How to uninstall Ultrasurf VPN
Solved/Closed
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
-
Updated on Nov 17, 2017 at 04:31 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Nov 20, 2017 at 05:01 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Nov 20, 2017 at 05:01 AM
Related:
- How to delete ultrasurf for chrome
- How to remove ultrasurf from my computer - Best answers
- How to stop ultrasurf from popping up - Best answers
- Ultrasurf - Download - VPN
- How to delete whatsapp account without login - Guide
- Tentacle locker 2 for chrome - Download - Adult games
- Savefrom.net chrome - Download - Video downloads
- How to disable images on chrome android - Guide
9 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 17, 2017 at 04:35 PM
Nov 17, 2017 at 04:35 PM
Hi
You have not deleted it. To delete it did you try programmes and functions?
You have not deleted it. To delete it did you try programmes and functions?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 17, 2017 at 04:42 PM
Nov 17, 2017 at 04:42 PM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
Ambucias
CCM Moderator and Virus/Security Contributor
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
Ambucias
CCM Moderator and Virus/Security Contributor
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 17, 2017 at 05:03 PM
Nov 17, 2017 at 05:03 PM
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 17, 2017 at 05:25 PM
Nov 17, 2017 at 05:25 PM
The above url is incorrect
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
Nov 17, 2017 at 05:28 PM
Nov 17, 2017 at 05:28 PM
http://s000.tinyupload.com/?file_id=01308355182784641608 sorry, check this.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 17, 2017 at 05:31 PM
Nov 17, 2017 at 05:31 PM
You uploaded the .exe file. I need the txt file which is on your desktop.
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 17, 2017 at 05:34 PM
Nov 17, 2017 at 05:34 PM
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 17, 2017 at 06:12 PM
Nov 17, 2017 at 06:12 PM
Hi Ogumba,
Thank you for the report.
I have found several malware in your system including a Hijacker.Proxy
Actually there are many malware in your systems. You are now using Windows Defender but there are traces of other anti-viruses software which create conflicts with Defender.
I am a CCM moderator and I must uphold the CCM Charter. I have found on your system a hacking tool, able to hack Microsoft operating system and software. I found the source of your issue. Under normal circumstances, I would be able to help you solve your issue in a jiffy. But, because the hacking tool, I can't and will not.
I trust that you understand.
Sorry
Ambucias
CCM Moderator
Virus/Security Contributor
Thank you for the report.
I have found several malware in your system including a Hijacker.Proxy
Actually there are many malware in your systems. You are now using Windows Defender but there are traces of other anti-viruses software which create conflicts with Defender.
I am a CCM moderator and I must uphold the CCM Charter. I have found on your system a hacking tool, able to hack Microsoft operating system and software. I found the source of your issue. Under normal circumstances, I would be able to help you solve your issue in a jiffy. But, because the hacking tool, I can't and will not.
I trust that you understand.
Sorry
Ambucias
CCM Moderator
Virus/Security Contributor
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 04:48 AM
Nov 18, 2017 at 04:48 AM
I really need this issue to be resolved, Sir. The hacktool is a virus, i think. Windows defender is always detecting it and once removed, it pops up again. Really don't know where it came from. Really would like you to assist me, thanks.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 18, 2017 at 05:12 AM
Nov 18, 2017 at 05:12 AM
Have you purchased a licence for your Windows operating system?
Have you purchased a licence for your Microsoft Office suite?
Have you purchased a licence for your Microsoft Office suite?
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 05:22 AM
Nov 18, 2017 at 05:22 AM
I downloaded the upgrade for free.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 05:25 AM
Nov 18, 2017 at 05:25 AM
You have not answered my questions!
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 05:42 AM
Nov 18, 2017 at 05:42 AM
yes
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 05:55 AM
Nov 18, 2017 at 05:55 AM
Stand by
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 18, 2017 at 06:13 AM
Nov 18, 2017 at 06:13 AM
1. Download ZHPFix here
https://nicolascoolman.eu
2. Select and copy all of the following bold lines.
Script Zhpfix
O38 - TASK: {36163723-E950-4582-B802-9B87A8140C83} [64Bits][\AutoKMS] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe [5046784]
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
O4 - GS\Desktop [Administrator]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Desktop [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [Administrator]: Youtube.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe https://www.youtube.com/ --run-by-youtube
O4 - GS\Quicklaunch [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\TaskBar [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Programs [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [Guest]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Desktop [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [Guest]: Youtube.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe https://www.youtube.com/ --run-by-youtube
O4 - GS\Quicklaunch [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\TaskBar [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Programs [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [PC]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Desktop [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [PC]: Youtube.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe https://www.youtube.com/ --run-by-youtube
O4 - GS\Quicklaunch [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\TaskBar [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Programs [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\CommonDesktop [Public]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Programs [Public]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork
HKLM\SOFTWARE\Wow6432Node\Torch
HKCU\SOFTWARE\AskPartnerNetwork
HKCU\SOFTWARE\CToolbar
HKCU\SOFTWARE\Torch
O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH1: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH3: 00avast [64Bits] - {472083B0-C522-11CF-8763-00608CC02F24} . (.Orphan.)
