Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yet another gameharbor victim


  • Please log in to reply
8 replies to this topic

#1 CarrotOnAStick

CarrotOnAStick

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 12 September 2014 - 07:40 AM

Hi guys,

 

since a day or 3 I've been getting this crap at startup and I've tried every other solution I could find (I try and fix it myself first :) ) so as many before me, here are my logs with FRST. If anyone could come up with a fix I'd be very greatfull!

 

Thank you for your time.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 CarrotOnAStick

CarrotOnAStick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 12 September 2014 - 01:32 PM

Boosting for attention.



#3 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:28 PM

Posted 12 September 2014 - 04:50 PM

hi,

 

Your post is a day old, If you still need help simply reply back.


How Can I Reduce My Risk to Malware?


#4 CarrotOnAStick

CarrotOnAStick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 12 September 2014 - 07:46 PM

I still need help :)



#5 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:28 PM

Posted 12 September 2014 - 08:56 PM

Ok we will use FRST.

 

Open notepad. Please copy/paste the contents of the code box below into notepad
 

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File 
HKU\S-1-5-21-2874569260-1653278045-1339364092-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9DE6F857C2C2CF01

Save it on your Desktop as:  fixlist.txt

Start FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
The tool will create a log on the desktop called Fixlog.txt

Please post the log in your reply.

 


How Can I Reduce My Risk to Malware?


#6 CarrotOnAStick

CarrotOnAStick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 14 September 2014 - 08:23 AM

Done as i was told, this is my fixlog.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by David at 2014-09-14 15:22:04 Run:1
Running from C:\Users\David\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
HKU\S-1-5-21-2874569260-1653278045-1339364092-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9DE6F857C2C2CF01
*****************

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKU\S-1-5-21-2874569260-1653278045-1339364092-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.

==== End of Fixlog ====



#7 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:28 PM

Posted 14 September 2014 - 02:05 PM

Ok and is the redirect gone now? Is a updated Malwarebytes coming up clean after a scan?

 

 

 


How Can I Reduce My Risk to Malware?


#8 CarrotOnAStick

CarrotOnAStick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 15 September 2014 - 06:10 AM

It is gone, thanks allot man! :)



#9 shelf life

shelf life

  • Malware Response Team
  • 2,645 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:28 PM

Posted 15 September 2014 - 03:50 PM

Ok. You can delete the FRST icon and it associated folder in your root drive (default C:). Happy safe surfing


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users