bbob563 Posted August 1, 2020 ID:1398356 Share Posted August 1, 2020 So, I recently did a windows 10 or 11 update and now everytime i search on my new tab of google chrome, it redirects it to bing. I am wondering how should I go about fixing this. I did a scan and it said nothing has been detected. I read somewhere online that it is a PUP. Any suggestions on how to get rid of this bing hijack / PUP? Link to post Share on other sites More sharing options...
bbob563 Posted August 1, 2020 Author ID:1398358 Share Posted August 1, 2020 This is the exported summary -Log Details- Scan Date: 7/31/20 Scan Time: 5:38 PM Log File: 551afa46-d38f-11ea-9eda-f0761c854415.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.17378 License: Free -System Information- OS: Windows 10 (Build 19041.421) CPU: x64 File System: NTFS User: -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 510510 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 1 hr, 13 min, 26 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2020 Root Admin ID:1398359 Share Posted August 1, 2020 Hello @bbob563 Please follow the directions from the following topic and let us know if that corrects it or not. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2020 Root Admin ID:1398360 Share Posted August 1, 2020 Wow, that is a very long scan time. Time Elapsed: 1 hr, 13 min, 26 sec We may want to get more information about your system. About how old is the computer? Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Link to post Share on other sites More sharing options...
bbob563 Posted August 1, 2020 Author ID:1398391 Share Posted August 1, 2020 Hi I ran the steps from above. So far, i have not seen any bing redirect and my second malware scan found 0 threats as well. My laptop is almost five years old. I do notice that it's been a lot slower recently but it's still manageable to do stuff with. I have a laptop cooling fan! Thank you so much for the help! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2020 Root Admin ID:1398395 Share Posted August 1, 2020 Yes, you should be all good. I will go ahead and close your topic and give you a link to some advice to help keep your computer safe and improve your priavacy Take care and stay safe out there Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2020 Root Admin ID:1398396 Share Posted August 1, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 3, 2020 Root Admin ID:1398629 Share Posted August 3, 2020 Topic has been reopened per request. Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 3, 2020 Root Admin ID:1398631 Share Posted August 3, 2020 Hello @bbob563 Please get me the requested logs below Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Link to post Share on other sites More sharing options...
bbob563 Posted August 3, 2020 Author ID:1398763 Share Posted August 3, 2020 @AdvancedSetup I updated my malwarebytes to see if any new updates could help in the detection of it. I have copied and pasted the scan I did immediately afterward. Please do guide me in any way that could help with this bing redirect as it is incredibly frustrating. I do see PUP/PUM detected but it keeps saying 0 items detected overall, which I do not understand. Thank you! Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/1/20 Scan Time: 11:20 AM Log File: abf6e002-d423-11ea-a56d-f0761c854415.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27793 License: Trial -System Information- OS: Windows 10 (Build 19041.421) CPU: x64 File System: NTFS User: -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 512567 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 59 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 3, 2020 Root Admin ID:1398773 Share Posted August 3, 2020 Please post the requested FRST logs Thank you Link to post Share on other sites More sharing options...
bbob563 Posted August 3, 2020 Author ID:1398778 Share Posted August 3, 2020 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-08-2020 Ran by zto1995 (administrator) on ZACH (Acer Aspire E5-572G) (03-08-2020 11:19:57) Running from C:\Users\zto1995\Desktop Loaded Profiles: zto1995 Platform: Windows 10 Home Version 2004 19041.421 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporated -> Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2> (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (American Megatrends Inc. -> American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe (Ankitects Pty Ltd -> ) C:\Program Files\Anki\anki.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (CyberLink -> ) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Fortemedia Inc -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <34> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe (SafeNet, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplms.exe (Swift Media Entertainment, Inc. -> Blitz Inc.) C:\Users\zto1995\AppData\Local\Programs\Blitz\Blitz.exe <10> (Thalonet, Inc. -> Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\Haste Esports Accelerator\UserEdgeService.exe (The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Anki\QtWebEngineProcess.exe <3> (TunnelBear -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-10-26] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353776 2020-06-29] (Riot Games, Inc. -> Riot Games, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-07-23] (ESET, spol. s r.o. -> ESET) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-23] (Cisco Systems, Inc. -> Cisco Systems, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [Chromium] => "c:\users\zto1995\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [cdloader] => C:\Users\zto1995\AppData\Roaming\mjusbsp\cdloader2.exe [58816 2019-09-19] (magicJack, L.P. -> magicJack L.P.) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5417008 2020-05-03] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1841021725-2517571384-769879354-1001\...\Run: [com.blitz.app] => C:\Users\zto1995\AppData\Local\Programs\Blitz\Blitz.exe [90735248 2020-07-28] (Swift Media Entertainment, Inc. -> Blitz Inc.) HKLM\...\Print\Monitors\Status Monitor Language Monitor for Dell C1660w Color Printer: C:\Windows\system32\DLHLSZIL.DLL [194048 2016-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-08-03] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> HKLM\Software\...\Authentication\PLAP Providers: [{C15C0AAF-C309-FE12-BB17-814630A2009F}] -> C:\WINDOWS\SysWOW64\vpnplap64.dll [2015-09-23] (Cisco Systems, Inc. -> Cisco Systems, Inc.) Startup: C:\Users\zto1995\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-04-13] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {106998D5-9A76-4674-A182-E9E13063D5CB} - System32\Tasks\{C94A46C2-C419-40A5-8817-817E67364291} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.64.101/en/abandoninstall?page=tsProgressBar Task: {17CED226-CFDC-42DE-9C64-89118271B90B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4571056 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {1EF2AFA5-2763-43E0-8EE4-DFEB5210C272} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4571056 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {1F273581-2FDE-4E05-A286-74D611C4B659} - System32\Tasks\{F9784D03-BDF3-41F3-955A-1CB380921883} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Microvirt\MEmu\uninstall\uninstall.exe" -c "/U:C:\Program Files\Microvirt\MEmu\uninstall\uninstall.xml" Task: {282765E9-C0A1-4DB7-82F0-95C7530C4661} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [324328 2014-10-17] (Acer Incorporated -> Acer Incorporate) Task: {295D7737-2309-4424-B9D7-833CC2EB4B13} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474344 2014-06-09] (Acer Incorporated -> Acer Incorporated) Task: {2A0C0B67-C3D1-4371-807A-AB921A0561B7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {2A843326-D318-448F-86B8-66ADA17EFB8B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {35221178-C781-4B9F-9E8A-7B4B464B899F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {36E656AD-AC2F-4844-B73A-1356CF42A6AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-17] (Google Inc -> Google Inc.) Task: {3DC25888-6215-44D9-B191-2283FAA4820C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {4665F00D-2CF9-4A2C-9F9F-FDF19732C92F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {4BBDFC89-11CD-446E-8B27-1D14054E9A67} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {50346D41-FA89-4613-9F61-FD5682B35356} - System32\Tasks\{D5774710-C203-4975-9509-4B6FFAEA8134} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.12.0.101/en/abandoninstall?page=tsProgressBar Task: {55BFD770-3549-4819-9AB9-82207CD2280C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [123600 2020-07-30] (Mozilla Corporation -> Mozilla Foundation) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [30208 2019-12-07] (Microsoft Windows -> Microsoft Corporation) Task: {5AAD7F82-6845-46F0-80FB-F9CF84107DF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-17] (Google Inc -> Google Inc.) Task: {5AE812AB-C931-4421-BC4C-E399E3FD390B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {618099B6-25DC-4BFE-A02C-D6914F86DDB8} - System32\Tasks\Agent Activation Runtime\S-1-5-21-1841021725-2517571384-769879354-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-07-10] (Microsoft Windows -> ) Task: {6287B9B1-95B4-4026-8B50-EB6FA5AE611C} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2017-09-28] (Acer Incorporated -> ) Task: {67C52D66-4279-46A1-8DB4-D361369595BA} - System32\Tasks\{D578F615-220F-401B-BEB0-78465F7AA033} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/en/abandoninstall?page=tsProgressBar Task: {67F67563-4392-4CAC-B33C-CE531CC6DD4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) Task: {6A6BFE9A-73ED-423D-8111-15B82A259B7A} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1774280 2012-10-10] (CANON INC. -> CANON INC.) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {6F71B8D9-A955-4EB2-A06D-CE61056C8B4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.) Task: {719310FE-C240-40F5-91B7-318BED143C18} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {73E4E38A-C1D4-4B7E-8946-09DD9D8C67F8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2463064 2020-03-14] (Overwolf Ltd -> Overwolf LTD) Task: {75F495FC-1A1D-45A0-A595-6AE34C6410EE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {766476FE-E2F4-4705-A486-EBA1ED4B2C8B} - System32\Tasks\{BCD081CF-B11D-4562-A461-B7350E459299} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.40.0.103/en/abandoninstall?page=tsProgressBar Task: {7A82875E-661C-4A53-9C49-760A0AA99D47} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7B2AA5F0-DE3C-4133-8282-3E230C8D46FC} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41728 2014-08-29] (Acer Incorporated -> ) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {AAA6ADD2-95F0-4742-9EA9-9A371C2D6903} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation) Task: {AAD45CCC-D616-4188-84B4-C15817768B7C} - System32\Tasks\{564D9812-9744-4510-9B3E-605A0938BD1F} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.64.101/en/abandoninstall?page=tsProgressBar Task: {AB72C707-ED16-405A-B957-04F95F827445} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [384232 2014-07-22] (Acer Incorporated -> Acer Incorporated) Task: {ABED0309-B4CC-48E7-A86C-CF46D0FB99F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation) Task: {BBA2D1E0-5B77-4C45-A052-DFE560B3D96F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {BDC0D544-9F39-42E7-B8F2-F7F130852B96} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C3AE9AC9-04C9-4E55-A410-B6E4A508DE1F} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [324328 2014-10-17] (Acer Incorporated -> Acer Incorporate) Task: {C5FF1C74-6CF7-442C-B371-ABB1B0A7463E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd) Task: {CBC9B8B7-7251-488A-B233-E0A3F9AFAF89} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {D1714CC3-6B45-44C8-982D-F9DE7032F925} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2020-07-20] (Microsoft Corporation -> Microsoft Corporation) Task: {E6A33576-22C0-4F59-8B77-D4F5BF87DEC2} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [65824 2017-09-26] (Acer Incorporated -> Acer Incorporated) Task: {EB400857-50E7-405A-80D7-22E365526D8D} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [100608 2014-08-29] (Acer Incorporated -> ) Task: {EEEF3F72-7B62-43A6-B63E-AEE54EC375E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {F04C7DD7-D003-4F4C-8F3D-FE2F6152791F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F099A2BC-6DE4-4B67-9533-C6E199ADC0AD} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [419048 2014-12-30] (Acer Incorporated -> Acer Incorporate) Task: {FEE9ADE9-2238-4461-9612-6A2AF6A6D4A0} - System32\Tasks\AdobeAAMUpdater-1.0-Zach-zto1995 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1841021725-2517571384-769879354-1001] => http=;ftp=;https=; Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{437d0200-77c9-4c02-b05e-5aabfd1818c6}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7f06abd0-0bb5-4312-943c-ddb0ac554267}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{d78ccd5c-b66a-4983-80f5-231fd8be6cab}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f6de9ff1-3f1c-4430-8c2d-216e876d8348}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131779194215889489&GUID=7A70FFB0-D9CF-4509-8A0C-E49DBA20AF11 HKU\S-1-5-21-1841021725-2517571384-769879354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 HKU\S-1-5-21-1841021725-2517571384-769879354-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> DefaultScope {3F2F5A60-E876-45A8-91CE-17A197AA143E} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {3F2F5A60-E876-45A8-91CE-17A197AA143E} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1841021725-2517571384-769879354-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-1841021725-2517571384-769879354-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-1841021725-2517571384-769879354-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-14] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-01-14] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 4, 2020 Root Admin ID:1398873 Share Posted August 4, 2020 I'm sorry, but can you please attach these logs. The forum software does not always decode them properly. Thank you Link to post Share on other sites More sharing options...
bbob563 Posted August 4, 2020 Author ID:1399010 Share Posted August 4, 2020 FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 4, 2020 Root Admin ID:1399095 Share Posted August 4, 2020 There should be another log called ADDITIONS.TXT if it's not there then run FRST again and make sure there is a check mark on the Additions.txt check box Thanks Link to post Share on other sites More sharing options...
bbob563 Posted August 5, 2020 Author ID:1399317 Share Posted August 5, 2020 Addition.txt Sorry for the late reply! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2020 Root Admin ID:1399319 Share Posted August 5, 2020 Please uninstall Bonjour - go to Control Panel, Programs, Uninstall What exactly is mDNSResponder.exe? https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/ MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL. On a Mac or iOS device, this program is used for networking nearly everything. On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows. Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery. What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/ You may want to consider no longer using CCleaner - most Experts no longer recommend the product since it was sold in 2017. The built-in Windows Disk Cleanup and Storage Sense (I would not recommend allowing Storage Sense to auto delete though as it has had issue in the past when left on Auto but when used manually is a good tool) You're running old compromised versions of Java. Please go to Control Panel, Programs, Uninstall and remove all of them. If you really need to have Java then make sure it's always up to date https://java.com The logs show that the system is running one or more P2P torrenting programs. The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is very much illegal, and there is always a chance of getting caught by the authorities. Torrenting non-copyrighted material is perfectly fine and is allowed. We have seen an increase in malware being bundled with software downloads over P2P. Please keep this in mind when sharing files that you're increasing the risk that your system might get infected. Scan all files prior to running them. https://virustotal.com As you can see there is an obvious issue with your installation of Google Chrome. I would suggest backing up your bookmarks and uninstall Google Chrome. Then restart the computer and reinstall Google Chrome and see if that corrects the issue or not. Application errors: ================== Error: (08/03/2020 10:14:09 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\zto1995\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 51.0.2681.0,language="*",type="win32",version="51.0.2681.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Please run the following Fix to resolve some of the issues on your system. Make sure you temporarily disable ESET antivirus before running this fix. Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 31, 2020 Root Admin ID:1404669 Share Posted August 31, 2020 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts