ShardtheFox Posted March 23, 2014 ID:806604 Share Posted March 23, 2014 My grandmother requested I take a look at her computer, as it was running slow. Apparently, she purchased a service called "RegServo" that is a registry cleaner, and ran the file while under remote assistance from some guy on the phone. She's kind of senile, so the details don't all add up. Anyways, her computer is a mess, and I was hoping someone could assist me with checking it out. I am aware of your piracy policy, and have already checked the laptop for any torrent software, and found none. Below are the FRST.txt and Addition.txt logs. Edit: Apparently, the copy and paste functionality no longer works. I just attached the logs instead. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Psychotic Posted March 23, 2014 ID:806829 Share Posted March 23, 2014 Add-/remove programmsClick on start-->control panel.Vista/7: Open Programs and FeaturesXP: Open add/remove programsSearch for and remove the following programsALOT AppbarLivingPlayAsk ToolbarMcAfee Security Scan PlusRecipe HubREGSERVOShop To WinTotalRecipeSearchYahoo! BrowserPlus 2.9.8Yahoo! ToolbarClose the window. Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. When finished, provide new logs with FRST. Link to post Share on other sites More sharing options...
ShardtheFox Posted March 25, 2014 Author ID:807661 Share Posted March 25, 2014 The files were to long to copy and paste, so they're attached.TDSSKiller.3.0.0.26_24.03.2014_20.32.36_log.txtFRST_24-03-2014_21-06-21.txtAddition_24-03-2014_21-05-13.txt Link to post Share on other sites More sharing options...
Psychotic Posted March 25, 2014 ID:807726 Share Posted March 25, 2014 Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If the program is already installed:Run Malwarebytes AntimalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. fixlist.txt Link to post Share on other sites More sharing options...
ShardtheFox Posted March 25, 2014 Author ID:808184 Share Posted March 25, 2014 The logs are attached.Fixlog_25-03-2014_03-04-30.txtmbam-log-2014-03-25 (03-05-54).txt Link to post Share on other sites More sharing options...
Psychotic Posted March 26, 2014 ID:808410 Share Posted March 26, 2014 Looks good! Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
ShardtheFox Posted March 26, 2014 Author ID:808817 Share Posted March 26, 2014 C:\FRST\Quarantine\C\Program Files (x86)\2jUninstall Recipe Hub.dll.xBAD a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll.xBAD Win32/Toolbar.MyWebSearch.T potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14brmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14datact.dll a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14html.dll probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14impipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll a variant of Win32/Toolbar.MyWebSearch potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14skin.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14skplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OOK4VW5\RecipeHub.exe Win32/AdInstaller potentially unwanted applicationC:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\955A8ZEX\ApnIC11130[1].dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4Z81FBR\ApnToolbarInstaller11130[1].exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Evelyn\AppData\Local\Temp\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Evelyn\AppData\Local\Temp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Evelyn\AppData\Local\Temp\Set124A.tmp Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\Users\Evelyn\AppData\Local\Temp\Set6A2D.tmp Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\Users\Evelyn\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\Users\Evelyn\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05CA7F79.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted applicationC:\Users\Evelyn\AppData\LocalLow\TotalRecipeSearch_14EI\Installr\Cache\357FB459.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted applicationC:\Users\Evelyn\Downloads\RecipeHub (1).exe Win32/AdInstaller potentially unwanted applicationC:\Users\Evelyn\Downloads\RecipeHub.exe Win32/AdInstaller potentially unwanted applicationC:\Windows\Installer\MSIC300.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application Link to post Share on other sites More sharing options...
Psychotic Posted March 27, 2014 ID:808957 Share Posted March 27, 2014 Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop. Run adwcleaner.exeHit Scan and wait for the scan to finish.Confirm the message but don´t uncheck anything.Hit CleanWhen the run is finished, it will open up a text filePlease post its contents within your next replyYou´ll find the log file at C:\AdwCleaner[s1].txt alsoDelete junk with JRT Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.SecurityCheckReboot your system before starting!Please download SecurityCheck: LINK1 LINK2Save it to your desktop, start it and follow the instructions in the window.After the scan finished the (checkup.txt) will open. Copy its content to your thread. fixlist.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 2, 2014 Root Admin ID:812163 Share Posted April 2, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts