Nation Zoom / It is still there

[Niels B]

After I have done every thing Malware tips suggested, Nation Zoom Is still there. When I open Google Chrome, Nation Zoom still pops up in a second window. Now what ?

 

[Niels B]

I did perform all the scan suggested by Malware tips - but didn`t keep the log files.

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
------------------------------------------------------------------------------------------------------------------------------

STEP 1: Run a scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

------------------------------------------------------------------------------------------------------------------------------

 

[Niels B]

I did run Farbar Recovery Scan Tool. I have uploaded the results.

 

[kuttus]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.

 

[Niels B]

Here it is.

 

[kuttus]

Are you still facing the issue? If yes in which browser you are facing issues now?

 

[Niels B]

Yes. I opend Google Crome to read your message. Nation Zoom showed up in a second window.

 

[kuttus]

Press on Windows Key and R key all together on your keyboard. Now you will get a Run window. Inside that one Type Chrome and press on Ok. Now it will open a Google Chrome. Check if you are you facing issues in that one.

 

[Niels B]

It dosn´t show up there. I have uploaded a screen picture when nation zoom pops up.

 

[kuttus]

Okay. Now please check all other browsers and check if there is any Sign of this infection in any of them.

STEP 1: Run a scan with Shortcut Cleaner

1. Download Shortcut Cleaner from the below link.
   Shortcut Cleaner (This link will automatically download Security Check on your computer)
2. Close all open programs and internet browsers.
3. Double click on sc-cleaner.exe to run the tool.
4. Please post the contents of that logfile with your next reply.
5. Log file will open automatically when the scan completes.

http://www.bleepingcomputer.com/download/shortcut-cleaner/

 

[Niels B]

Done. By the way - thanks for your time. Log file uploaded.

 

[kuttus]

Now please check all other browsers and check if there is any Sign of this infection in any of them.

 

[Niels B]

It is still there as shown in the screen picture I send to you - but only in Google Crome.
Internet explorer don´t seem to have Nation Zoom.
What can we do now ?

 

[kuttus]

STEP 1: Run a scan with OTL by OldTimer

1. Download the OTL utility using the below link :
   OTL DOWNLOAD LINK (This link will automatically download OTL on your computer)
2. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
   
   
3. When the window appears, underneath Output at the top change it to Minimal Output.
4. Check the boxes beside LOP Check and Purity Check.
5. Click the Run Scan button.
   
   
6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
   Please post this 2 logs in your first reply..

Settings You need to Select in OTL

1. Click the Scan All Users checkbox.
2. Change Standard Registry to All.
3. Check the boxes beside LOP Check and Purity Check.

Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: OTL.scr, or OTL.com.

 

[Niels B]

Hi Again.
Your link OTL DOWNLOAD LINK didn´t work. I got the message 403 Forbidden. But I found it easyly on the internet.
Here is the two log files.

 

[kuttus]

Are you using any of this Programs?
Speed Up This PC, RegCure Pro, TweakNow RegCleaner 2012
If you are using it Goto Control Panel and Remove them. After that please send me a Screenshots of Programs installed on your computer.



STEP 2: Run the below OTL fix

1. Start OTL.exe
2. Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
   
   

   :OTL
   O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.10.239.244 212.10.10.5 212.10.10.4
   O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCF867B8-02E8-4580-B1B4-6E3BF4B1EB2E}: DhcpNameServer = 212.10.239.244 212.10.10.5 212.10.10.4
   O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB5BF367-83E2-41BF-B355-3C013A59E5ED}: DhcpNameServer = 212.10.239.244 212.10.10.5 212.10.10.4
   [2014/01/07 11:04:45 | 000,002,241 | ---- | M] () -- C:\Users\Niels\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
   [2014/01/06 10:48:13 | 000,001,144 | ---- | M] () -- C:\Users\Niels\AppData\Roaming\pcouffin.inf
   [2014/01/05 18:58:45 | 000,001,411 | ---- | M] () -- C:\Users\Niels\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
   [2011/06/01 09:18:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
   [2011/07/13 21:32:42 | 000,007,602 | ---- | C] () -- C:\Users\Niels\AppData\Local\Resmon.ResmonCfg
   [2012/08/07 15:25:31 | 000,008,192 | ---- | C] () -- C:\Users\Niels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [2013/12/26 21:21:54 | 000,001,144 | ---- | C] () -- C:\Users\Niels\AppData\Roaming\pcouffin.inf
   
   
   
   :commands
   [emptytemp]
   [reboot]

   
   
   NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
3. Then click the Run Fix button at the top
4. Let the program run unhindered, reboot when it is done
5. Attach the new log produced by OTL (C:\_OTL)

 

[Niels B]

The new log file.
Some time ago i have used RegCure Pro, TweakNow RegCleaner 2012, but not recently. Why ?
When I opend Google Crome, Nation Zoom showed up again. Like the screen picture I send you.

Do you think that I have to make a clean install of Windows 7 ?

Again - Thanks for your time.

 

[kuttus]

No need to do a clean install.

STEP 1: Clean your temporary files to gain more hard drive space and remove the junk files

1. Download Ccleaner from the below link:
   CCLEANER DOWNLOAD LINK (This link will automatically download Ccleaner on your computer)
2. Install Ccleaner by following the prompts
3. Start Ccleaner and the following should be selected by default, if not, please select:
   
   
4. Click
   
   and choose
   
5. Uncheck
   
6. Then go back to
   
   and click
   
   to run it.
7. Exit CCleaner.

STEP 2:

Now go to Tools -- > Uninstall -- > Save to Text File.

Upload that Saved file also.

 

[Niels B]

The image step 1. no. 5 did not show. What should I uncheck after I pressed advanded ?