O108 - CMH3: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH4: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH5: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH6: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O68 - StartMenuInternet: <UCBrowser> <UC Browser> [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.UCWeb Inc. - UC Browser.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
O68 - StartMenuInternet: <UCBrowser> <UC Browser> [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.UCWeb Inc. - UC Browser.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
O68 - StartMenuInternet: <UCBrowser> <UC Browser> [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.UCWeb Inc. - UC Browser.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
C:\Windows\AutoKMS\AutoKMS.exe
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Program Files\Hola
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
C:\ProgramData\TorchCrashHandler
C:\Users\PC\AppData\Roaming\Hola
C:\Users\PC\AppData\Roaming\ManyCam
C:\Users\PC\AppData\Local\Torch
C:\Users\PC\AppData\Local\UCBrowser
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
C:\WINDOWS\Prefetch\MANYCAM.EXE-8B150266.pf
C:\WINDOWS\Prefetch\TORCH.EXE-0ADD903A.pf
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui
HKLM\Software\Wow6432Node\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
C:\WINDOWS\Installer\12a3c38.msi
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid
3 Close all applications and open ZHP Fix
4. Click on the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
https://nicolascoolman.eu
2. Select and copy all of the following bold lines.
Script Zhpfix
O38 - TASK: {36163723-E950-4582-B802-9B87A8140C83} [64Bits][\AutoKMS] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe [5046784]
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
O4 - GS\Desktop [Administrator]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Desktop [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [Administrator]: Youtube.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe https://www.youtube.com/ --run-by-youtube
O4 - GS\Quicklaunch [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\TaskBar [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Programs [Administrator]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [Guest]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Desktop [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [Guest]: Youtube.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe https://www.youtube.com/ --run-by-youtube
O4 - GS\Quicklaunch [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\TaskBar [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Programs [Guest]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [PC]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Desktop [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Desktop [PC]: Youtube.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe https://www.youtube.com/ --run-by-youtube
O4 - GS\Quicklaunch [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\TaskBar [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\Programs [PC]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
O4 - GS\CommonDesktop [Public]: Facebook.lnk . (.UCWeb Inc. - UC Browser.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe https://www.facebook.com/
O4 - GS\Programs [Public]: Torch.lnk . (.Torch Media Inc. - Torch.) C:\Users\PC\AppData\Local\Torch\Application\torch.exe
HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork
HKLM\SOFTWARE\Wow6432Node\Torch
HKCU\SOFTWARE\AskPartnerNetwork
HKCU\SOFTWARE\CToolbar
HKCU\SOFTWARE\Torch
O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH1: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH3: 00avast [64Bits] - {472083B0-C522-11CF-8763-00608CC02F24} . (.Orphan.)
O108 - CMH3: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH4: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH5: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH6: XXX Groove GFS Context Menu Handler XXX [64Bits] - {6C467336-8281-4E60-8204-430CED96822D} . (.Orphan.)
O68 - StartMenuInternet: <UCBrowser> <UC Browser> [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (.UCWeb Inc. - UC Browser.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
O68 - StartMenuInternet: <UCBrowser> <UC Browser> [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (.UCWeb Inc. - UC Browser.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
O68 - StartMenuInternet: <UCBrowser> <UC Browser> [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (.UCWeb Inc. - UC Browser.) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
C:\Windows\AutoKMS\AutoKMS.exe
C:\WINDOWS\System32\Tasks\AutoKMS
C:\Program Files\Hola
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
C:\ProgramData\TorchCrashHandler
C:\Users\PC\AppData\Roaming\Hola
C:\Users\PC\AppData\Roaming\ManyCam
C:\Users\PC\AppData\Local\Torch
C:\Users\PC\AppData\Local\UCBrowser
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
C:\WINDOWS\Prefetch\MANYCAM.EXE-8B150266.pf
C:\WINDOWS\Prefetch\TORCH.EXE-0ADD903A.pf
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\CLSID\{6C467336-8281-4E60-8204-430CED96822D}
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui
HKLM\Software\Wow6432Node\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
C:\WINDOWS\Installer\12a3c38.msi
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid
3 Close all applications and open ZHP Fix
4. Click on the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 07:11 AM
Nov 18, 2017 at 07:11 AM
Rapport de ZHPFix 2017.06.13.1 par Nicolas Coolman, Update du 13/06/2017
Fichier d'export Registre : C:\Users\PC\AppData\Roaming\ZHP\ZHPExportRegistry-18-Nov-17-12-52-27 PM.txt
Run by PC at 18-Nov-17 1:02:30 PM
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (10240)
Recycle Bin emptied (17mn AMs)
Prefetcher emptied
Repair of browser shortcuts
========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
REMOVES Reboot: Memory Process: C:\Windows\AutoKMS\AutoKMS.exe
REMOVES Reboot: Memory Process: C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
REMOVES Reboot: Memory Process: C:\WINDOWS\Installer\12a3c38.msi
========== Registry keys ==========
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\Torch
REMOVES: HKCU\SOFTWARE\AskPartnerNetwork
REMOVES: HKCU\SOFTWARE\CToolbar
REMOVES: HKCU\SOFTWARE\Torch
REMOVES:³ HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
REMOVES:³ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
REMOVES:³ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast
REMOVES:³ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui
REMOVES:³ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
REMOVES:³ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
========== Elements of the registry data ==========
REMOVES: R1 Search Page = http://127.0.0.1:8080
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
REMOVES Reboot: c:\program files (x86)\ucbrowser\application\ucbrowser.exe
Deletes temporary Windows (14027) (2,354,938,130 octets)
========== Other ==========
NON-TREATY O38 - TASK: {36163723-E950-4582-B802-9B87A8140C83} [64Bits][\AutoKMS] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe [5046784]
========== Summary ==========
4 : Process memory
15 : Registry keys
1 : Elements of the registry data
1 : Folders
2 : Files
1 : Other
End of clean in 54mn AMs
========== Path to file report ==========
C:\Users\PC\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18-Nov-17 12:52:27 PM [776]
C:\Users\PC\AppData\Roaming\ZHP\ZHPFix[R2].txt - 18-Nov-17 1:02:48 PM [2758]
Fichier d'export Registre : C:\Users\PC\AppData\Roaming\ZHP\ZHPExportRegistry-18-Nov-17-12-52-27 PM.txt
Run by PC at 18-Nov-17 1:02:30 PM
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (10240)
Recycle Bin emptied (17mn AMs)
Prefetcher emptied
Repair of browser shortcuts
========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
REMOVES Reboot: Memory Process: C:\Windows\AutoKMS\AutoKMS.exe
REMOVES Reboot: Memory Process: C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
REMOVES Reboot: Memory Process: C:\WINDOWS\Installer\12a3c38.msi
========== Registry keys ==========
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork
REMOVES:³ HKLM\SOFTWARE\Wow6432Node\Torch
REMOVES: HKCU\SOFTWARE\AskPartnerNetwork
REMOVES: HKCU\SOFTWARE\CToolbar
REMOVES: HKCU\SOFTWARE\Torch
REMOVES:³ HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge
REMOVES:³ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
REMOVES:³ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast
REMOVES:³ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui
REMOVES:³ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
REMOVES:³ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
REMOVES:³ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX
========== Elements of the registry data ==========
REMOVES: R1 Search Page = http://127.0.0.1:8080
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
REMOVES Reboot: c:\program files (x86)\ucbrowser\application\ucbrowser.exe
Deletes temporary Windows (14027) (2,354,938,130 octets)
========== Other ==========
NON-TREATY O38 - TASK: {36163723-E950-4582-B802-9B87A8140C83} [64Bits][\AutoKMS] - (.CODYQX4 - AutoKMS.) -- C:\Windows\AutoKMS\AutoKMS.exe [5046784]
========== Summary ==========
4 : Process memory
15 : Registry keys
1 : Elements of the registry data
1 : Folders
2 : Files
1 : Other
End of clean in 54mn AMs
========== Path to file report ==========
C:\Users\PC\AppData\Roaming\ZHP\ZHPFix[R1].txt - 18-Nov-17 12:52:27 PM [776]
C:\Users\PC\AppData\Roaming\ZHP\ZHPFix[R2].txt - 18-Nov-17 1:02:48 PM [2758]
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 18, 2017 at 04:28 PM
Nov 18, 2017 at 04:28 PM
Please search for this file and delete it:
C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 06:10 PM
Nov 18, 2017 at 06:10 PM
are you sure i should delete that?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 07:41 PM
Nov 18, 2017 at 07:41 PM
Yes definitively! It is the hacking software which I was talking to you about.
What you have deleted is a virus. The virus was created to overcome illegal copies of Microsoft operating systems and office software. Since you told me that you did purchase the licences, you should not worry.
Should you now experience some difficulties with Microsoft software let me know.
Now, please tell me if the initial issue for which you posted on this forum is resolved that is about ultrasurf-vpn.
Regards
What you have deleted is a virus. The virus was created to overcome illegal copies of Microsoft operating systems and office software. Since you told me that you did purchase the licences, you should not worry.
Should you now experience some difficulties with Microsoft software let me know.
Now, please tell me if the initial issue for which you posted on this forum is resolved that is about ultrasurf-vpn.
Regards
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
Nov 18, 2017 at 07:46 PM
Nov 18, 2017 at 07:46 PM
No, not really. it's still the same. Maybe I should install a better antivirus? or should i format the pc?
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 18, 2017 at 06:39 PM
Nov 18, 2017 at 06:39 PM
I just deleted it.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 19, 2017 at 05:20 AM
Nov 19, 2017 at 05:20 AM
If you format the PC you will lose all of your data.
Let me study your report again and I shall return to you.
Let me study your report again and I shall return to you.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 19, 2017 at 06:41 AM
Nov 19, 2017 at 06:41 AM
Got it.
Again you have downloaded infected stuff, one of those thing hacked your internet connection intending to crack or break security measures and penetrate your computer.
I have noticed that you download a lot from torrent sites. I must warn you that torrents are not safe, as a matter of fact it's very risky. Torrents are infested by malware. Torrents are hackers' and pirates favourite vehicle for their evil deeds.
Now here is you will do. Be very attentive as to not make any mistakes.
Click right on you windows icon, lower corner of your screen and click on RUN.
Type: regedit and click ok
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVersion>Internet Settings
In the right panel, locate and delete the entries:
~vyjbuiv = "dword:0000049f"
ProxyOverride = "local"
ProxyServer = "127.0.0.1:9666"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVersion>Internet Settings
In the right panel, locate the entry:
ProxyEnable = "1"
Right-click on the value name and choose Modify. Change the value data of this entry to:
0
Close Registry Editor.
In your control panel / security
Insure that all is set to default settings.
Yes! You need a better antivirus but an antivirus will not stop you from downloading malware. You must be very careful. I suggest that you use Kaspersky antivirus, scan you machine and delete files such as HKTL_USURF.
Good luck
Again you have downloaded infected stuff, one of those thing hacked your internet connection intending to crack or break security measures and penetrate your computer.
I have noticed that you download a lot from torrent sites. I must warn you that torrents are not safe, as a matter of fact it's very risky. Torrents are infested by malware. Torrents are hackers' and pirates favourite vehicle for their evil deeds.
Now here is you will do. Be very attentive as to not make any mistakes.
Click right on you windows icon, lower corner of your screen and click on RUN.
Type: regedit and click ok
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVersion>Internet Settings
In the right panel, locate and delete the entries:
~vyjbuiv = "dword:0000049f"
ProxyOverride = "local"
ProxyServer = "127.0.0.1:9666"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Windows>
CurrentVersion>Internet Settings
In the right panel, locate the entry:
ProxyEnable = "1"
Right-click on the value name and choose Modify. Change the value data of this entry to:
0
Close Registry Editor.
In your control panel / security
Insure that all is set to default settings.
Yes! You need a better antivirus but an antivirus will not stop you from downloading malware. You must be very careful. I suggest that you use Kaspersky antivirus, scan you machine and delete files such as HKTL_USURF.
Good luck
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 19, 2017 at 06:20 PM
Nov 19, 2017 at 06:20 PM
i couldn't locate ''~vyjbuiv = "dword:0000049f" so i could delete it. but i succeeded in deleting the others and also changing the value of the proxyenable to 0
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Nov 19, 2017 at 06:29 PM
Nov 19, 2017 at 06:29 PM
Hi
Great! Don't worry about vyjbuiv = "dword:0000049f
You issue should now be resolved, all you need to do is to reset your internet settings to default or reconfigure your internet connection. In your control panel / security, insure that all is set to default settings.
Remember what I have said about Torrents, they are like swimming in crocodile infested waters.
Let me know and I shall return tomorrow.
It was really nice working with you.
Great! Don't worry about vyjbuiv = "dword:0000049f
You issue should now be resolved, all you need to do is to reset your internet settings to default or reconfigure your internet connection. In your control panel / security, insure that all is set to default settings.
Remember what I have said about Torrents, they are like swimming in crocodile infested waters.
Let me know and I shall return tomorrow.
It was really nice working with you.
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 19, 2017 at 07:51 PM
Nov 19, 2017 at 07:51 PM
Thanks a lot. I really appreciate the attention you gave me, and also for helping me fix my problem.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
ogumba
Posts
19
Registration date
Friday November 17, 2017
Status
Member
Last seen
June 22, 2019
Nov 20, 2017 at 05:01 AM
Nov 20, 2017 at 05:01 AM
It was my pleasure
Nov 17, 2017 at 04:39 PM