My Google Chrome Invaded by ebay homepage

**Malnutrition** · 03-02-2017, 11:24 PM

Ok, lets do this…

Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

After delfix has ran, then redownload the FRST and fixlist then run the fix.

**GrahamKnott** · 03-02-2017, 11:38 PM

I’m very sorry, but I’ve done everything correctly - deleted all previous items and reinstalled the FRST software - and I keep getting the same negative messages. I’m sorry to have put you to all this trouble.

**Malnutrition** · 03-02-2017, 11:43 PM

You need to have the Fixlist and FRST side by side.

[ATTACH]1735[/ATTACH]

**GrahamKnott** · 03-02-2017, 11:46 PM

This doesn’t happen. Everytime I download FRST all I get now is the single FRST64.exe file. . . no fixlist at all.

**Malnutrition** · 03-02-2017, 11:53 PM

Download the fixlist from the link below…

Forums - PC Help Forum

https://pchelpforum.net/attachments/fixlist-txt.1734/

PCHF Forums

**GrahamKnott** · 03-03-2017, 10:46 AM

Hi
Well, this time I succeeded in downloading both files. Also, after dragging them on to the desktop, I managed to run them both according to your instructions; that is I first ran the Scan option, then Fix. So now I have a substantial Fixlog.txt file sitting in Notepad. and there it’ll stay (untouched) until further notice.

A few points in passing: I’m still bedevilled by the ebay homepage on my edition of Chrome - but I assume this is still work in progress. Secondly, I still can’t do any screenshots, which is baffling. Thirdly, on each occasion I reboot the laptop, I find myself locked out of my google email inbox. There is a workaround (i.e. getting google to phone me back with a new security number etc). Nevertheless, I find it hard to believe there isn’t a connection linking these three issues. Maybe it’s just a coincidence, but right now I wouldn’t put any money on it. I guess, though, I’m prejudging the situation before its completion.

In the meantime, many thanks for all your help. It’s much appreciated, believe me.

**Malnutrition** · 03-03-2017, 01:15 PM

Please run adware cleaner the post that log.

**GrahamKnott** · 03-03-2017, 08:50 PM

Have now run AdwCleaner: 0 threats detected. Details of logfile:
[HEADING=1]AdwCleaner v6.044 - Logfile created 03/03/2017 at 20:43:05[/HEADING]
[HEADING=1]Updated on 28/02/2017 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2017-03-02.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 8.1 (X64)[/HEADING]
[HEADING=1]Username : GeeKay - GEEKAY-PC[/HEADING]
[HEADING=1]Running from : C:\Users\GeeKay\Downloads\adwcleaner_6.044.exe[/HEADING]
[HEADING=1]Mode: Scan[/HEADING]
[HEADING=1]Support : Malwarebytes Help Center[/HEADING]
***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

**Malnutrition** · 03-04-2017, 02:12 AM

Can you please post the fixlog.txt and confirm that you have completed the Mcafee removal tool and the Ccleaner steps please.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

**GrahamKnott** · 03-04-2017, 09:48 PM

I downloaded the ZHP scan and it came up with two suspects:

Superfluous.Empty
Heuristic Suspect

These were both ‘repaired’. It did ask this question, though: "Have you installed this server? 194.168.4.100.168.168.7.100." Surmising that this might be my Virgin Media superhub/browser, I declined to have it deleted.

Other than that no change on the issues front.

**Malnutrition** · 03-04-2017, 09:49 PM

I need to see the logs please.

**GrahamKnott** · 03-04-2017, 09:52 PM

Maybe I did it wrong, but I’m afraid it never presented me with any logs, other than those two suspects I cited just now.
Update: yes, there is a log:

~ ZHPCleaner v2017.3.4.39 by Nicolas Coolman (2017/03/04)
~ Run by GeeKay (Administrator) (04/03/2017 21:37:59)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\GeeKay\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\GeeKay\AppData\Roaming\ZHP\ZHPCleaner_Qua rantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (0)
~ No malicious or unnecessary items found.

—\ Hosts file (0)
~ No malicious or unnecessary items found.

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (1)
MOVED file: C:\Windows\Installer\wix{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}.SchedServiceConfig.rmi =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (1)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect

—\ Summary of the elements found (2)
Logiciels Potentiellement Superflus (LPS). - ZAM =>.Superfluous.Empty
Heuristic Suspect, 1 Logiciel Indésirable. - ZAM =>Heuristic.Suspect

—\ Other deletions. (23)
~ Registry Keys Tracing deleted (23)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

—\ Statistics
~ Items scanned : 270
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 2

~ End of clean in 00h01mn03s
~====================
ZHPCleaner-[R]-04032017-21_39_02.txt
ZHPCleaner--04032017-21_36_30.txt

**Malnutrition** · 03-04-2017, 09:55 PM

I would like to see the fixlog generated by FRST as well.

ZHP Diag Scan

Download ZHP Diag to your desktop.

Right Click Run as Admin.
2. Click the Scanner button.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/

PCHF Forums

When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.

**GrahamKnott** · 03-04-2017, 09:59 PM

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by GeeKay (03-03-2017 10:10:10) Run:1
Running from C:\Users\GeeKay\Desktop
Loaded Profiles: GeeKay (Available Profiles: GeeKay)
Boot Mode: Normal[/HEADING]
fixlist content:

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
RemoveProxy:
ShellIconOverlayIdentifiers: [ SkyDrive1] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => → No File
ShellIconOverlayIdentifiers: [ SkyDrive2] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => → No File
ShellIconOverlayIdentifiers: [ SkyDrive3] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => → No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] → {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => → No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => → No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => → No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => → No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] → {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => → No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip..\Interfaces{439E6F4A-0195-470D-9A0C-C69C5E54327D}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip..\Interfaces{8D0A7DAF-FE88-4176-A2AA-77908C023D2E}: [DhcpNameServer] 194.168.4.100 194.168.8.100
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-1470319812-4169542574-1874696523-1001 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1470319812-4169542574-1874696523-1001 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
CHR HomePage: Default → hxxp://fra1-ib.adnxs.com/click?95Dwvb_BCED3kPC9v8EIQAAAAAAAADRAlONx-HTCCEA7pYP1f44NQK03gMQ2n619DIfl7jnQ9DYiH7hYAAAAAAW PNwDLAQAAWAQAAAIAAADe47wDjNUHAAAAAABVU0QAVVNEACwB-gCYYgAAAAABAgUCAQAAAJYABSeWtgAAAAA./cnd=!nwkixgiH38cHEN7H8x0YjKsfIAAoipqc6gwxAAAAAAAAA AA./bn=74885/referrer=hxxp://www.wired.co.uk/article/nokia-3310-…5&ff20=55&mpcr=101495645&rvr_id=1176100182397
S2 0125851392893527mcinstcleanup; C:\Users\GeeKay\AppData\Local\Temp\012585~1.EXE -cleanup -nolog <==== ATTENTION
C:\Users\GeeKay\AppData\Local\Temp\012585~1.EXE
2017-03-02 12:00 - 2016-10-08 11:03 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-03-02 12:00 - 2015-05-18 13:36 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-02-14 17:59 - 2016-10-11 18:14 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 17:59 - 2016-10-11 18:14 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-04-25 23:15 - 2012-09-07 11:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 23:15 - 2009-07-22 10:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 23:15 - 2012-09-07 11:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts:
MSCONFIG\startupreg: Adobe ARM => “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
MSCONFIG\startupreg: Adobe Reader Speed Launcher => “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe”
MSCONFIG\startupreg: ASUSPRP => “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent 64.exe
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => “C:\WINDOWS\system32\hkcmd.exe”
MSCONFIG\startupreg: IgfxTray => “C:\WINDOWS\system32\igfxtray.exe”
MSCONFIG\startupreg: mcpltui_exe => “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
2017-03-02 19:31 - 2017-03-02 19:31 - 00098816 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32a pi.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00110080 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\pywint ypes27.dll
2017-03-02 19:31 - 2017-03-02 19:31 - 00364544 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\python com27.dll
2017-03-02 19:31 - 2017-03-02 19:31 - 00320512 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32c om.shell.shell.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00914432 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_hashli b.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01176576 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.core.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00806400 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.gdi.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00816128 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.windows.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01067008 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.controls.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00733184 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.misc.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00682496 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\pysqli te2._sqlite.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00088064 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_ctypes .pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00686080 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\unicod edata.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00119808 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32f ile.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00108544 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32s ecurity.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00007168 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\hashob js_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00017920 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\thumbn ails_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00088064 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\usb_ex t.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00012800 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\common .time34.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00018432 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32e vent.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00167936 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32g ui.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00046080 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_socket .pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01303552 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_ssl.py d
2017-03-02 19:31 - 2017-03-02 19:31 - 00128512 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_elemen ttree.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00127488 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\pyexpa t.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00038912 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32i net.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00036864 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_psutil _windows.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00524248 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\window s._lib_cacheinvalidation.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00011264 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32c rypt.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00123392 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx._wi zard.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00077312 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx._ht ml2.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00027648 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_multip rocessing.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00020480 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082_yappi. pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00035840 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32p rocess.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00078848 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx._an imate.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00024064 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32p ipe.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00010240 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\select .pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00025600 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32p dh.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00017408 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32p rofile.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00022528 ____R () C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32t s.pyd
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_ 0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: {DF66ACE5-F88C-4C5D-B998-9C37E44228F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C00EE1C9-4099-43B3-80B2-8987E75BDEBB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {CF9F1413-8F3F-4086-A529-ED47D78B51D2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_ 0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {D3854540-35DC-485C-B113-4DD4D9AD6C35} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B821D171-F24E-41E4-B58B-80AE9ED19C0D} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {1CA0BA10-31EE-4AAC-9A7E-46DECB4F3E82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2B1907C2-6CFC-4E2E-B3CF-C75E437941AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {2E28DC43-A2E4-4ED3-B75E-D024369CD539} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {4141AAF1-9698-4560-B32D-8BFCB440267A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
reboot:
End

