after removing zemana antilogger from windows seven, it opens a page with the default browser to this address:
https://www.zemana.com/uninstall/?p=ZAL ... %20(France)&ul=French%20(France)&uil=English%20(United%20States)&os=Windows%207%2064-bit&new_affid=00000000&DownloadID=465501&cuid=0007D01F4AAA254B926D2E
which install a rogue addons named "html service" without more information.
the malware symptoms are:
-every page opened has a script from the domain s3.amazonaws.com as detected by noscript
-on a google search the pictures are removed and some other details are missing
i can upload the rogue xpi if anyone wants to analyze it.