How do I remove this virus/malware url?

[thailen]

I tried programs and features and search, but came up empty. It constantly shows up in Firefox and Chrome


http://cache.icmwebserv.com/blank7.html#{%22namespace%22%3A%22LITE%22%2C%22revMode%22%3A16%2C%22marketingCampaignID%22%3A999999%2C%22campaignID%22%3A%22000339%22%2C%22browser%22%3A%22ff%22%2C%22url%22%3A%22http%3A%2F%2Fonpoint.wbur.org%2Fways-to-listen%22%2C%22install%22%3A%221415626139%22%2C%22appID%22%3A63831%2C%22subID%22%3A%22300033921023000000%22%2C%22windowName%22%3A%22icm_inline_p%22%2C%22ad_width%22%3A1%2C%22ad_height%22%3A100%2C%22ad_type%22%3A%22focus%22%2C%22asw%22%3A%22na%22%2C%22pstn%22%3A%220%22%2C%22icmVersion%22%3A%221105%22}

 

[Jacee]

You have 'adware'. follow both step1. and step 2.


Please download AdwCleaner by Xplode and save to your Desktop.


Step 1.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2.


This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder


******Post both .txt logs in your next reply

 

[thailen]

Here's the first part of the log file(SevenForums will only allow 20,0

20,000 characters at a time:

dwCleaner v4.101 - Report created 13/11/2014 at 19:52:31
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Lanovo - LANOVO-PC
# Running from : C:\Users\Lanovo\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : trntv
Service Deleted : {a71b752a-bac5-48e3-a420-f8c453035f81}Gw
Service Deleted : {a8fcc7a3-7149-4cd7-bc81-f5c3c4a18978}Gw

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\baidu
[!] Folder Deleted : C:\Program Files\globalUpdate
[!] Folder Deleted : C:\Program Files\HomeTab
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Program Files\LuckyTab
Folder Deleted : C:\Program Files\CinPlus-2.4cV10.11
Folder Deleted : C:\Users\Lanovo\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Lanovo\AppData\LocalLow\HomeTab
Folder Deleted : C:\Users\Lanovo\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\baidu
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\SimpleFiles
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\SimplyTech
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\TornTV.com
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\WebNavi
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\Extensions\[email protected]
Folder Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\Extensions\[email protected]
Folder Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Folder Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\system32\\drivers\{a71b752a-bac5-48e3-a420-f8c453035f81}Gw.sys
File Deleted : C:\Windows\system32\\drivers\{a8fcc7a3-7149-4cd7-bc81-f5c3c4a18978}Gw.sys
File Deleted : C:\Users\Lanovo\Desktop\Live PC Help.lnk
File Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\searchplugins\default-search.xml
File Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Lanovo\AppData\Roaming\Mozilla\Firefox\Profiles\rfymn4ct.default\user.js
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Lanovo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-1
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-11
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-2
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-3
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-4
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-5
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-5_user
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-6
Task Deleted : 1021b133-1a27-43e4-9252-e2a4dcb2b33f-7

 

[thailen]

Here's the Second Part of the logfile

** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\coljhboelhlkbgaaolcngflenaggpeao
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fcljdicbcnmfhekdcaobgbpjjifniemh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kmedakdfngfmagjlndeckcbfcmidlbio
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Superfish
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622382231}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655385531}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666386631}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644384431}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611381131}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\SmileysWeLove
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\TornTv Downloader
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\CinPlus-2.4cV10.11
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : HKLM\SOFTWARE\CinPlus-2.4cV10.11
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad Blocker_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinPlus-2.4cV10.11

***

 

[thailen]

Here's the Third and Final Part of the Logfile

** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v33.1 (x86 en-US)

[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "default-search.net");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "default-search.net");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "default-search.net");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22a[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a0cd1569197354ecf9be03d3ee3bc4210848f7b5a58324f064fcom63831.63831.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a6cfae8cc4676442fa78d9dcdfbd4ea874e76d4af1994bacom63285.63285.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazo[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.a6cfae8cc4676442fa78d9dcdfbd4ea874e76d4af1994bacom63285.63285.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%[...]
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "149999d222e0fe41732c3115d36031c9");
[rfymn4ct.default\prefs.js] - Line Deleted : user_pref("[email protected]", true);

-\\ Google Chrome v40.0.2209.0


*************************

AdwCleaner[R0].txt - [21496 octets] - [13/11/2014 19:31:02]
AdwCleaner[S0].txt - [19059 octets] - [13/11/2014 19:52:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19120 octets] ##########

 

[Jacee]

Tell me how your computer is running now.

