Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How do I remove this virus/malware url?

12 Nov 2014   #1
thailen

Windows 7 Home Premium(64 bit)
 
 
How do I remove this virus/malware url?

I tried programs and features and search, but came up empty. It constantly shows up in Firefox and Chrome


http://cache.icmwebserv.com/blank7.html#{%22namespace%22%3A%22LITE%22%2C%22revMode%22%3A16%2C%22marketingCampaignID%22%3A999999% 2C%22campaignID%22%3A%22000339%22%2C%22browser%22%3A%22ff%22%2C%22url%22%3A%22http%3A%2F%2Fonpoint.w bur.org%2Fways-to-listen%22%2C%22install%22%3A%221415626139%22%2C%22appID%22%3A63831%2C%22subID%22%3A%2230003392102300 0000%22%2C%22windowName%22%3A%22icm_inline_p%22%2C%22ad_width%22%3A1%2C%22ad_height%22%3A100%2C%22ad _type%22%3A%22focus%22%2C%22asw%22%3A%22na%22%2C%22pstn%22%3A%220%22%2C%22icmVersion%22%3A%221105%22 }


My System SpecsSystem Spec
.
13 Nov 2014   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You have 'adware'. follow both step1. and step 2.


Please download AdwCleaner by Xplode and save to your Desktop.


Step 1.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Step 2.


This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder


******Post both .txt logs in your next reply
My System SpecsSystem Spec
13 Nov 2014   #3
thailen

Windows 7 Home Premium(64 bit)
 
 
Here's the first part of the log file(SevenForums will only allow 20,0

20,000 characters at a time:

dwCleaner v4.101 - Report created 13/11/2014 at 19:52:31
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Lanovo - LANOVO-PC
# Running from : C:\Users\Lanovo\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : trntv
Service Deleted : {a71b752a-bac5-48e3-a420-f8c453035f81}Gw
Service Deleted : {a8fcc7a3-7149-4cd7-bc81-f5c3c4a18978}Gw

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\baidu
[!] Folder Deleted : C:\Program Files\globalUpdate
[!] Folder Deleted : C:\Program Files\HomeTab
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\LuckyTab
Folder Deleted : C:\Program Files\CinPlus-2.4cV10.11
Folder Deleted : C:\Users\Lanovo\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Lanovo\AppData\LocalLow\HomeTab
Folder Deleted : C:\Users\Lanovo\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\baidu
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\SimpleFiles
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\SimplyTech
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\TornTV.com
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\WebNavi
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\Extensions\faststartff@gma il.com
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\Extensions\0cd1569197354ec f9be03@d3ee3bc4210848f7b5a58324f064f.com
Folder Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Folder Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\system32\\drivers\{a71b752a-bac5-48e3-a420-f8c453035f81}Gw.sys
File Deleted : C:\Windows\system32\\drivers\{a8fcc7a3-7149-4cd7-bc81-f5c3c4a18978}Gw.sys
File Deleted : C:\Users\Lanovo\Desktop\Live PC Help.lnk
File Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\searchplugins\default-search.xml
File Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\user.js
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-1
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-11
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-2
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-3
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-4
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-5
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-5_user
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-6
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-7
My System SpecsSystem Spec
.

13 Nov 2014   #4
thailen

Windows 7 Home Premium(64 bit)
 
 
Here's the Second Part of the logfile

** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\coljhboelhlkbgaaolcngflenaggpeao
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fcljdicbcnmfhekdcaobgbpjjifniemh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kmedakdfngfmagjlndeckcbfcmidlbio
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Superfish
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622382231}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655385531}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666386631}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644384431}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\TornTv Downloader
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\CinPlus-2.4cV10.11
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : HKLM\SOFTWARE\CinPlus-2.4cV10.11
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad Blocker_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinPlus-2.4cV10.11

***
My System SpecsSystem Spec
13 Nov 2014   #5
thailen

Windows 7 Home Premium(64 bit)
 
 
Here's the Third and Final Part of the Logfile

** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v33.1 (x86 en-US)

[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "default-search.net");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "default-search.net");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "default-search.net");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb._ _ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22a[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.m onetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a6cfae8cc4676442fa78d9dcdfbd4ea874e76d4af1994bacom63285.63285.internaldb.__ICM _LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazo[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a6cfae8cc4676442fa78d9dcdfbd4ea874e76d4af1994bacom63285.63285.internaldb.monet ization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "149999d222e0fe41732c3115d36031c9");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.ocr@babylon.com.install-event-fired", true);

-\\ Google Chrome v40.0.2209.0


*************************

AdwCleaner[R0].txt - [21496 octets] - [13/11/2014 19:31:02]
AdwCleaner[S0].txt - [19059 octets] - [13/11/2014 19:52:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19120 octets] ##########
My System SpecsSystem Spec
13 Nov 2014   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Tell me how your computer is running now.
My System SpecsSystem Spec
13 Nov 2014   #7
thailen

Windows 7 Home Premium(64 bit)
 
 

Since I live in Thailand, we're around 10-12 hours ahead of you. I just woke up and, unfortunately, that same(cache icm) adware and at least one other ad so far, has appeared.
My System SpecsSystem Spec
13 Nov 2014   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let's try ESET....
I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
13 Nov 2014   #9
thailen

Windows 7 Home Premium(64 bit)
 
 

I could be overlooking something and I'll certainly follow your guide, but I think all the problems stem from Firefox, since I don't see ad intrusions when I use Chrome(I rarely use I/E). Does that affect anythng Should I uninstall Firefox and reinstall it?
My System SpecsSystem Spec
13 Nov 2014   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Can you please run the ESET scan? We'll determine from the results.
My System SpecsSystem Spec
Reply

 How do I remove this virus/malware url?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Unable to remove virus/malware
After running a spybot scan it comes up with 2 infections but is unable to remove them, it shows they are in the registry, the ones it can't remove/ keep coming back are called: SafeSaver.BHO W3i.IQ5.fraud Malware bites cannot detect them yet spybot is showing them as a severe threat can...
System Security
BLKPURE Virus? Malware? Help
Hi A user in my company had opened an attachment from an unknown sender. it was on a .zip file. after he opened the file. almost all his files was replace a .blkpure extension,,, is this somewhat kind of virus? kindly advice please.
System Security
I'm not sure what is going on, virus, malware etc etc
OS: Windows 7 Ultimate 64 Ok So I thought I had a virus because my computer started running slow and programs started to not respond often. So I go to run my Avast, Malwarebytes, and AdAware and they are all turned off. So I said ok I'll just start in safe mode and run these. So each one found...
System Security
virus, spyware, malware?
What is the difference between these various infections? Is there a real difference, or is it just a marketing technique? In my mind, everything that infects your computer and causes undesirable results is a virus. I think you get my point already, so I will move on. Do the various security...
System Security
Virus/Malware/Registry
What are the best current (FREE) Spyware,Registry and Virus software. When I took a break from my IT profession it was spybot and cc cleaner what is the top ones nowadays? Thanks
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:31.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App