Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ExtendedUnlimited Adware


  • This topic is locked This topic is locked
4 replies to this topic

#1 ChetanAudipudy

ChetanAudipudy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 11 September 2014 - 07:29 PM

Mod edit: Moved to proper forum for FRST logs..
Virus, Trojan, Spyware, and Malware Removal Logs

~~boopme

 


Hello! I have a new adware and i need help removing it.
Every time I turn my computer, before anything on my desktop loads, command prompt pops up and Google Chrome pops up on the website "extendedunlimited.org". The language on this website appears to be Russian, and a lot of ads are on it. I have searched around for a solution and found this post previously.
 http://www.bleepingcomputer.com/forums/t/537288/extended-unlimited-adware/ 
 
I have followed the steps mentioned in that post but the problem still persists.
This is the FRST log i got after running the FarBar Tool.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Chetan (administrator) on CHETAN-PC on 12-09-2014 05:40:36
Running from G:\asdf
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Windows\DAODx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\Chetan\AppData\Roaming\uTorrent\uTorrent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Zune\Zune.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-04-18] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\Run: [uTorrent] => C:\Users\Chetan\AppData\Roaming\uTorrent\uTorrent.exe [1418832 2014-09-11] (BitTorrent Inc.)
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\MountPoints2: K - K:\autorun.exe
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\MountPoints2: {78d25d7f-0689-11e4-898e-40167ee8a5d7} - I:\setup.exe
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\MountPoints2: {92452b94-e719-11e3-8c54-40167ee8a5d7} - "J:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2014-05-31] () <==== ATTENTION 
Startup: C:\Users\Chetan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\PROGRA~2\Stardock\OBJECT~1\ObjectDock.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E940FBE5-7661-4832-BC9B-07E8DAC0CE05}: [NameServer] 125.22.47.125,202.56.250.5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3319733&octid=EB_ORIGINAL_CTID&ISID=M796FE00A-47EE-4D39-B2AE-031AE09945CF&SearchSource=58&CUI=&UM=6&UP=&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Chetan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (YouTube) - C:\Users\Chetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google Search) - C:\Users\Chetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (Hover Free) - C:\Users\Chetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2014-05-29]
CHR Extension: (Gmail) - C:\Users\Chetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-07-21] (EasyAntiCheat Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-09] ()
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-05-29] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-04-09] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-04-09] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-04-09] (Razer Inc)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 05:40 - 2014-09-12 05:40 - 00000000 ____D () C:\FRST
2014-09-12 05:29 - 2014-09-12 05:31 - 00000000 ____D () C:\AdwCleaner
2014-09-12 05:28 - 2014-09-12 05:28 - 01370467 _____ () C:\Users\Chetan\Downloads\adwcleaner_3.309.exe
2014-09-11 18:32 - 2014-09-11 18:54 - 235426196 _____ () C:\Users\Chetan\Downloads\cm-11-20140910-NIGHTLY-mako.zip
2014-09-11 18:19 - 2014-09-11 18:19 - 00000846 _____ () C:\Users\Chetan\Downloads\scheme.zip
2014-09-11 18:19 - 2014-09-11 18:19 - 00000846 _____ () C:\Users\Chetan\Downloads\data.zip
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\Chetan\AppData\Local\Adobe
2014-09-06 01:16 - 2014-09-06 01:17 - 00276392 _____ () C:\Windows\Minidump\090614-23306-01.dmp
2014-09-06 01:15 - 2014-09-06 01:15 - 00000000 ____D () C:\Users\Chetan\Documents\Electronic Arts
2014-09-06 01:12 - 2014-09-03 18:24 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-05 20:45 - 2014-09-05 20:46 - 00045189 _____ () C:\Users\Chetan\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-04 23:06 - 2014-09-04 23:06 - 00042785 _____ () C:\Users\Chetan\Downloads\[kickass.to]the.sims.4.pc.full.game.origins.multi17.nosteam.torrent
2014-09-04 23:04 - 2014-09-04 23:04 - 00921904 _____ ( ) C:\Users\Chetan\Downloads\VLC_Media_Player.exe
2014-09-02 12:27 - 2014-09-02 12:27 - 00000000 ____D () C:\Users\Chetan\AppData\Local\Spoon
2014-09-02 12:26 - 2014-09-02 12:26 - 00001254 _____ () C:\Users\Public\Desktop\Free Excel Viewer.lnk
2014-09-02 12:26 - 2014-09-02 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Excel Viewer
2014-09-02 12:26 - 2014-09-02 12:26 - 00000000 ____D () C:\Program Files (x86)\Media Freeware
2014-09-02 12:25 - 2014-09-02 12:25 - 00000000 ____D () C:\Users\Chetan\AppData\Roaming\Media Freeware
2014-09-02 12:24 - 2014-09-02 12:24 - 00578328 _____ () C:\Users\Chetan\Downloads\excelviewerfree_setup.exe
2014-09-02 12:11 - 2014-09-02 12:11 - 00012169 _____ () C:\Users\Chetan\Downloads\MASTER DATA Format-DSATM(Engineering) 2015 BATCH.xlsx
2014-09-02 12:11 - 2014-09-02 12:11 - 00012111 _____ () C:\Users\Chetan\Downloads\MASTER DATA Format-DSATM(Engineering) 2015 BATCH (1).xlsx
2014-08-30 18:59 - 2014-08-30 18:59 - 00204568 _____ () C:\Users\Chetan\Downloads\bootstrap-3.2.0-dist.zip
2014-08-30 15:52 - 2014-08-30 17:30 - 00000000 ____D () C:\Users\Chetan\AppData\Roaming\Skype
2014-08-30 15:52 - 2014-08-30 15:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-30 15:52 - 2014-08-30 15:52 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-30 15:52 - 2014-08-30 15:52 - 00000000 ____D () C:\Users\Chetan\AppData\Local\Skype
2014-08-30 15:52 - 2014-08-30 15:52 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 15:52 - 2014-08-30 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-30 15:50 - 2014-08-30 15:51 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Chetan\Downloads\SkypeSetup.exe
2014-08-23 19:11 - 2014-08-23 19:11 - 00007083 _____ () C:\Users\Chetan\Downloads\[katproxy.com]onerepublic.counting.stars.2013.single.320kbps.f117.torrent
2014-08-19 19:38 - 2014-08-19 19:39 - 00450120 _____ () C:\Users\Chetan\Downloads\DownloadFileSetup__2299_i1194270473_il5.exe
2014-08-19 19:27 - 2014-08-19 19:27 - 00012003 _____ () C:\Users\Chetan\Downloads\everything_unlocked.zip
2014-08-15 21:41 - 2014-08-15 21:41 - 00000000 ____D () C:\ProgramData\Age of Empires 3
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 05:40 - 2014-09-12 05:40 - 00000000 ____D () C:\FRST
2014-09-12 05:37 - 2014-06-08 14:40 - 00000000 ____D () C:\Users\Chetan\AppData\Roaming\uTorrent
2014-09-12 05:37 - 2009-07-14 10:15 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 05:37 - 2009-07-14 10:15 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 05:35 - 2014-05-29 15:43 - 00892793 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 05:32 - 2014-05-29 15:42 - 00008104 _____ () C:\Windows\PFRO.log
2014-09-12 05:32 - 2014-05-29 15:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 05:32 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 05:32 - 2009-07-14 10:21 - 00043692 _____ () C:\Windows\setupact.log
2014-09-12 05:31 - 2014-09-12 05:29 - 00000000 ____D () C:\AdwCleaner
2014-09-12 05:28 - 2014-09-12 05:28 - 01370467 _____ () C:\Users\Chetan\Downloads\adwcleaner_3.309.exe
2014-09-11 22:08 - 2014-05-29 15:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 22:06 - 2014-07-19 14:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 18:54 - 2014-09-11 18:32 - 235426196 _____ () C:\Users\Chetan\Downloads\cm-11-20140910-NIGHTLY-mako.zip
2014-09-11 18:19 - 2014-09-11 18:19 - 00000846 _____ () C:\Users\Chetan\Downloads\scheme.zip
2014-09-11 18:19 - 2014-09-11 18:19 - 00000846 _____ () C:\Users\Chetan\Downloads\data.zip
2014-09-10 22:51 - 2014-05-29 16:29 - 00000000 ____D () C:\ProgramData\Origin
2014-09-10 22:50 - 2014-05-29 16:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-10 19:06 - 2014-07-19 14:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 19:06 - 2014-07-19 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 19:06 - 2014-07-19 14:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-08 21:28 - 2014-09-08 21:28 - 00000000 ____D () C:\Users\Chetan\AppData\Local\Adobe
2014-09-06 01:17 - 2014-09-06 01:16 - 00276392 _____ () C:\Windows\Minidump\090614-23306-01.dmp
2014-09-06 01:16 - 2014-06-07 14:54 - 402057261 _____ () C:\Windows\MEMORY.DMP
2014-09-06 01:16 - 2014-06-07 14:54 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 01:15 - 2014-09-06 01:15 - 00000000 ____D () C:\Users\Chetan\Documents\Electronic Arts
2014-09-06 01:13 - 2014-05-29 15:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-05 20:46 - 2014-09-05 20:45 - 00045189 _____ () C:\Users\Chetan\Downloads\[kickass.to]the.sims.4.deluxe.edition.cracked.3dm.torrent
2014-09-04 23:06 - 2014-09-04 23:06 - 00042785 _____ () C:\Users\Chetan\Downloads\[kickass.to]the.sims.4.pc.full.game.origins.multi17.nosteam.torrent
2014-09-04 23:05 - 2014-07-11 18:11 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-04 23:05 - 2014-07-11 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-04 23:04 - 2014-09-04 23:04 - 00921904 _____ ( ) C:\Users\Chetan\Downloads\VLC_Media_Player.exe
2014-09-04 18:10 - 2014-05-29 15:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 18:24 - 2014-09-06 01:12 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-02 12:27 - 2014-09-02 12:27 - 00000000 ____D () C:\Users\Chetan\AppData\Local\Spoon
2014-09-02 12:26 - 2014-09-02 12:26 - 00001254 _____ () C:\Users\Public\Desktop\Free Excel Viewer.lnk
2014-09-02 12:26 - 2014-09-02 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Excel Viewer
2014-09-02 12:26 - 2014-09-02 12:26 - 00000000 ____D () C:\Program Files (x86)\Media Freeware
2014-09-02 12:25 - 2014-09-02 12:25 - 00000000 ____D () C:\Users\Chetan\AppData\Roaming\Media Freeware
2014-09-02 12:24 - 2014-09-02 12:24 - 00578328 _____ () C:\Users\Chetan\Downloads\excelviewerfree_setup.exe
2014-09-02 12:11 - 2014-09-02 12:11 - 00012169 _____ () C:\Users\Chetan\Downloads\MASTER DATA Format-DSATM(Engineering) 2015 BATCH.xlsx
2014-09-02 12:11 - 2014-09-02 12:11 - 00012111 _____ () C:\Users\Chetan\Downloads\MASTER DATA Format-DSATM(Engineering) 2015 BATCH (1).xlsx
2014-08-30 18:59 - 2014-08-30 18:59 - 00204568 _____ () C:\Users\Chetan\Downloads\bootstrap-3.2.0-dist.zip
2014-08-30 17:30 - 2014-08-30 15:52 - 00000000 ____D () C:\Users\Chetan\AppData\Roaming\Skype
2014-08-30 15:53 - 2014-08-30 15:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-30 15:52 - 2014-08-30 15:52 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-30 15:52 - 2014-08-30 15:52 - 00000000 ____D () C:\Users\Chetan\AppData\Local\Skype
2014-08-30 15:52 - 2014-08-30 15:52 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 15:52 - 2014-08-30 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-30 15:51 - 2014-08-30 15:50 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Chetan\Downloads\SkypeSetup.exe
2014-08-25 07:56 - 2009-07-14 10:43 - 00735720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-23 19:11 - 2014-08-23 19:11 - 00007083 _____ () C:\Users\Chetan\Downloads\[katproxy.com]onerepublic.counting.stars.2013.single.320kbps.f117.torrent
2014-08-21 23:13 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-20 17:30 - 2009-07-14 10:15 - 00295112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 20:27 - 2014-07-11 18:11 - 00000000 ____D () C:\Users\Chetan\AppData\Roaming\vlc
2014-08-19 20:22 - 2014-05-29 15:44 - 00059392 _____ () C:\Users\Chetan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-19 19:39 - 2014-08-19 19:38 - 00450120 _____ () C:\Users\Chetan\Downloads\DownloadFileSetup__2299_i1194270473_il5.exe
2014-08-19 19:29 - 2014-06-07 17:08 - 00000000 ____D () C:\Users\Chetan\Documents\NFS Most Wanted
2014-08-19 19:27 - 2014-08-19 19:27 - 00012003 _____ () C:\Users\Chetan\Downloads\everything_unlocked.zip
2014-08-16 17:00 - 2014-05-29 17:09 - 00000000 ____D () C:\Users\Chetan\Documents\My Games
2014-08-15 21:41 - 2014-08-15 21:41 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-08-15 21:41 - 2014-07-25 16:00 - 00000000 ____D () C:\Users\Chetan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
 
Some content of TEMP:
====================
C:\Users\Chetan\AppData\Local\Temp\app.exe
C:\Users\Chetan\AppData\Local\Temp\instructionsFrs2.exe
C:\Users\Chetan\AppData\Local\Temp\Quarantine.exe
C:\Users\Chetan\AppData\Local\Temp\rtds.exe
C:\Users\Chetan\AppData\Local\Temp\SearchProtectINT.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 00:20
 
==================== End Of Log ============================
 
 
 
 
Please help me get rid of this adware.
Thank you!

Attached Files


Edited by boopme, 11 September 2014 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:02 AM

Posted 12 September 2014 - 05:01 AM

Hi,

does this fix solve the problem?


Please download this attached Attached File  fixlist.txt   405bytes   7 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 ChetanAudipudy

ChetanAudipudy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 12 September 2014 - 07:19 AM

Hello! Thank you for the reply! This fixed the problem! Thank you for your fast reply and solution! Here is the contents of the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Chetan at 2014-09-12 17:42:43 Run:2
Running from G:\asdf
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-679186558-134089853-2193292194-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
CHR DefaultSearchKeyword: Default -> trovi.search
EmptyTemp:
*****************
 
HKU\S-1-5-21-679186558-134089853-2193292194-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
EmptyTemp: => Removed 2.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:02 AM

Posted 12 September 2014 - 09:00 AM

Alright, that's it.
I'd recommend to Windows Updates in Control Panel and download and install all updates that are provided. And to install a antivirus software.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:02 AM

Posted 19 September 2014 - 03:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users