Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infetected by http://orion.zerohorizon.net/ and other tips of pop-ups


  • This topic is locked This topic is locked
69 replies to this topic

#1 nickjalley

nickjalley

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 09 May 2016 - 09:00 AM

Hi guys, i have a problem when i'm surfing on internet with whatever browser(firefox,chrome and  Edge) because it opens automatically a http://orion.zerohorizon.net/  page and other tips of windows, that are an annoying pop-ups. So, i ask your help. I followed this steps

http://www.bleepingcomputer.com/forums/t/612916/i-cant-remove-orionzerohorizon-and-similar-pop-up-in-firefox/#entry3992252

but i don't have success. I attach the log of Farbar Recovery Scan Tool contained in FRST.txt and Addition.txt maybe can help you.

 

Thanks, i hope in you help.

 

==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 47%
Total physical RAM: 3481.78 MB
Available physical RAM: 1832.12 MB
Total Virtual: 4121.78 MB
Available Virtual: 2029.93 MB

 

S.O: WIndows 10 (32bit)

browser: Firefox and Chrome

 

ps: I'm trying to blocked pop-ups with extensions but it no result.

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 09 May 2016 - 01:55 PM

Hello nickjalley and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
 
Please do the following.
Scan with Zemana AntiMalware Free:
  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.
============================================================================
How are your PC and browsers  and are there still septoms ?
 
Have a nice day.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 nickjalley

nickjalley
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 10 May 2016 - 11:19 AM

Hello nickjalley and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
 
Please do the following.
Scan with Zemana AntiMalware Free:
  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.
============================================================================
How are your PC and browsers  and are there still septoms ?
 
Have a nice day.

 

 

 

Hi Yilmaz and thank you for the hospitality. I followed that steps with no result :(

 

-This is the log file:

Zemana AntiMalware 2.20.179.613 (Installato)

-------------------------------------------------------
Risultato scansione        : Completato
Data scansione             : 2016/5/10
Sistema operativo          : Windows 10 32-bit
Processore                 : 4X Intel® Core™ i3-4010U CPU @ 1.70GHz
Modalità BIOS              : Legacy
CUID                       : 00EFC8A4A9E462402B78E5
Tipo di scansione          : Scansione rapida
Durata                     : 4m 44s
Oggetti scansionati        : 21165
Oggetti rilevati           : 2
Oggetti esclusi            : 0
Livello lettura            : SCSI
Caricamento automatico     : Disattivato
Mostra tutte le estensioni : Disattivato
Scansione documenti        : Disattivato
Informazioni dominio       : WORKGROUP,0,2

Oggetti rilevati
-------------------------------------------------------

Firefox Search
Stato             : Scansionato
Oggetto           : Hoepli - http://dizionari.hoepli.it
MD5               : -
Editore           : -
Dimensione        : -
Versione          : -
Rilevamento       : Impostazione del browser sospetta
Azione pulizia    : Ripara
Tracce            :
                Impostazione del browser - Firefox Search

eclipse-inst-win32.exe
Stato             : Scansionato
Oggetto           : %userprofile%\downloads\eclipse-inst-win32.exe
MD5               : A70F9E81236D35B978A95F8D559DFB80
Editore           : Eclipse Foundation, Inc.
Dimensione        : 342528
Versione          : -
Rilevamento       : Malware:Win32/Quarand!Iiit
Azione pulizia    : Quarantena
Tracce            :
                File - %userprofile%\downloads\eclipse-inst-win32.exe


Risultati pulizia
-------------------------------------------------------
Puliti                : 2
Segnalati come sicuri : 0
Falliti               : 0
 



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 10 May 2016 - 02:20 PM

Hi again,

 

Please uninstall:

Spybot - Search and Destroy
Sophos Virus Removal Tool
SpyHunter
C:\Program Files\HitmanPro
C:\Program Files\Enigma Software Group

And PC restart now.

==============================================================

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   5.19KB   8 downloads and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 nickjalley

nickjalley
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 11 May 2016 - 06:29 AM

Hi again,

 

Please uninstall:

Spybot - Search and Destroy
Sophos Virus Removal Tool
SpyHunter
C:\Program Files\HitmanPro
C:\Program Files\Enigma Software Group

And PC restart now.

==============================================================

Step 1:
 FRST Script:
 Please download this attached attachicon.gifFixlist.txt and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

I followed this steps with this result:

 

-Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by acamm (2016-05-11 11:15:16) Run:1
Running from C:\Users\acamm\Desktop
Loaded Profiles: acamm (Available Profiles: acamm)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
Task: {07b87749-a85a-434c-855e-eec157c3e98a} - no filepath
Task: {B4924E8B-9551-4C38-924C-73BBF7D13D83} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1986231276-836688482-2304146011-1001\...\MountPoints2: {95d70f2c-fbd9-11e5-8cee-7824afa6e8f1} - "G:\HTC_Sync_Manager_PC.exe"
BootExecute: autocheck autochk * sdnclean.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
ManualProxies:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1986231276-836688482-2304146011-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-04-26] ()
C:\Users\acamm\AppData\Roaming\ZHP
C:\Users\acamm\Downloads\RegHunter-Installer.exe
C:\Program Files\Enigma Software Group
C:\Users\acamm\Downloads\SpyHunter 4 + Crack.zip
ShortcutWithArgument: C:\Users\acamm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=821637"
FirewallRules: [{947D0C93-C092-4BB7-8870-A88CC059A253}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8D631440-B234-48F1-8C53-52157B6C772A}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{8E2ECE7E-EC2A-422D-9153-7A2B525E3F8C}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{A7A0AD72-D8A4-4DF5-B978-57D28A9E1B8B}] => (Allow) C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{60F9399D-2392-471A-8451-1683C35051C3}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{3817237C-8C2D-4079-A503-E363CD44FA99}] => (Allow) C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{8EFC8815-5392-4485-A0C2-D4A94F7E2C73}C:\users\acamm\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Allow) C:\users\acamm\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [UDP Query User{F09F5338-6BF8-40B1-BFEA-5FD77526ECA8}C:\users\acamm\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Allow) C:\users\acamm\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
2016-05-08 23:44 - 2016-05-08 23:44 - 00000000 ____D C:\Users\acamm\AppData\Local\Eclipse
2016-05-08 23:36 - 2016-05-08 23:36 - 00001054 _____ C:\Users\acamm\Desktop\Eclipse Jee Mars.lnk
2016-05-08 23:36 - 2016-05-08 23:36 - 00000000 ____D C:\Users\acamm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2016-05-08 23:26 - 2016-05-08 23:26 - 00000000 ____D C:\Users\acamm\eclipse
2016-05-08 23:22 - 2016-05-08 23:44 - 00000000 ____D C:\Users\acamm\.eclipse
2016-05-08 23:18 - 2016-05-08 23:20 - 46890808 _____ C:\Users\acamm\Downloads\eclipse-inst-win32.exe
2016-04-26 18:54 - 2016-04-26 18:54 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\acamm\Downloads\SpyHunter-Installer.exe
2016-04-26 18:54 - 2016-04-26 18:54 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
C:\Windows\system32\Drivers\etc\hp.bak
2016-04-20 16:13 - 2016-04-20 16:13 - 00000000 ____D C:\Users\acamm\AppData\Roaming\qmacro
2016-04-20 16:13 - 2016-04-20 16:13 - 00000000 ____D C:\Users\acamm\AppData\Roaming\mymacro
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2016-05-02 19:17 - 2016-03-04 20:02 - 00000000 ____D C:\Users\acamm\AppData\Roaming\IObit
2016-05-02 19:17 - 2016-03-04 20:02 - 00000000 ____D C:\ProgramData\IObit
2016-05-02 19:17 - 2016-03-04 20:02 - 00000000 ____D C:\Program Files\IObit
2016-04-26 16:21 - 2016-03-05 21:18 - 00000000 ____D C:\Program Files\KMSPico 10.0.6
C:\ProgramData\DP45977C.lfl
C:\Users\acamm\ZHPCleaner.exe
C:\Users\acamm\Downloads\ckfiles.txt
C:\Users\acamm\AppData\Local\Temp\avgnt.exe
C:\Users\acamm\Downloads\SpyHunter 4 + Crack.zip
C:\Program Files\KMSPico 10.0.6
C:\Users\acamm\Downloads\Doulci_activator_v3.1
Hosts:
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
Reboot:
End




*****************

Restore point was successfully created.
Processes closed successfully.
Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07b87749-a85a-434c-855e-eec157c3e98a}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4924E8B-9551-4C38-924C-73BBF7D13D83}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4924E8B-9551-4C38-924C-73BBF7D13D83}" => key removed successfully.
C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => key removed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
"HKU\S-1-5-21-1986231276-836688482-2304146011-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d70f2c-fbd9-11e5-8cee-7824afa6e8f1}" => key removed successfully.
HKCR\CLSID\{95d70f2c-fbd9-11e5-8cee-7824afa6e8f1} => key not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Operazione completata.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Operazione completata.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Errore: Impossibile trovare la chiave del Registro di sistema o il valore specificato.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

Operazione completata.



========= End of Reg: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1986231276-836688482-2304146011-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully.
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
SpyHunter 4 Service => service not found.
esgiguard => service removed successfully.
EsgScanner => service removed successfully.
C:\Users\acamm\AppData\Roaming\ZHP => moved successfully
C:\Users\acamm\Downloads\RegHunter-Installer.exe => moved successfully
"C:\Program Files\Enigma Software Group" => not found.
C:\Users\acamm\Downloads\SpyHunter 4 + Crack.zip => moved successfully
C:\Users\acamm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk => Shortcut argument removed successfully..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{947D0C93-C092-4BB7-8870-A88CC059A253} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D631440-B234-48F1-8C53-52157B6C772A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E2ECE7E-EC2A-422D-9153-7A2B525E3F8C} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7A0AD72-D8A4-4DF5-B978-57D28A9E1B8B} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{60F9399D-2392-471A-8451-1683C35051C3} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3817237C-8C2D-4079-A503-E363CD44FA99} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8EFC8815-5392-4485-A0C2-D4A94F7E2C73}C:\users\acamm\appdata\roaming\bittorrent\updates\7.9.5_41713.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F09F5338-6BF8-40B1-BFEA-5FD77526ECA8}C:\users\acamm\appdata\roaming\bittorrent\updates\7.9.5_41713.exe => value removed successfully.
C:\Users\acamm\AppData\Local\Eclipse => moved successfully
C:\Users\acamm\Desktop\Eclipse Jee Mars.lnk => moved successfully
C:\Users\acamm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse => moved successfully
C:\Users\acamm\eclipse => moved successfully
C:\Users\acamm\.eclipse => moved successfully
"C:\Users\acamm\Downloads\eclipse-inst-win32.exe" => not found.
C:\Users\acamm\Downloads\SpyHunter-Installer.exe => moved successfully
C:\Windows\system32\Drivers\EsgScanner.sys => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\acamm\AppData\Roaming\qmacro => moved successfully
C:\Users\acamm\AppData\Roaming\mymacro => moved successfully
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB => moved successfully
C:\Users\acamm\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Program Files\IObit => moved successfully
C:\Program Files\KMSPico 10.0.6 => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\acamm\ZHPCleaner.exe => moved successfully
C:\Users\acamm\Downloads\ckfiles.txt => moved successfully
C:\Users\acamm\AppData\Local\Temp\avgnt.exe => moved successfully
"C:\Users\acamm\Downloads\SpyHunter 4 + Crack.zip" => not found.
"C:\Program Files\KMSPico 10.0.6" => not found.
C:\Users\acamm\Downloads\Doulci_activator_v3.1 => moved successfully
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

=========  ipconfig /flushdns =========


Configurazione IP di Windows

Cache del resolver DNS svuotata.

========= End of CMD: =========


=========  netsh winsock reset all =========


Reimpostazione catalogo Winsock completata.
� necessario riavviare il computer per completare l'operazione.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reimpostazione di Globale completata.
Reimpostazione di Interfaccia completata.
Reimpostazione di Indirizzo Unicast completata.
Reimpostazione di Router adiacente completata.
Reimpostazione di Percorso completata.
Reimpostazione di  non riuscita.
Accesso negato.

Reimpostazione di  completata.
Riavviare il computer per completare l'azione.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reimpostazione di Interfaccia completata.
Reimpostazione di Router adiacente completata.
Reimpostazione di Percorso completata.
Reimpostazione di  non riuscita.
Accesso negato.

Reimpostazione di  completata.
Reimpostazione di  completata.
Riavviare il computer per completare l'azione.


========= End of CMD: =========

EmptyTemp: => 858.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:17:21 ====

 

 

-AdwCleaner[S1].txt

 

# AdwCleaner v5.116 - File di log creato 11/05/2016 a 11:26:37
# Aggiornato 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Sistema Operativo : Windows 10 Home  (X86)
# Nome utente : acamm - DESKTOP-2MGB29D
# In esecuzione da : C:\Users\acamm\Desktop\adwcleaner_5.116.exe
# Opzione : Scansione
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****


***** [ File ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Collegamenti ] *****


***** [ Attività  pianificate ] *****


***** [ Registro ] *****


***** [ Browser Web ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [658 bytes] - [11/05/2016 11:26:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [730 bytes] ##########
 

-JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x86
Ran by acamm (Administrator) on 11/05/2016 at 11:39:53,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Windows\wininit.ini (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/05/2016 at 13:22:26,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Finish.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 11 May 2016 - 07:32 AM

Hi,

 

Step 1:
 Emsisoft Emergency Kit Scan:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Step 2:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 3:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 nickjalley

nickjalley
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 12 May 2016 - 04:16 AM

 

Hi,

 

Step 1:
 Emsisoft Emergency Kit Scan:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Step 2:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 3:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

 

 

Hi Yilmaz, this is the logs.

 

-RogueKiller.txt

RogueKiller V12.2.0.0 [May 10 2016] (Gratuito) di Adlice Software
posta : http://www.adlice.com/contact/
Commenti : http://forum.adlice.com
Sito Web : http://www.adlice.com/software/roguekiller/
Discussione : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.10586) 32 bits version
Iniziato in : Modalità Normale
Utente : acamm [Amministratore]
Iniziato da : C:\Users\acamm\Downloads\RogueKiller.exe
Modalità : Scansione -- Data : 05/12/2016 16:24:01

¤¤¤ Processi : 0 ¤¤¤

¤¤¤ Registro : 0 ¤¤¤

¤¤¤ Attività : 0 ¤¤¤

¤¤¤ Archivi : 0 ¤¤¤

¤¤¤ Archivio Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Caricato) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ Controllo MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 +++++
--- User ---
[MBR] 24c99baa22fd5427b39fe0ae1bee7348
[BSP] ac8f72970ea1246ecd39f2d02ec470b5 : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 101508 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 208914432 | Size: 450 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 209841091 | Size: 374475 MB
User = LL1 ... OK
User = LL2 ... OK
 

Attached Files


Edited by nickjalley, 12 May 2016 - 09:46 AM.


#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 12 May 2016 - 05:17 PM

Thank you,

 

Please do the following.

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

=========================================================================

How is the machine running now and any issues ? Please let me know.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 nickjalley

nickjalley
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 13 May 2016 - 05:21 AM

Thank you,

 

Please do the following.

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

=========================================================================

How is the machine running now and any issues ? Please let me know.

 

 

Hi again,

ESET doesn't  change the view of pop-ups :(

 

Attached Files

  • Attached File  log.txt   1.36KB   5 downloads


#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 14 May 2016 - 03:20 PM

Please do not worry.

=======================

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

================================================================

Run HitmanPro:

Please download HitmanPro 32-Bit version // 64-Bit version.

  • Launch the program by double clicking on the Hitmanicon_zpsda033e21.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => delete <= IMPORTANT!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and zip and attach it in your next reply.

====================================================================================
How is your PC now running and is there still pop-up ?
 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 nickjalley

nickjalley
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 16 May 2016 - 06:14 AM

Please do not worry.

=======================

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

================================================================

Run HitmanPro:

Please download HitmanPro 32-Bit version // 64-Bit version.

  • Launch the program by double clicking on the Hitmanicon_zpsda033e21.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => delete <= IMPORTANT!
  • Click on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your desktop and zip and attach it in your next reply.

====================================================================================
How is your PC now running and is there still pop-up ?
 

Thank you.

These are the results in log file because i couldn't to save it in XML extension. So, the pop-up resting in browser.

Attached Files


Edited by nickjalley, 16 May 2016 - 06:15 AM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 17 May 2016 - 07:27 AM

So, the pop-up resting in browser.


İs there still orion.zerohorizon.net and  pop-ups ?


Edited by olgun52, 17 May 2016 - 07:28 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 nickjalley

nickjalley
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 17 May 2016 - 10:37 AM

 

So, the pop-up resting in browser.


İs there still orion.zerohorizon.net and  pop-ups ?

 

Yes, zerohorizon remains with other pop-ups.



#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 17 May 2016 - 06:21 PM

Yes, zerohorizon remains with other pop-ups.


Step 1:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 2:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Edited by olgun52, 17 May 2016 - 06:21 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 nickjalley

nickjalley
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 18 May 2016 - 05:43 AM

 

Yes, zerohorizon remains with other pop-ups.


Step 1:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 2:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

 

these are the results.

Attached Files


Edited by nickjalley, 18 May 2016 - 05:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users