My Google Chrome Invaded by ebay homepage

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Hi
Well, this time I succeeded in downloading both files. Also, after dragging them on to the desktop, I managed to run them both according to your instructions; that is I first ran the Scan option, then Fix. So now I have a substantial Fixlog.txt file sitting in Notepad. and there it'll stay (untouched) until further notice.

A few points in passing: I'm still bedevilled by the ebay homepage on my edition of Chrome - but I assume this is still work in progress. Secondly, I still can't do any screenshots, which is baffling. Thirdly, on each occasion I reboot the laptop, I find myself locked out of my google email inbox. There is a workaround (i.e. getting google to phone me back with a new security number etc). Nevertheless, I find it hard to believe there isn't a connection linking these three issues. Maybe it's just a coincidence, but right now I wouldn't put any money on it. I guess, though, I'm prejudging the situation before its completion.

In the meantime, many thanks for all your help. It's much appreciated, believe me.
 
Please run adware cleaner the post that log.
 
Have now run AdwCleaner: 0 threats detected. Details of logfile:
# AdwCleaner v6.044 - Logfile created 03/03/2017 at 20:43:05
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : GeeKay - GEEKAY-PC
# Running from : C:\Users\GeeKay\Downloads\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.
 
Can you please post the fixlog.txt and confirm that you have completed the Mcafee removal tool and the Ccleaner steps please.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png


The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.
 
I downloaded the ZHP scan and it came up with two suspects:

1) Superfluous.Empty
2) Heuristic Suspect

These were both 'repaired'. It did ask this question, though: "Have you installed this server? 194.168.4.100.168.168.7.100." Surmising that this might be my Virgin Media superhub/browser, I declined to have it deleted.

Other than that no change on the issues front.
 
Maybe I did it wrong, but I'm afraid it never presented me with any logs, other than those two suspects I cited just now.
Update: yes, there is a log:

~ ZHPCleaner v2017.3.4.39 by Nicolas Coolman (2017/03/04)
~ Run by GeeKay (Administrator) (04/03/2017 21:37:59)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\GeeKay\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\GeeKay\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (0)
~ No malicious or unnecessary items found.


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (1)
MOVED file: C:\Windows\Installer\wix{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}.SchedServiceConfig.rmi =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (1)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect


---\\ Summary of the elements found (2)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (23)
~ Registry Keys Tracing deleted (23)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 270
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 2


~ End of clean in 00h01mn03s
~====================
ZHPCleaner-[R]-04032017-21_39_02.txt
ZHPCleaner--04032017-21_36_30.txt
 
I would like to see the fixlog generated by FRST as well. :)

ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.
2. Click the Scanner button.

