Jump to content

bbob563

Members
  • Content Count

    12
  • Joined

  • Last visited

About bbob563

  • Rank
    New Member

Recent Profile Visitors

315 profile views
  1. Addition.txt Sorry for the late reply!
  2. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-08-2020 Ran by zto1995 (administrator) on ZACH (Acer Aspire E5-572G) (03-08-2020 11:19:57) Running from C:\Users\zto1995\Desktop Loaded Profiles: zto1995 Platform: Windows 10 Home Version 2004 19041.421 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2> (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (American Megatrends Inc. -> American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe (Ankitects Pty Ltd -> ) C:\Program Files\Anki\anki.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Fortemedia Inc -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <34> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe (SafeNet, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplms.exe (Swift Media Entertainment, Inc. -> Blitz Inc.) C:\Users\zto1995\AppData\Local\Programs\Blitz\Blitz.exe <10> (Thalonet, Inc. -> Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe (The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Anki\QtWebEngineProcess.exe <3> (TunnelBear -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-10-26] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353776 2020-06-29] (Riot Games, Inc. -> Riot Games, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-07-23] (ESET, spol. s r.o. -> ESET) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-23] (Cisco Systems, Inc. -> Cisco Systems, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [Chromium] => "c:\users\zto1995\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [cdloader] => C:\Users\zto1995\AppData\Roaming\mjusbsp\cdloader2.exe [58816 2019-09-19] (magicJack, L.P. -> magicJack L.P.) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5417008 2020-05-03] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [com.blitz.app] => C:\Users\zto1995\AppData\Local\Programs\Blitz\Blitz.exe [90735248 2020-07-28] (Swift Media Entertainment, Inc. -> Blitz Inc.) HKLM\...\Print\Monitors\Status Monitor Language Monitor for Dell C1660w Color Printer: C:\Windows\system32\DLHLSZIL.DLL [194048 2016-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-08-03] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> HKLM\Software\...\Authentication\PLAP Providers: [{C15C0AAF-C309-FE12-BB17-814630A2009F}] -> C:\WINDOWS\SysWOW64\vpnplap64.dll [2015-09-23] (Cisco Systems, Inc. -> Cisco Systems, Inc.) Startup: C:\Users\zto1995\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-04-13] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {106998D5-9A76-4674-A182-E9E13063D5CB} - System32\Tasks\{C94A46C2-C419-40A5-8817-817E67364291} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.64.101/en/abandoninstall?page=tsProgressBar Task: {17CED226-CFDC-42DE-9C64-89118271B90B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4571056 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {1EF2AFA5-2763-43E0-8EE4-DFEB5210C272} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4571056 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {1F273581-2FDE-4E05-A286-74D611C4B659} - System32\Tasks\{F9784D03-BDF3-41F3-955A-1CB380921883} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microvirt\MEmu\uninstall\uninstall.exe" -c "/U:C:\Program Files\Microvirt\MEmu\uninstall\uninstall.xml" Task: {282765E9-C0A1-4DB7-82F0-95C7530C4661} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [324328 2014-10-17] (Acer Incorporated -> Acer Incorporate) Task: {295D7737-2309-4424-B9D7-833CC2EB4B13} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474344 2014-06-09] (Acer Incorporated -> Acer Incorporated) Task: {2A0C0B67-C3D1-4371-807A-AB921A0561B7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {2A843326-D318-448F-86B8-66ADA17EFB8B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {35221178-C781-4B9F-9E8A-7B4B464B899F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {36E656AD-AC2F-4844-B73A-1356CF42A6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-17] (Google Inc -> Google Inc.) Task: {3DC25888-6215-44D9-B191-2283FAA4820C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {4665F00D-2CF9-4A2C-9F9F-FDF19732C92F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {4BBDFC89-11CD-446E-8B27-1D14054E9A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {50346D41-FA89-4613-9F61-FD5682B35356} - System32\Tasks\{D5774710-C203-4975-9509-4B6FFAEA8134} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.12.0.101/en/abandoninstall?page=tsProgressBar Task: {55BFD770-3549-4819-9AB9-82207CD2280C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [123600 2020-07-30] (Mozilla Corporation -> Mozilla Foundation) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation) Task: {5AAD7F82-6845-46F0-80FB-F9CF84107DF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-17] (Google Inc -> Google Inc.) Task: {5AE812AB-C931-4421-BC4C-E399E3FD390B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {618099B6-25DC-4BFE-A02C-D6914F86DDB8} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1841021725-2517571384-769879354-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-07-10] (Microsoft Windows -> ) Task: {6287B9B1-95B4-4026-8B50-EB6FA5AE611C} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2017-09-28] (Acer Incorporated -> ) Task: {67C52D66-4279-46A1-8DB4-D361369595BA} - System32\Tasks\{D578F615-220F-401B-BEB0-78465F7AA033} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/en/abandoninstall?page=tsProgressBar Task: {67F67563-4392-4CAC-B33C-CE531CC6DD4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) Task: {6A6BFE9A-73ED-423D-8111-15B82A259B7A} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1774280 2012-10-10] (CANON INC. -> CANON INC.) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {6F71B8D9-A955-4EB2-A06D-CE61056C8B4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.) Task: {719310FE-C240-40F5-91B7-318BED143C18} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {73E4E38A-C1D4-4B7E-8946-09DD9D8C67F8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2463064 2020-03-14] (Overwolf Ltd -> Overwolf LTD) Task: {75F495FC-1A1D-45A0-A595-6AE34C6410EE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {766476FE-E2F4-4705-A486-EBA1ED4B2C8B} - System32\Tasks\{BCD081CF-B11D-4562-A461-B7350E459299} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/en/abandoninstall?page=tsProgressBar Task: {7A82875E-661C-4A53-9C49-760A0AA99D47} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7B2AA5F0-DE3C-4133-8282-3E230C8D46FC} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41728 2014-08-29] (Acer Incorporated -> ) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {AAA6ADD2-95F0-4742-9EA9-9A371C2D6903} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation) Task: {AAD45CCC-D616-4188-84B4-C15817768B7C} - System32\Tasks\{564D9812-9744-4510-9B3E-605A0938BD1F} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.64.101/en/abandoninstall?page=tsProgressBar Task: {AB72C707-ED16-405A-B957-04F95F827445} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [384232 2014-07-22] (Acer Incorporated -> Acer Incorporated) Task: {ABED0309-B4CC-48E7-A86C-CF46D0FB99F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation) Task: {BBA2D1E0-5B77-4C45-A052-DFE560B3D96F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {BDC0D544-9F39-42E7-B8F2-F7F130852B96} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C3AE9AC9-04C9-4E55-A410-B6E4A508DE1F} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [324328 2014-10-17] (Acer Incorporated -> Acer Incorporate) Task: {C5FF1C74-6CF7-442C-B371-ABB1B0A7463E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) Task: {CBC9B8B7-7251-488A-B233-E0A3F9AFAF89} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {D1714CC3-6B45-44C8-982D-F9DE7032F925} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {E6A33576-22C0-4F59-8B77-D4F5BF87DEC2} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65824 2017-09-26] (Acer Incorporated -> Acer Incorporated) Task: {EB400857-50E7-405A-80D7-22E365526D8D} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [100608 2014-08-29] (Acer Incorporated -> ) Task: {EEEF3F72-7B62-43A6-B63E-AEE54EC375E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {F04C7DD7-D003-4F4C-8F3D-FE2F6152791F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F099A2BC-6DE4-4B67-9533-C6E199ADC0AD} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [419048 2014-12-30] (Acer Incorporated -> Acer Incorporate) Task: {FEE9ADE9-2238-4461-9612-6A2AF6A6D4A0} - System32\Tasks\AdobeAAMUpdater-1.0-Zach-zto1995 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1841021725-2517571384-769879354-1001] => http=;ftp=;https=; Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{437d0200-77c9-4c02-b05e-5aabfd1818c6}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7f06abd0-0bb5-4312-943c-ddb0ac554267}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{d78ccd5c-b66a-4983-80f5-231fd8be6cab}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f6de9ff1-3f1c-4430-8c2d-216e876d8348}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131779194215889489&GUID=7A70FFB0-D9CF-4509-8A0C-E49DBA20AF11 HKU\S-1-5-21-1841021725-2517571384-769879354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 HKU\S-1-5-21-1841021725-2517571384-769879354-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> DefaultScope {3F2F5A60-E876-45A8-91CE-17A197AA143E} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {3F2F5A60-E876-45A8-91CE-17A197AA143E} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1841021725-2517571384-769879354-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-1841021725-2517571384-769879354-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-1841021725-2517571384-769879354-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-14] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-01-14] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
  3. @AdvancedSetup I updated my malwarebytes to see if any new updates could help in the detection of it. I have copied and pasted the scan I did immediately afterward. Please do guide me in any way that could help with this bing redirect as it is incredibly frustrating. I do see PUP/PUM detected but it keeps saying 0 items detected overall, which I do not understand. Thank you! Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/1/20 Scan Time: 11:20 AM Log File: abf6e002-d423-11ea-a56d-f0761c854415.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27793 License: Trial -System Information- OS: Windows 10 (Build 19041.421) CPU: x64 File System: NTFS User: -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 512567 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 59 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. Hi I ran the steps from above. So far, i have not seen any bing redirect and my second malware scan found 0 threats as well. My laptop is almost five years old. I do notice that it's been a lot slower recently but it's still manageable to do stuff with. I have a laptop cooling fan! Thank you so much for the help!
  5. This is the exported summary -Log Details- Scan Date: 7/31/20 Scan Time: 5:38 PM Log File: 551afa46-d38f-11ea-9eda-f0761c854415.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.17378 License: Free -System Information- OS: Windows 10 (Build 19041.421) CPU: x64 File System: NTFS User: -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 510510 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 hr, 13 min, 26 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  6. So, I recently did a windows 10 or 11 update and now everytime i search on my new tab of google chrome, it redirects it to bing. I am wondering how should I go about fixing this. I did a scan and it said nothing has been detected. I read somewhere online that it is a PUP. Any suggestions on how to get rid of this bing hijack / PUP?
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.