Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox browser hijacked by search.searchgtp.com


  • Please log in to reply
11 replies to this topic

#1 mavgal

mavgal

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 14 March 2018 - 09:31 AM

My homepage is being changed to search.searchgtp.com for about a week now.  I have not used this page to search anything as I knew it wasn't right.  I ran MalwareBytes and it did not find anything.  Searched for removal of this and it just said to remove it from my programs, but of course it doesn't show up in programs.  It has not affected IE browser, but I rarely use that browser.  Hoping you can help me, thanks!


Edited by hamluis, 14 March 2018 - 10:29 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 14 March 2018 - 01:37 PM

Perhaps you need to reset your browser addons to default.. Are you using other browsers?

In FireFox it may be the Add ons/Plugins. First look for Sweetpack or SweetIm and disable. Or
Try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date


If it is your homepage...
Click the Firefox button at the top left corner of the page and choose Options.
In the Home Page URL box, enter the homepage you want to use instead of SweetPacks and then click OK.

Edited by boopme, 14 March 2018 - 01:38 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mavgal

mavgal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 15 March 2018 - 06:32 AM

I checked the Add ons/Plug ins, there is nothing there other than Adobe, Widevine by Google, and OpenH264 by Cisco.

I updated to the latest version of Firefox.

I have reset my home page several times and when I open Firefox again, it goes to the searchgtp page.

I rarely use my other browsers and none of them show this searchgtp page when I open them.

I set Firefox as my default browser.

I don't see a Firefox button at the top left corner other than "Getting Started" and when I click on that, there is no Options to choose.

Nothing changes, when I open a new tab, I get the searchgtp page.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 15 March 2018 - 09:01 AM

Ok, lets run these..

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mavgal

mavgal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 16 March 2018 - 12:58 PM

Here is the MiniToolbox:

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Pat (administrator) on 16-03-2018 at 12:55:54
Running from "C:\Users\Pat\Downloads"
Microsoft Windows 10 Home  (X64)
Model: 510-p010 Manufacturer: HP
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Intel® Dual Band Wireless-AC 3165 = Wi-Fi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-CD9L8S2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3165
   Physical Address. . . . . . . . . : AC-2B-6E-AE-3A-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : AC-2B-6E-AE-3A-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : EC-8E-B5-66-C5-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2600:8804:1f80:5ac:67:4f43:6913:259c(Preferred)
   IPv6 Address. . . . . . . . . . . : fdbb:9f9a:426d:0:67:4f43:6913:259c(Preferred)
   Temporary IPv6 Address. . . . . . : 2600:8804:1f80:5ac:107e:b9f3:9b5b:4f0a(Preferred)
   Temporary IPv6 Address. . . . . . : fdbb:9f9a:426d:0:107e:b9f3:9b5b:4f0a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::67:4f43:6913:259c%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.146(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 14, 2018 7:14:22 AM
   Lease Expires . . . . . . . . . . : Saturday, March 17, 2018 12:37:27 PM
   Default Gateway . . . . . . . . . : fe80::cad7:19ff:fe5f:5cd1%15
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 155717583
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-F3-84-78-EC-8E-B5-66-C5-35
   DNS Servers . . . . . . . . . . . : 68.105.28.11
                                       68.105.29.11
                                       68.105.28.12
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cdns1.cox.net
Address:  68.105.28.11

Name:    google.com
Addresses:  2607:f8b0:4000:816::200e
      172.217.12.78


Pinging google.com [2607:f8b0:4000:816::200e] with 32 bytes of data:
Request timed out.
Reply from 2607:f8b0:4000:816::200e: time=31ms

Ping statistics for 2607:f8b0:4000:816::200e:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 31ms, Maximum = 31ms, Average = 31ms
Server:  cdns1.cox.net
Address:  68.105.28.11

Name:    yahoo.com
Addresses:  2001:4998:c:e33::53
      2001:4998:58:2201::73
      98.139.180.180
      206.190.39.42


Pinging yahoo.com [2001:4998:58:2201::73] with 32 bytes of data:
Request timed out.
Reply from 2001:4998:58:2201::73: time=57ms

Ping statistics for 2001:4998:58:2201::73:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 57ms, Average = 57ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...ac 2b 6e ae 3a bc ......Intel® Dual Band Wireless-AC 3165
 10...ac 2b 6e ae 3a bd ......Microsoft Wi-Fi Direct Virtual Adapter
 15...ec 8e b5 66 c5 35 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.146     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.146    291
    192.168.1.146  255.255.255.255         On-link     192.168.1.146    291
    192.168.1.255  255.255.255.255         On-link     192.168.1.146    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.146    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.146    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15    291 ::/0                     fe80::cad7:19ff:fe5f:5cd1
  1    331 ::1/128                  On-link
 15    291 2600:8804:1f80:5ac::/64  On-link
 15     51 2600:8804:1f80:5ac::/64  fe80::cad7:19ff:fe5f:5cd1
 15    291 2600:8804:1f80:5ac:67:4f43:6913:259c/128
                                    On-link
 15    291 2600:8804:1f80:5ac:107e:b9f3:9b5b:4f0a/128
                                    On-link
 15    291 fdbb:9f9a:426d::/64      On-link
 15    291 fdbb:9f9a:426d:0:67:4f43:6913:259c/128
                                    On-link
 15    291 fdbb:9f9a:426d:0:107e:b9f3:9b5b:4f0a/128
                                    On-link
 15    291 fe80::/64                On-link
 15    291 fe80::67:4f43:6913:259c/128
                                    On-link
  1    331 ff00::/8                 On-link
 15    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/15/2018 05:46:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.16299.15, time stamp: 0x7640753d
Faulting module name: msxml6.dll, version: 6.30.16299.98, time stamp: 0x7339c6c8
Exception code: 0xc0000005
Fault offset: 0x000000000008c3e0
Faulting process id: 0x2f78
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (03/14/2018 10:25:58 AM) (Source: ESENT) (User: )
Description: Windows.Media.Import.PhotoImport (1184,D,0) Windows.Media.Import.PhotoImport: The database engine detected multiple threads illegally using the same database session to perform database operations.

    SessionId: 0x00000267615E0920

    Session-context: 0x00000000

    Session-context ThreadId: 0x0000000000000000

    Current ThreadId: 0x0000000000003278

    Session-trace:

Error: (03/13/2018 06:08:27 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/13/2018 08:10:45 AM) (Source: ESENT) (User: )
Description: Windows.Media.Import.PhotoImport (4616,D,0) Windows.Media.Import.PhotoImport: The database engine detected multiple threads illegally using the same database session to perform database operations.

    SessionId: 0x00000192448B0920

    Session-context: 0x00000000

    Session-context ThreadId: 0x0000000000000000

    Current ThreadId: 0x0000000000003D04

    Session-trace:

Error: (03/13/2018 08:10:45 AM) (Source: ESENT) (User: )
Description: Windows.Media.Import.PhotoImport (4616,D,0) Windows.Media.Import.PhotoImport: The database engine detected multiple threads illegally using the same database session to perform database operations.

    SessionId: 0x00000192448B0920

    Session-context: 0x00000000

    Session-context ThreadId: 0x0000000000000000

    Current ThreadId: 0x00000000000034CC

    Session-trace:

Error: (03/09/2018 12:39:42 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/06/2018 10:38:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.16299.15, time stamp: 0x59cda938
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0xeffc9126
Exception code: 0xc0000374
Fault offset: 0x00000000000f87bb
Faulting process id: 0x18ac
Faulting application start time: 0xLockApp.exe0
Faulting application path: LockApp.exe1
Faulting module path: LockApp.exe2
Report Id: LockApp.exe3
Faulting package full name: LockApp.exe4
Faulting package-relative application ID: LockApp.exe5

Error: (03/05/2018 08:57:27 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/02/2018 07:15:01 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/02/2018 10:00:28 AM) (Source: ESENT) (User: )
Description: Windows.Media.Import.PhotoImport (4616,D,0) Windows.Media.Import.PhotoImport: The database engine detected multiple threads illegally using the same database session to perform database operations.

    SessionId: 0x0000019244640920

    Session-context: 0x00000000

    Session-context ThreadId: 0x0000000000000000

    Current ThreadId: 0x000000000000235C

    Session-trace:


System errors:
=============
Error: (03/14/2018 07:15:22 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053BITSUnavailable{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/14/2018 07:15:22 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (03/14/2018 07:15:22 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BITS service to connect.

Error: (03/14/2018 07:15:15 AM) (Source: BROWSER) (User: )
Description: The browser was unable to update the service status bits.  The data is the error.

Error: (03/14/2018 07:14:54 AM) (Source: Service Control Manager) (User: )
Description: The AmazonMeterService service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (03/14/2018 07:14:54 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AmazonMeterService service to connect.

Error: (03/14/2018 07:14:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/14/2018 07:14:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/14/2018 07:14:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/14/2018 07:14:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (03/15/2018 05:46:07 AM) (Source: Application Error)(User: )
Description: SystemSettings.exe10.0.16299.157640753dmsxml6.dll6.30.16299.987339c6c8c0000005000000000008c3e02f7801d3bc4ad103185aC:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\msxml6.dll5fc7c9fe-1dda-457e-8e65-6ae0e9c2b301windows.immersivecontrolpanel_10.0.1.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (03/14/2018 10:25:58 AM) (Source: ESENT)(User: )
Description: Windows.Media.Import.PhotoImport1184,D,0Windows.Media.Import.PhotoImport: 0x00000267615E09200x000000000x00000000000000000x0000000000003278

Error: (03/13/2018 06:08:27 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/13/2018 08:10:45 AM) (Source: ESENT)(User: )
Description: Windows.Media.Import.PhotoImport4616,D,0Windows.Media.Import.PhotoImport: 0x00000192448B09200x000000000x00000000000000000x0000000000003D04

Error: (03/13/2018 08:10:45 AM) (Source: ESENT)(User: )
Description: Windows.Media.Import.PhotoImport4616,D,0Windows.Media.Import.PhotoImport: 0x00000192448B09200x000000000x00000000000000000x00000000000034CC

Error: (03/09/2018 12:39:42 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/06/2018 10:38:24 AM) (Source: Application Error)(User: )
Description: LockApp.exe10.0.16299.1559cda938ntdll.dll10.0.16299.248effc9126c000037400000000000f87bb18ac01d3aef78bfb1607C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exeC:\WINDOWS\SYSTEM32\ntdll.dll1eb5012f-78d7-43fb-921d-b05578f6fdacMicrosoft.LockApp_10.0.16299.15_neutral__cw5n1h2txyewyWindowsDefaultLockScreen

Error: (03/05/2018 08:57:27 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/02/2018 07:15:01 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/02/2018 10:00:28 AM) (Source: ESENT)(User: )
Description: Windows.Media.Import.PhotoImport4616,D,0Windows.Media.Import.PhotoImport: 0x00000192446409200x000000000x00000000000000000x000000000000235C


CodeIntegrity Errors:
===================================
  Date: 2018-03-16 12:52:34.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:52:33.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:37:33.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:37:33.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:37:32.754
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:37:32.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:24:00.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:24:00.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:07:25.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-03-16 12:07:25.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4906 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4906 - CyberLink Corp.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FastStone Image Viewer 5.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.9 - FastStone Soft)
FinePixViewer Ver.4.1 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.2 - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.8.47.1 - HP)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.9 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImageMixer VCD2 for FinePix (HKLM-x32\...\{934E9442-D305-4ACF-AD87-A6C11D677CB9}) (Version:  - )
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4771 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{E8A2DA8A-CA1A-4F5A-B113-6C34FCC4B6D4}) (Version: 6.0.62.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{AC8973AF-7F4C-40F4-BFE1-C02FE95ED2C2}) (Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
LibreOffice 5.4.2.2 (HKLM-x32\...\{C7ED130E-8751-4248-AB98-D059CD9E7EAA}) (Version: 5.4.2.2 - The Document Foundation)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 59.0 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0 (x64 en-US)) (Version: 59.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Protection (HKLM\...\{1CD35F26-1217-4052-A30F-172A4DD7635E}) (Version: 8.87.00 - Panda Security) Hidden
Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.01.00.0000 - Panda Security)
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
RAW FILE CONVERTER LE (HKLM-x32\...\{D680C913-5955-469D-9D88-C1940F7506D6}) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7770 - Realtek Semiconductor Corp.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.7.102.1 - Seagate)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 8053.55 MB
Available physical RAM: 4763.46 MB
Total Virtual: 9333.55 MB
Available Virtual: 5479.68 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:913 GB) (Free:820.08 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:17.28 GB) (Free:1.81 GB) NTFS
3 Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:1863.02 GB) (Free:1117.46 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-CD9L8S2

Administrator            DefaultAccount           Guest                    
Pat                      WDAGUtilityAccount       


**** End of log ****
 



#6 mavgal

mavgal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 16 March 2018 - 01:22 PM

Here are the results of AdwCleaner:  (Panda is my antivirus software)

 

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 16 18:00:49 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-14.3
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Panda, C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\pta6psqq.default\pandasecuritytb\geodata.xml
PUP.Optional.Panda, C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\pta6psqq.default\pandasecuritytb\guid.dat
PUP.Optional.Panda, C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\pta6psqq.default\pandasecuritytb\setupCfg.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paidviewpoint.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paidviewpoint.com
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E4E831E8-948F-4067-B49B-2BB6E95F4A8F}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8871F849-EAF5-475A-B8B7-734580F54DD3}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {131F8B3B-0157-4FAA-8495-814520A4132C}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {131F8B3B-0157-4FAA-8495-814520A4132C}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FB4B8174-075A-416F-B6AB-A394FD335C5E}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FB4B8174-075A-416F-B6AB-A394FD335C5E}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Panda, Plugin found: Panda Safe Web -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########



#7 mavgal

mavgal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 16 March 2018 - 04:00 PM

Here is the ESET scan results:

 

 

C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application    
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe    Win32/Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Visicom.A potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
C:\Users\Pat\Desktop\PAT's\Desktop\Other Shortcuts\Pics scrnsvr\ccsetup328.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Pat\Downloads\couponprinter.exe    a variant of Win32/Adware.Coupons.AA application    
C:\Users\Pat\Downloads\HP Downloads\HP Officejet Pro 8620 e-All-in-One Printer series Full Feature Software and Drivers - OJ8620_198.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Pat\MISC\Downloads\couponprinter.exe    a variant of Win32/Adware.Coupons.AA application    
C:\Users\Pat\MISC\Downloads\CouponPrinterCPS.exe    a variant of Win32/Adware.Coupons.AA application    
C:\Users\Pat\MISC\Downloads\HP Downloads\HP Officejet Pro 8620 e-All-in-One Printer series Full Feature Software and Drivers - OJ8620_198.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
 



#8 buddy215

buddy215

  • Moderator
  • 13,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:40 AM

Posted 18 March 2018 - 09:40 AM

Your AdwCleaner log and Eset scanner log don't show you removed/ deleted/ quarantined what they found.

While waiting for boopme to respond....I suggest you rerun AdwCleaner and click on Clean when the scan finishes.

 

If you haven't allowed Eset to remove what it found I suggest you rerun it and allow it to do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 mavgal

mavgal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 19 March 2018 - 07:55 AM

I re-ran both and removed what was found.

 

The search.searchgtp.com still shows up as my homepage on Firefox.



#10 buddy215

buddy215

  • Moderator
  • 13,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:40 AM

Posted 19 March 2018 - 08:19 AM

Try opening Firefox and clicking on Help. Then choose Restart with add-ons Disabled.

 

After doing the above.....clean up the computer using CCleaner. After installing CCleaner, close all programs including

Firefox and run CCleaner per directions below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

After disabling add-ons and cleaning the computer change the homepage back to whatever you want...blank, Google, Firefox, etc.

Did that solve the problem with the home page?

 

If after re-enabling add-ons you still have a problem with changing the home page then try resetting Firefox to its default settings.

See how to do that at How to reset Mozilla Firefox to Default Settings (2017 Help Guide)


Edited by buddy215, 19 March 2018 - 08:24 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 mavgal

mavgal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 20 March 2018 - 06:47 AM

When I downloaded CCleaner, I did not see any offers for Google Chrome or Avast, and I don't find Avast anywhere in my programs (already had Chrome). 

I had to reset Firefox before the search page finally went away.  Anyway, I have opened Firefox several times and it has stayed on my home page. 

Thank you very much



#12 buddy215

buddy215

  • Moderator
  • 13,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:40 AM

Posted 20 March 2018 - 07:00 AM

Good...you're welcome.

 

You can use the program below to check for security recommendations for what is installed on your computer.

Problems will be noted in RED. If you have questions about what it reports or would like for me to comment on it

you can post its log per instructions. Otherwise....happy surfin'

 

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users