 

[thailen]

Since I live in Thailand, we're around 10-12 hours ahead of you. I just woke up and, unfortunately, that same(cache icm) adware and at least one other ad so far, has appeared.

 

[Jacee]

Let's try ESET....
I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[thailen]

I could be overlooking something and I'll certainly follow your guide, but I think all the problems stem from Firefox, since I don't see ad intrusions when I use Chrome(I rarely use I/E). Does that affect anythng Should I uninstall Firefox and reinstall it?

 

[Jacee]

Can you please run the ESET scan? We'll determine from the results.

 

[thailen]

Under initialization, the messAGE is: cannot get update. Is proxy configured? No % has been run..

 

[Jacee]

Disable the proxy settings in Internet Explorer:
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.
Reboot
Make sure "Proxy server" is still disabled under your LAN Settings.
Test whether internet connectivity is restored.

 

[thailen]

Internet Connection Was Not the Problem

I followed your instructions for I/E and both before and after reboot the proxy server box was unchecked. I still - not on I/E, but on Firefox and Chrome - am getting tons of ads and urls like the one I began this thread with. I can only download Ad Block Plus on I/E, BTW, but not on either Chrome or Firefox and I have File Viewer Lite which can't open it, even the 2.65 edition with .xpi which I downloaded but no help.

Disable the proxy settings in Internet Explorer:
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.
Reboot
Make sure "Proxy server" is still disabled under your LAN Settings.
Test whether internet connectivity is restored.

 

[Jacee]

Please disable all add-on extensions in your browsers: How to disable add-ons/extensions in your browser?

 

[thailen]

Forget my last reply.

Against my better judgement, I disabled all of them in both Chrome and Firefox(no reason to do it to I/E, since everything is fine there.

Please disable all add-on extensions in your browsers: How to disable add-ons/extensions in your browser?

 

[cottonball]

thailen,

Also do the following to see if there is program responsible for installing this annoyance...

Please get a list of installed programs, and we'll see if one of them is the culprit.
After that, we can reset FireFox to see if cache.icmwebserv.com goes away.

If you are game, open a Command Prompt as Administrator:

Enter “cmd” (without quotes) in the Search Programs and Files box on the Start menu.

When cmd.exe shows in the Programs section of the results, right-click it and select: Run as Administrator

At the command prompt, type in: wmic
Press: Enter

At the wmic:root\cli> prompt, copy/paste (with the mouse) the following text, and press Enter:

/output:C:\InstallList.txt product get name,version

Now, look for an InstallList.txt file in your C: drive
It should open up in Notepad.

Please post the list in your reply so we can see if there is a culprit on it.

Thanks!


.

 

[thailen]

I got as far as typing in /output:C:\InstallList.txt product get name,version and it said Alias not found
Maybe I should have stopped typing after txt
Sorry about being dumb about following instructions

 

[cottonball]

Did you right click cmd.exe and select: Run as Administrator?

If so, try highlighting: /output:C:\InstallList.txt product get name,version
Right-click and select copy, then, go to the command prompt and at the wmic:root\cli> prompt, right-click by it, and select: Paste

 

[cottonball]

Or, download CCleaner:
CCleaner - PC Optimization and Cleaning - Free Download

Download the free version!

In CCleaner, click the Tools icon at left.

Next, select the Uninstall tab on the left

In the Uninstall screen, click: Save to text file... (at the bottom)

Save to the Desktop, and post in your reply.

 

[thailen]

I did and the command screen is blinking. Is that all?