upload_2017-2-23_3-32-26-png.1647



When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by GeeKay (03-03-2017 10:10:10) Run:1
Running from C:\Users\GeeKay\Desktop
Loaded Profiles: GeeKay (Available Profiles: GeeKay)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
RemoveProxy:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => -> No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{439E6F4A-0195-470D-9A0C-C69C5E54327D}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{8D0A7DAF-FE88-4176-A2AA-77908C023D2E}: [DhcpNameServer] 194.168.4.100 194.168.8.100
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-1470319812-4169542574-1874696523-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1470319812-4169542574-1874696523-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
CHR HomePage: Default -> hxxp://fra1-ib.adnxs.com/click?95Dwvb_BCED3kPC9v8EIQAAAAAAAADRAlONx-HTCCEA7pYP1f44NQK03gMQ2n619DIfl7jnQ9DYiH7hYAAAAAAWPNwDLAQAAWAQAAAIAAADe47wDjNUHAAAAAABVU0QAVVNEACwB-gCYYgAAAAABAgUCAQAAAJYABSeWtgAAAAA./cnd=!nwkixgiH38cHEN7H8x0YjKsfIAAoipqc6gwxAAAAAAAAAAA./bn=74885/referrer=hxxp://www.wired.co.uk/article/nokia-3310-...5&ff20=55&mpcr=101495645&rvr_id=1176100182397
S2 0125851392893527mcinstcleanup; C:\Users\GeeKay\AppData\Local\Temp\012585~1.EXE -cleanup -nolog [X] <==== ATTENTION
C:\Users\GeeKay\AppData\Local\Temp\012585~1.EXE
2017-03-02 12:00 - 2016-10-08 11:03 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-03-02 12:00 - 2015-05-18 13:36 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-02-14 17:59 - 2016-10-11 18:14 - 00003860 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 17:59 - 2016-10-11 18:14 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-04-25 23:15 - 2012-09-07 11:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 23:15 - 2009-07-22 10:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 23:15 - 2012-09-07 11:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
C:\WINDOWS\system32\Drivers\etc\hosts
Hosts:
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
2017-03-02 19:31 - 2017-03-02 19:31 - 00098816 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32api.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00110080 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pywintypes27.dll
2017-03-02 19:31 - 2017-03-02 19:31 - 00364544 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pythoncom27.dll
2017-03-02 19:31 - 2017-03-02 19:31 - 00320512 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32com.shell.shell.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00914432 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_hashlib.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01176576 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._core_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00806400 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._gdi_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00816128 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._windows_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01067008 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._controls_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00733184 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._misc_.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00682496 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pysqlite2._sqlite.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00088064 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_ctypes.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00686080 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\unicodedata.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00119808 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32file.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00108544 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32security.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00007168 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\hashobjs_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00017920 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\thumbnails_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00088064 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\usb_ext.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00012800 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\common.time34.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00018432 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32event.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00167936 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32gui.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00046080 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_socket.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 01303552 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_ssl.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00128512 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_elementtree.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00127488 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pyexpat.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00038912 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32inet.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00036864 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_psutil_windows.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00524248 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\windows._lib_cacheinvalidation.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00011264 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32crypt.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00123392 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._wizard.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00077312 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._html2.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00027648 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_multiprocessing.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00020480 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_yappi.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00035840 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32process.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00078848 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._animate.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00024064 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32pipe.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00010240 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\select.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00025600 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32pdh.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00017408 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32profile.pyd
2017-03-02 19:31 - 2017-03-02 19:31 - 00022528 ____R () C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32ts.pyd
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {DF66ACE5-F88C-4C5D-B998-9C37E44228F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C00EE1C9-4099-43B3-80B2-8987E75BDEBB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {CF9F1413-8F3F-4086-A529-ED47D78B51D2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {D3854540-35DC-485C-B113-4DD4D9AD6C35} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B821D171-F24E-41E4-B58B-80AE9ED19C0D} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {1CA0BA10-31EE-4AAC-9A7E-46DECB4F3E82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2B1907C2-6CFC-4E2E-B3CF-C75E437941AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {2E28DC43-A2E4-4ED3-B75E-D024369CD539} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {4141AAF1-9698-4560-B32D-8BFCB440267A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
reboot:
End