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKCR\CLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKCR\CLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKCR\CLSID{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellIconOverlayIdentifiers\KAVOverlayIcon => key removed successfully
HKCR\CLSID{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\ShellIconOverlayIdentifiers\KAVO verlayIcon => key removed successfully
HKCR\Wow6432Node\CLSID{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{439E6F4A-0195-470D-9A0C-C69C5E54327D}\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{8D0A7DAF-FE88-4176-A2AA-77908C023D2E}\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
Chrome HomePage => removed successfully
HKLM\System\CurrentControlSet\Services\01258513928 93527mcinstcleanup => key removed successfully
0125851392893527mcinstcleanup => service removed successfully
“C:\Users\GeeKay\AppData\Local\Temp\012585~1.EXE” => not found.
C:\WINDOWS\System32\Tasks\ASUS Live Update1 => moved successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update2 => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
Could not move “C:\WINDOWS\system32\Drivers\etc\hosts” => Scheduled to move on reboot.
Could not move “C:\Windows\System32\Drivers\etc\hosts” => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSPRP => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAudioFilterAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DisableS3S4 => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcpltui_exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartAudio => key removed successfully
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 api.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\pywin types27.dll” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\pytho ncom27.dll” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 com.shell.shell.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_hashl ib.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.core.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.gdi.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.windows.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.controls.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx.misc.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\pysql ite2._sqlite.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_ctype s.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\unico dedata.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 file.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 security.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\hasho bjs_ext.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\thumb nails_ext.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\usb_e xt.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\commo n.time34.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 event.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 gui.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_socke t.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_ssl.p yd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_eleme nttree.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\pyexp at.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 inet.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_psuti l_windows.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\windo ws._lib_cacheinvalidation.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 crypt.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx._w izard.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx._h tml2.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_multi processing.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082_yappi .pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 process.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\wx._a nimate.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 pipe.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\selec t.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 pdh.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 profile.pyd” => not found.
“C:\Users\GeeKay\AppData\Local\Temp_MEI51082\win32 ts.pyd” => not found.
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DF66ACE 5-F88C-4C5D-B998-9C37E44228F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DF66ACE 5-F88C-4C5D-B998-9C37E44228F7} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C00EE1C 9-4099-43B3-80B2-8987E75BDEBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C00EE1C 9-4099-43B3-80B2-8987E75BDEBB} => key removed successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{CF9F141 3-8F3F-4086-A529-ED47D78B51D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CF9F141 3-8F3F-4086-A529-ED47D78B51D2} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{D385454 0-35DC-485C-B113-4DD4D9AD6C35} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D385454 0-35DC-485C-B113-4DD4D9AD6C35} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{B821D17 1-F24E-41E4-B58B-80AE9ED19C0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B821D17 1-F24E-41E4-B58B-80AE9ED19C0D} => key removed successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{1CA0BA1 0-31EE-4AAC-9A7E-46DECB4F3E82} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1CA0BA1 0-31EE-4AAC-9A7E-46DECB4F3E82} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2B1907C 2-6CFC-4E2E-B3CF-C75E437941AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2B1907C 2-6CFC-4E2E-B3CF-C75E437941AF} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2E28DC4 3-A2E4-4ED3-B75E-D024369CD539} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2E28DC4 3-A2E4-4ED3-B75E-D024369CD539} => key removed successfully
C:\WINDOWS\System32\Tasks\Intel\Intel Telemetry 2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel\In tel Telemetry 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{4141AAF 1-9698-4560-B32D-8BFCB440267A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{4141AAF 1-9698-4560-B32D-8BFCB440267A} => key removed successfully
C:\WINDOWS\System32\Tasks\Update Checker => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker => key removed successfully

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18617986 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 11456 B
Edge => 0 B
Chrome => 43104013 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
GeeKay => 75740596 B

RecycleBin => 22629046 B
EmptyTemp: => 160.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-03-2017 10:14:07)

C:\WINDOWS\system32\Drivers\etc\hosts => Is moved successfully
Could not restore Hosts.
C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Could not restore Hosts.

==== End of Fixlog 10:14:08 ====

**GrahamKnott** · 03-04-2017, 10:11 PM

ZHP Run as Administrator.
~ ZHPCleaner v2017.3.4.39 by Nicolas Coolman (2017/03/04)
~ Run by GeeKay (Administrator) (04/03/2017 22:02:58)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\GeeKay\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\GeeKay\AppData\Roaming\ZHP\ZHPCleaner_Qua rantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (0)
~ No malicious or unnecessary items found.

—\ Hosts file (0)
~ No malicious or unnecessary items found.

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.

—\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.

—\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

—\ Statistics
~ Items scanned : 69093
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0

~ End of search in 00h06mn15s
~====================
ZHPCleaner-[R]-04032017-21_39_02.txt
ZHPCleaner--04032017-21_36_30.txt
ZHPCleaner--04032017-22_09_13.txt

My Google Chrome Invaded by ebay homepage

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment