Chrome homepage being set to http://go.microsoft.com/?69157 - Virus, Trojan, Spyware, and Malware Removal Help (2024)

Thank you for helping.

I did not set the registry modification nor restrictions.

However, I do recognize YY Assistant.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01

Ran by Sylar (07-12-2018 00:55:34) Run:2

Running from C:\Users\Sylar\Downloads

Loaded Profiles: Sylar (Available Profiles: Sylar & Administrator)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll => No File

BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Sylar\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll => No File

Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File

Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]

FF Plugin HKU\S-1-5-21-3001793672-494021653-3699617222-1001: @1.qq.com/npqqwebgame -> C:\Users\Sylar\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [No File]

U5 fTkBhOWeJg; <==== ATTENTION: Locked Service

S3 gkernel; \??\C:\Users\Sylar\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION

2018-12-05 23:30 - 2018-12-05 23:30 - 000000000 ____D C:\ProgramData\itranslator

2018-12-04 00:25 - 2018-12-04 00:25 - 000786952 _____ C:\ProgramData\fTkBhOWeJg

Folder: C:\ProgramData\plugcfg

File: C:\WINDOWS\SysWOW64\EXTERNAL_CPS.sys

File: C:\Users\Sylar\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE31.ini

File: C:\Users\Sylar\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini

File: C:\Users\Sylar\AppData\Roaming\QZX5.DLL

File: C:\Users\Sylar\AppData\Roaming\room_v3.dat

File: C:\Users\Sylar\AppData\Roaming\XZQMM.EXE

File: C:\Users\Sylar\AppData\Roaming\ZPYTWLV1.TXT

CustomCLSID: HKU\S-1-5-21-3001793672-494021653-3699617222-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1D2B5F7E23AA}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

ContextMenuHandlers1: [AXmp] -> {8F556DA3-987D-47b0-AA88-EB8D52FE1B99} => -> No File

ContextMenuHandlers1: [cloudmusic] -> {5C6A637C-9780-4D0F-A379-4732EDCCE7C3} => -> No File

ContextMenuHandlers1-x32: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => -> No File

ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File

ContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Task: {4112C8DC-F00F-4BB0-88CB-A928D85CAD81} - \WPD\SqmUpload_S-1-5-21-3001793672-494021653-3699617222-1001 -> No File <==== ATTENTION

Task: {415815EB-D753-4CA6-A7CC-AA825FE6FCCA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {8052C423-FBD1-4997-A3F8-3D2045274C19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {97688027-F6FB-484D-AEEF-6FB71A94D092} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {B20BD7C0-4E4A-4DA3-A3D9-078F2D729EFD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {CE729C4C-D332-4500-9D18-E5982858B4F2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {D1D26AE3-24E2-42B6-84B2-8DBF100C7DD2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

C:\Windows\System32\iTranslator.dll

EmptyTemp:

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4} => removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{C9C7334B-5657-41e1-8F79-F6AACECA05F4} => removed successfully

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945} => removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945} => removed successfully

HKLM\Software\Classes\PROTOCOLS\Handler\KuGoo => removed successfully

HKLM\Software\Classes\CLSID\{6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} => not found

HKLM\Software\Classes\PROTOCOLS\Handler\KuGoo3 => removed successfully

HKLM\Software\Classes\CLSID\{6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} => not found

HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 => removed successfully

HKU\S-1-5-21-3001793672-494021653-3699617222-1001\Software\MozillaPlugins\@1.qq.com/npqqwebgame => removed successfully

C:\Users\Sylar\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll => moved successfully

HKLM\System\CurrentControlSet\Services\fTkBhOWeJg => could not remove, key could be protected

HKLM\System\CurrentControlSet\Services\gkernel => removed successfully

gkernel => service removed successfully

C:\ProgramData\itranslator => moved successfully

Could not move "C:\ProgramData\fTkBhOWeJg" => Scheduled to move on reboot.

========================= Folder: C:\ProgramData\plugcfg ========================

====== End of Folder: ======

========================= File: C:\WINDOWS\SysWOW64\EXTERNAL_CPS.sys ========================

C:\WINDOWS\SysWOW64\EXTERNAL_CPS.sys

File is digitally signed

MD5: 416FC55FA5576273D4F3E198C4B19F41

Creation and modification date: 2018-11-30 19:21 - 2018-12-06 16:54

Size: 000116552

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

====== End of File: ======

========================= File: C:\Users\Sylar\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE31.ini ========================

C:\Users\Sylar\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE31.ini

File not signed

MD5: 7B3BAEA616239D28CE9D8A2D8647E782

Creation and modification date: 2016-08-23 20:38 - 2018-08-28 01:01

Size: 000000024

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

VirusTotal: 0

====== End of File: ======

========================= File: C:\Users\Sylar\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini ========================