*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KAVOverlayIcon => key removed successfully
HKCR\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KAVOverlayIcon => key removed successfully
HKCR\Wow6432Node\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{439E6F4A-0195-470D-9A0C-C69C5E54327D}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8D0A7DAF-FE88-4176-A2AA-77908C023D2E}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1470319812-4169542574-1874696523-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
Chrome HomePage => removed successfully
HKLM\System\CurrentControlSet\Services\0125851392893527mcinstcleanup => key removed successfully
0125851392893527mcinstcleanup => service removed successfully
"C:\Users\GeeKay\AppData\Local\Temp\012585~1.EXE" => not found.
C:\WINDOWS\System32\Tasks\ASUS Live Update1 => moved successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update2 => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
Could not move "C:\WINDOWS\system32\Drivers\etc\hosts" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSPRP => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAudioFilterAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DisableS3S4 => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcpltui_exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartAudio => key removed successfully
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32api.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pywintypes27.dll" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pythoncom27.dll" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32com.shell.shell.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_hashlib.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._core_.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._gdi_.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._windows_.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._controls_.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._misc_.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pysqlite2._sqlite.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_ctypes.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\unicodedata.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32file.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32security.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\hashobjs_ext.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\thumbnails_ext.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\usb_ext.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\common.time34.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32event.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32gui.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_socket.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_ssl.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_elementtree.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\pyexpat.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32inet.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_psutil_windows.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\windows._lib_cacheinvalidation.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32crypt.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._wizard.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._html2.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_multiprocessing.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\_yappi.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32process.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\wx._animate.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32pipe.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\select.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32pdh.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32profile.pyd" => not found.
"C:\Users\GeeKay\AppData\Local\Temp\_MEI51082\win32ts.pyd" => not found.
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF66ACE5-F88C-4C5D-B998-9C37E44228F7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF66ACE5-F88C-4C5D-B998-9C37E44228F7} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C00EE1C9-4099-43B3-80B2-8987E75BDEBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C00EE1C9-4099-43B3-80B2-8987E75BDEBB} => key removed successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF9F1413-8F3F-4086-A529-ED47D78B51D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF9F1413-8F3F-4086-A529-ED47D78B51D2} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3854540-35DC-485C-B113-4DD4D9AD6C35} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3854540-35DC-485C-B113-4DD4D9AD6C35} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B821D171-F24E-41E4-B58B-80AE9ED19C0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B821D171-F24E-41E4-B58B-80AE9ED19C0D} => key removed successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CA0BA10-31EE-4AAC-9A7E-46DECB4F3E82} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CA0BA10-31EE-4AAC-9A7E-46DECB4F3E82} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B1907C2-6CFC-4E2E-B3CF-C75E437941AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B1907C2-6CFC-4E2E-B3CF-C75E437941AF} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E28DC43-A2E4-4ED3-B75E-D024369CD539} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E28DC43-A2E4-4ED3-B75E-D024369CD539} => key removed successfully
C:\WINDOWS\System32\Tasks\Intel\Intel Telemetry 2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel\Intel Telemetry 2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4141AAF1-9698-4560-B32D-8BFCB440267A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4141AAF1-9698-4560-B32D-8BFCB440267A} => key removed successfully
C:\WINDOWS\System32\Tasks\Update Checker => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker => key removed successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18617986 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 11456 B
Edge => 0 B
Chrome => 43104013 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
GeeKay => 75740596 B

RecycleBin => 22629046 B
EmptyTemp: => 160.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-03-2017 10:14:07)

C:\WINDOWS\system32\Drivers\etc\hosts => Is moved successfully
Could not restore Hosts.
C:\Windows\System32\Drivers\etc\hosts => Is moved successfully
Could not restore Hosts.

==== End of Fixlog 10:14:08 ====
 
ZHP Run as Administrator.
~ ZHPCleaner v2017.3.4.39 by Nicolas Coolman (2017/03/04)
~ Run by GeeKay (Administrator) (04/03/2017 22:02:58)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\GeeKay\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\GeeKay\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit (Build 9600)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (0)
~ No malicious or unnecessary items found.


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 69093
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h06mn15s
~====================
ZHPCleaner-[R]-04032017-21_39_02.txt
ZHPCleaner--04032017-21_36_30.txt
ZHPCleaner--04032017-22_09_13.txt
 
@GrahamKnott You posted the ZHP cleaner log twice, I need the ZHP diag log from you.

I am uploading it to this post to make things easier for you. :thumbsup:

Click here to download ZHP diag.

Also, not to worry.... So long as you follow through we should have your issue taken care of.

I'd also like you to scan with Ultra Adware Killer.
Download it to your desktop.
Right click Run as Administrator.
Scan with the tool do not remove anything.
Click on report when it is complete and post the log here...
 

Attachments

Status
Not open for further replies.
Top Bottom