb7c2d13cc0c07ff2ca40747bc03e] => C:\Users\Me\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_remove360.bat [632 2023-09-13] () [File not signed] <==== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-2118630591-2447159386-1078315589-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-2118630591-2447159386-1078315589-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 24.201.245.77 24.200.243.189
Tcpip\..\Interfaces\{89540600-8c74-4bea-8001-fe67aced12ae}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b695eff4-2933-4378-9d47-fadb9fa53d0d}: [DhcpNameServer] 192.168.0.1 24.201.245.77 24.200.243.189
Tcpip\..\Interfaces\{cd30e077-5e47-4959-8372-424c099b15b4}: [DhcpNameServer] 192.168.0.1 24.201.245.77 24.200.243.189
Tcpip\..\Interfaces\{fce0ef15-df65-4d77-bcea-6776fd0d7f1e}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\116.1.57.64\elevation_service.exe" [X]
S4 QHActiveDefense; "C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe" [X]
S4 QHProtected; "C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe" [X]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
C:\Program Files (x86)\360
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [110800 2023-03-15] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R3 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [96424 2023-03-15] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys
C:\Windows\System32\DRIVERS\360netmon.sys
R3 360Box64; system32\DRIVERS\360Box64.sys [X]
S1 epp; \??\C:\Users\Me\Desktop\Downloads\Malware Removal\bin64\epp.sys [X]
C:\Windows\Tasks\360Disabled
2023-09-13 10:22 - 2023-09-13 11:31 - 000000000 ____D C:\Users\Me\AppData\Roaming\360DesktopLite
2023-09-13 10:22 - 2023-09-13 10:22 - 094499560 _____ C:\Users\Me\Desktop\360TS_Setup.exe
2023-09-13 10:22 - 2023-09-13 10:22 - 000000000 ____D C:\Program Files (x86)\360
2023-09-13 10:22 - 2023-03-15 01:02 - 000540416 _____ (360.cn) C:\Windows\system32\Drivers\360FsFlt.sys.685
2023-09-13 10:22 - 2023-03-15 01:02 - 000360664 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys.816
2023-09-13 10:22 - 2023-03-15 01:02 - 000238304 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS.upd
2023-09-13 10:22 - 2023-03-15 01:02 - 000110800 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2023-09-13 10:22 - 2023-03-15 01:02 - 000110800 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys.000
2023-09-13 10:22 - 2023-03-15 01:02 - 000096424 ____N (360.cn) C:\Windows\system32\Drivers\360netmon.sys
C:\ProgramData\Norton
C:\ProgramData\Emsisoft
CustomCLSID: HKU\S-1-5-21-2118630591-2447159386-1078315589-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2118630591-2447159386-1078315589-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2118630591-2447159386-1078315589-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2118630591-2447159386-1078315589-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
CustomCLSID: HKU\S-1-5-21-2118630591-2447159386-1078315589-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Me\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\system32\drivers\etc\hosts.ics
Hosts:
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /list /allusers
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::hi guy, sorry for the delay, so when I do the awdcleaner, my laptop was unable to restard. That clen alot, like 155 things. So I will need a new iage and restard to 0 (I dont have lost anything important).
I want to make sur that's my pc will be clean and secure with a new image, hope that my network was not hack (alot of strange things happend , even with my android).
I need some help guys!
Thanks in advance
I want to make sur that's my pc will be clean and secure with a new image, hope that my network was not hack (alot of strange things happend , even with my android).
I need some help guys!
Thanks in advance
ok guy, I dont know wht to do, I am on the other pc I got and literally, someone control it when I try to delete weird new app. Like we do a battle and malawarebyte find 5 things in the registery key but close my pc when I try to delete it! something go wrong man!
Really need help!!
What to do?
Really need help!!
What to do?
Let's collect new logs.
Download Malwarebytes Support Tool
Once the file is downloaded, open your Downloads folder/location of the downloaded file
Double-click mb-support-1.4.0.615.exe to run the report
You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
Place a checkmark next to Accept License Agreement and click Next
You will be presented with a page stating, "Get Started!"
Do NOT use the button “Start repair” !
Click the Advanced tab on the left column
Click the Gather Logs button
A progress bar will appear and the program will proceed with getting logs from your computer
Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
Please attach the ZIP file in your next reply.
Download Malwarebytes Support Tool
Once the file is downloaded, open your Downloads folder/location of the downloaded file
Double-click mb-support-1.4.0.615.exe to run the report
You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
Place a checkmark next to Accept License Agreement and click Next
You will be presented with a page stating, "Get Started!"
Do NOT use the button “Start repair” !
Click the Advanced tab on the left column
Click the Gather Logs button
A progress bar will appear and the program will proceed with getting logs from your computer
Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
Please attach the ZIP file in your next reply.
Sorry to send it like that's, nothing else is working.
I mean, something or/and someone have control of everything.
I am on my old laptop right now because like I say, The other one will need to be a fresh and new image but before that I need to know what is this, what to do and they probably get control of my network. Cell phone even home phone is really weird in the last 2 weeks.
I see Devtools sometime, plugging, even my vpn was always put back into mesh to share...
I am so tired of this, I really appreciate man!
I mean, something or/and someone have control of everything.
I am on my old laptop right now because like I say, The other one will need to be a fresh and new image but before that I need to know what is this, what to do and they probably get control of my network. Cell phone even home phone is really weird in the last 2 weeks.
I see Devtools sometime, plugging, even my vpn was always put back into mesh to share...
I am so tired of this, I really appreciate man!
Can you just upload the zip file to this site and send me the link please.
ufile.io
Also, run the fix from post 8 and send me the result while I look this over.
Ufile.io - Upload files for free & share them without registration
Upload Files is a free file sharing service with unlimited bandwidth, upload files securely & anonymously. The simplest way to send large files, no signup required.
ufile.io
Also, the first set of logs are from a windows 10 machine, and now you send logs from a windows 7 machine.....?? I need you to run the fix and then collect new logs with the tool on the machine in question. If the other machine is having issues, then start a new thread for it, so we do not confuse things.
Can you run it in safe mode? We really need to just focus on that machine with this thread.
- Status