I use Google and redirect chrome://new tab and Yahoo.

Good evening,

https://support.google.com/chrome/thread/126999166/l-accueil-sur-google-s-affiche-avec-https-newtab-ce-n-est-pas-de-mon-fait-est-ce-dangereux?hl=fr

https://support.google.com/websearch/answer/463?hl=fr#zippy=%2Cgoogle-chrome

https://support.google.com/chrome/answer/95426?hl=fr&co=GENIE.Platform%3DDesktop

https://forums.commentcamarche.net/forum/affich-37411670-newtab-installe-dans-les-onglet-de-chrome

 https://www.commentcamarche.net/telecharger/utilitaires/19335-resetbrowser/

Hello.

Download FRST.

Once downloaded, save FRST on the desktop and then right-click on FRST and choose Run as administrator which will show this:

Wait for the message the tool is ready to run to appear, then click on Scan.

Note, wait for the messages saying the scan is complete to appear.

At the end of the scan, the two reports FRST and Addition will be on the desktop.

Send the FRST and ADDITION reports to cjoint.com or to pixeldrain.com.

Then attach the two generated links from cjoint.com or pixeldrain.com in your message.

bazfile
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated.

Hello Bazfile,

Thank you very much for your response!!!

The reports are available here:

link 1: https://www.cjoint.com/c/OBisFVPCmhR 
link 2: https://www.cjoint.com/c/OBisHCpRZ1R 

Waiting for your instructions!

Nel

No infection on your PC.

PC Cleaner and Combo Cleaner should be avoided; these useless programs only clutter up PCs. I think you shouldn’t keep them, but it's up to you to choose and do as you like.

You have quite a few extensions in Chrome, and I'm not sure they're all very useful.

You have some obsolete/orphan processes.

There is an application that starts up with your PC; it's Hive-Desktop, probably related to hiveDisk, which has been on your PC since last Tuesday. Are you aware of the presence of this application?

Depending on your answer, I will make you an FRST correction script.

bazfile
Moderator/Security Contributor.
A hello, a response, and a thank you are always appreciated.

Hello Bazfile

Indeed, the adware appeared two days after installing Hivenet in C: to create a common drive larger than the one offered by Google, however, I quickly uninstalled Hivenet 24 hours later; there is probably still an app that launches at startup as you confirmed.

I removed PC Cleaner last night; I can remove Combo Cleaner without regrets as it is indeed not very useful.

On the other hand, I am surprised about the extensions because the extensions visible via the Google page (settings) are: Ghostery blocker, Google Docs offline, Google Translate, Quilbot... I’m interested to know if there are others? (only Ghostery, Google Translate, and Quilbot are useful for me).

Thank you for your help!

Nel

However, I am surprised about the extensions because the extensions visible via the Google page (settings) are: Ghostery ad blocker, Google Docs offline, Google Translate, Quilbot.

There are apparently others that are less visible.

Read carefully.

So depending on your requests, here is a correction script that will remove remnants of Hive, a remnant of Kaspersky in the security center, non-visible extensions in Chrome, obsolete/orphaned orphan processes.

This script will also remove the temporary files that clutter your hard drive, here is the list:

The following folders will be emptied:

 - Windows temporary files.
 - User temporary folders.
 - Caches, HTML5 storage areas, cookies, and history for the browsers analyzed by FRST except for Firefox clones.
 - Recent files cache.
 - Discord cache.
 - Java cache.
 - Steam HTML cache
 - Thumbnails and icons cache from the Explorer
 - BITS transfer queue (qmgr.db and qmgr*.dat files)
 - WinHTTP AutoProxy cache                                                                                                         - DNS cache
 - Recycle bin.

If you do not wish to delete the temporary files:

Just remove the command EmptyTemp: which is located at the end of the script.

FRST correction script.

Procedure to follow in the indicated order:

1- Open FRST as an administrator, to do this, right-click on FRST and choose run as administrator
2 - Copy the entire script that is in the box below:

Start:: CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction HKLM\...\Run: [Combo Cleaner] => C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe [2024064 2021-11-05] (RCS LT, UAB -> RCS LT) HKLM\...\Run: [PC Cleaner] => C:\Program Files\Avanquest\PC Cleaner\application\9.9.33904.5126\PC Cleaner.exe [7212984 2025-01-14] (PC Helpsoft (7270356 Canada Inc) -> Avanquest) HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\Run: [hiveDisk] => C:\Users\Nelly Atlan\AppData\Local\hive-desktop\update.exe [2185216 2025-02-04] () [File not signed] HKLM\...\Print\Monitors\EPSON SX410 Series 64MonitorBE: E_ILMFCE.DLL (No File) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FirewallRules: [{399EA612-2E94-4497-B32A-C302B353EA30}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => No File FirewallRules: [{B0F588EF-E918-4282-8D86-31F625116E6C}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => No File FirewallRules: [{F54D7033-9B8C-4156-B5C1-78923A6D3169}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => No File FirewallRules: [{9B036B66-6EE9-4F2C-A570-08D2C755A445}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => No File FirewallRules: [TCP Query User{E5145345-B740-40A0-A80E-C74CB5B4E296}C:\users\nelly atlan\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\nelly atlan\appdata\local\programs\opera\opera.exe => No File FirewallRules: [UDP Query User{D2E3421F-C156-4672-9D6D-9866A43EB928}C:\users\nelly atlan\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\nelly atlan\appdata\local\programs\opera\opera.exe => No File FirewallRules: [TCP Query User{8B90671C-6238-4971-8003-04925B3AECC9}C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe] => (Block) C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe => No File FirewallRules: [UDP Query User{FDF99328-AA23-4293-A2FB-317DE4A355E3}C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe] => (Block) C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe => No File CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm] CHR HKU\S-1-5-21-1151346358-4024040651-264034373-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm] C:\Users\Nelly Atlan\AppData\Local\Hive CloudBridge C:\Users\Nelly Atlan\AppData\Local\hive-desktop C:\Users\Nelly Atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hive Computing SA C:\Users\Nelly Atlan\AppData\Roaming\hive-desktop C:\Users\Nelly Atlan\.hive C:\Users\Nelly Atlan\hiveDisk_Backup C:\Users\Nelly Atlan\Downloads\hiveDisk-1.32.0 Setup.exe EmptyTemp: End::

3- Once the script is copied, click on Fix, FRST will automatically take the script that is in the clipboard.
 

Let the correction happen; once it is complete, you will be asked to restart your PC, do it as soon as you are prompted, see below.

Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send this report fixlog to https://www.cjoint.com/ or https://pixeldrain.com/ 
 

Then give the link generated by https://www.cjoint.com/ or https://pixeldrain.com/ in your response.

5- CHECK AND TELL ME IF YOUR ISSUE IS STILL PRESENT.

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.

Hello Bazfile,

I have followed all your registrations without discrimination; below is the resulting file:

https://www.cjoint.com/c/OBjoPp4DixR

However, I must specify that I did not use FRST as an administrator because it does not offer that option even when right-clicking.

In terms of results after the fix:

If I click on Google through the icon on my desktop, it works normally on the first request. If I open another page "new tab" during my work, a page: chrome://new table opens even though in the "Appearance" and "On startup" settings, everything is set up for a new page called google.com to open.

Screenshot of the Google page under adware after the fix: https://www.cjoint.com/c/OBjoVhXTsCR

Screenshot of "Appearance" settings: https://www.cjoint.com/c/OBjoZgQr8sR

Screenshot of "On startup" settings: https://www.cjoint.com/c/OBjo33Jzq4R

Thank you for your investigation

Nel

Your issue not being due to an infection, it no longer concerns the security forum, so I'm redirecting your post to the Google Chrome forum. You can try resetting Google Chrome using resetbrowser.

Your version of Windows 11 is a U.S. version, I assume that's normal.

Windows 11 Pro Version 24H2 26100.3037 (X64) Language: English (United States)

I have taken charge of your post since it was in the security forum. Since there is no infection, for my part, that will be all. Wait for more replies.

The fixlog is OK.

Uninstall FRST, rename the FRST file you downloaded to uninstall, then once the file is renamed, open it; the uninstallation will happen automatically through a PC restart.

OK I understand, thank you.

I am unable to download Resetbrowser, nothing downloads when clicking on the link.

Thank you for your efforts, awaiting your colleagues/friends!!

Nel

Bzfile, MPM 10

I just tried the Reset Browser link encapsulated by Bazfile again, thank you very much!!!!!

Everything is working perfectly, and as I work in research using Google/Google Scholar, it's a real relief.

Well done and thank you again!

Nel