C:\Users\Sylar\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini

File not signed

MD5: A9BEFAC5C777679EAB96524101CF1528

Creation and modification date: 2016-10-04 21:51 - 2016-12-26 15:22

Size: 000001253

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

VirusTotal: 0

====== End of File: ======

========================= File: C:\Users\Sylar\AppData\Roaming\QZX5.DLL ========================

C:\Users\Sylar\AppData\Roaming\QZX5.DLL

File is digitally signed

MD5: F9805D450B09C67BB4B395BF7D21FC2D

Creation and modification date: 2016-11-03 16:58 - 2016-11-03 16:58

Size: 000696728

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

====== End of File: ======

========================= File: C:\Users\Sylar\AppData\Roaming\room_v3.dat ========================

C:\Users\Sylar\AppData\Roaming\room_v3.dat

File not signed

MD5: E3B9F2EBC561DD9A6FDF2DA509597D8D

Creation and modification date: 2015-09-28 17:39 - 2015-09-28 17:39

Size: 000045270

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

VirusTotal: 0

====== End of File: ======

========================= File: C:\Users\Sylar\AppData\Roaming\XZQMM.EXE ========================

C:\Users\Sylar\AppData\Roaming\XZQMM.EXE

File is digitally signed

MD5: A23ABEBC5A56C66222BE9BDD0D7781B0

Creation and modification date: 2016-10-27 00:24 - 2016-10-27 00:24

Size: 001410752

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

VirusTotal: 0

====== End of File: ======

========================= File: C:\Users\Sylar\AppData\Roaming\ZPYTWLV1.TXT ========================

C:\Users\Sylar\AppData\Roaming\ZPYTWLV1.TXT

File is digitally signed

MD5: 64EDCCA1855A10B8DE1CEF886CC3E6EB

Creation and modification date: 2015-11-05 11:14 - 2015-11-05 11:14

Size: 001153208

Attributes: ----A

Company Name:

Internal Name:

Original Name:

Product:

Description:

File Version:

Product Version:

Copyright:

VirusTotal: 0

====== End of File: ======

HKU\S-1-5-21-3001793672-494021653-3699617222-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-1D2B5F7E23AA} => removed successfully

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AXmp => removed successfully

HKLM\Software\Classes\CLSID\{8F556DA3-987D-47b0-AA88-EB8D52FE1B99} => not found

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\cloudmusic => removed successfully

HKLM\Software\Classes\CLSID\{5C6A637C-9780-4D0F-A379-4732EDCCE7C3} => not found

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\YunShellExt => removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790} => not found

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => removed successfully

HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\YunShellExt => removed successfully

HKLM\Software\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790} => not found

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4112C8DC-F00F-4BB0-88CB-A928D85CAD81}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4112C8DC-F00F-4BB0-88CB-A928D85CAD81}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3001793672-494021653-3699617222-1001" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{415815EB-D753-4CA6-A7CC-AA825FE6FCCA}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{415815EB-D753-4CA6-A7CC-AA825FE6FCCA}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8052C423-FBD1-4997-A3F8-3D2045274C19}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8052C423-FBD1-4997-A3F8-3D2045274C19}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97688027-F6FB-484D-AEEF-6FB71A94D092}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97688027-F6FB-484D-AEEF-6FB71A94D092}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B20BD7C0-4E4A-4DA3-A3D9-078F2D729EFD}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B20BD7C0-4E4A-4DA3-A3D9-078F2D729EFD}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE729C4C-D332-4500-9D18-E5982858B4F2}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE729C4C-D332-4500-9D18-E5982858B4F2}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1D26AE3-24E2-42B6-84B2-8DBF100C7DD2}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D26AE3-24E2-42B6-84B2-8DBF100C7DD2}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found

"C:\Windows\System32\iTranslator.dll" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18381934 B

Java, Flash, Steam htmlcache => 749467388 B

Windows/system/drivers => 27441138 B

Edge => 4608 B

Chrome => 427836334 B

Firefox => 33628351 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 0 B

LocalService => 0 B

NetworkService => 4534 B

NetworkService => 0 B

Sylar => 120647135 B

Administrator => 43206 B

RecycleBin => 98 B

EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-12-2018 00:57:27)

C:\ProgramData\fTkBhOWeJg => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\fTkBhOWeJg => could not remove, key could be protected

==== End of Fixlog 00:57:27 ====


Edited by kennethikki, 06 December 2018 - 12:07 PM.

Chrome homepage being set to http://go.microsoft.com/?69157 - Virus, Trojan, Spyware, and Malware Removal Help (2024)

FAQs

Is the Chrome virus warning real? ›

Pop-ups on web pages or in your browser are always fake. 📌 Note: Don't mix up virus alerts with browser security warnings. Browsers often warn you about unsafe websites, but those aren't virus alerts.

How do I get rid of fake Google Chrome virus? ›

To remove the virus, you should:
  1. Open Chrome.
  2. Click on the three dots in the top right corner to open the drop-down menu.
  3. Scroll down to Settings.
  4. Once in settings, go to Advanced > Reset and clean up.
  5. Click Clean up computer and select Find harmful software.
  6. Delete any malicious programs found in the browser.
Feb 23, 2024

How do I remove Trojan virus from Chrome? ›

  1. Step 1: Remove malware.
  2. Step 2: Remove untrusted browser extensions. If you use Chrome, uninstall Chrome browser extensions that are unnecessary, untrusted, or from sources outside the Chrome Web Store. ...
  3. Step 3: Reset your browser settings. ...
  4. Step 4: Update your operating system. ...
  5. Step 5: Do a Security Checkup.

How to check if Chrome is infected? ›

You might have unwanted software or malware installed on your computer if you experience:
  1. Pop-up ads and new tabs that won't go away.
  2. Your Chrome homepage or search engine keeps changing without your permission.
  3. Unwanted Chrome extensions or toolbars keep coming back.

What does a fake Google security alert look like? ›

Google alert scams usually come from fake email addresses with random numbers or letters and misspellings. Real Google critical security alert emails we've seen were mostly sent from no-reply@accounts.google.com. If you received an email from a different address or a suspicious one, it's likely to be a scam.

How to know if it's a fake virus warning? ›

How to spot a fake virus alert
  • The warning is from a security system you don't have. ...
  • The pop-up URL doesn't match with the website of the company that supposedly sent the warning. ...
  • The warning urges immediate action. ...
  • You are asked for a payment or remote access to your computer.
Dec 11, 2023

Does deleting a trojan get rid of it? ›

Can Trojan viruses be removed? Trojan viruses can be removed in various ways. If you know which software contains the malware, you can simply uninstall it. However, the most effective way to remove all traces of a Trojan virus is to install antivirus software capable of detecting and removing Trojans.

Does resetting Chrome remove viruses? ›

If you choose to remove everything and reset, then absolutely it will remove the viruses and the malware from your system. But if you choose to keep the apps and the files and then reset then there will be a chance that it will not remove the malware from your system.

How do you clean up a trojan virus? ›

Installing and using a trusted antivirus solution is also one of the top ways to get rid of trojans. An effective antivirus program searches for valid trust and app behavior, as well as trojan signatures in files in order to detect, isolate and then promptly remove them.

Is my browser hijacked? ›

Warning signs of browser hijackers

Look out for the following warning signs: Redirected searches: Instead of navigating to your desired webpage, you find yourself on a completely different website, potentially an unsafe website. Frequent pop-ups: Your browser is flooded with pop-up ads every time you're online.

How do I disinfect Google Chrome? ›

How to Use the Chrome Cleanup Tool on Windows
  1. Open the menu at the top of Chrome and select Settings.
  2. Scroll to the bottom of the page, then select Advanced.
  3. Scroll down to the Reset and clean up section, then select Clean up computer.
  4. Select Find.
Feb 12, 2024

Does Chrome have built-in virus protection? ›

Chrome is secure by default, protecting you from dangerous and deceptive sites that might steal your passwords or infect your computer. Advanced technologies, such as site isolation, sandboxing, and predictive phishing protections, keep you and your data safe.

Why do I keep getting notifications from Chrome saying I have a virus? ›

What is actually happening in cases like these are that a website has hidden permissions (usually consented to within their cookies message) that allows the site to manage the user's Google Chrome settings. By doing so, the site is able to send notifications via Chrome.

Why am I getting security warnings on Chrome? ›

Phishing and malware detection is turned on by default in Chrome. When you encounter phishing, malware, unwanted software or social engineering sites, you may get a red warning that says 'Dangerous site'. If you see this warning, we recommend that you don't visit the site.

What to do if Chrome says virus detected? ›

You can perform a few different workarounds to bypass this message, depending on what's causing it.
  1. Change Chrome's Security Settings. Google Chrome's Safe Browsing feature helps keep your browsing experience safe. ...
  2. Temporarily Disable the Security Program. ...
  3. Disable Virus Scanning for Downloads.
Feb 21, 2024

Does Chrome have virus detection? ›

Google Chrome virus scan usually runs automatically if you download a file or if it suspects some malicious activity. However, it does not perform real-time background checks like more advanced anti-malware software – it just scans your system when asked.

Top Articles
Latest Posts
Article information

Author: Nathanial Hackett

Last Updated:

Views: 6046

Rating: 4.1 / 5 (72 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Nathanial Hackett

Birthday: 1997-10-09

Address: Apt. 935 264 Abshire Canyon, South Nerissachester, NM 01800

Phone: +9752624861224

Job: Forward Technology Assistant

Hobby: Listening to music, Shopping, Vacation, Baton twirling, Flower arranging, Blacksmithing, Do it yourself

Introduction: My name is Nathanial Hackett, I am a lovely, curious, smiling, lively, thoughtful, courageous, lively person who loves writing and wants to share my knowledge and understanding with you.