Jump to content

RegServo, RecipeHub, and more.


Recommended Posts

My grandmother requested I take a look at her computer, as it was running slow. Apparently, she purchased a service called "RegServo" that is a registry cleaner, and ran the file while under remote assistance from some guy on the phone. She's kind of senile, so the details don't all add up. Anyways, her computer is a mess, and I was hoping someone could assist me with checking it out.

 

I am aware of your piracy policy, and have already checked the laptop for any torrent software, and found none. Below are the FRST.txt and Addition.txt logs.

 

Edit: Apparently, the copy and paste functionality no longer works. I just attached the logs instead.

 

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

ALOT Appbar
LivingPlay
Ask Toolbar
McAfee Security Scan Plus
Recipe Hub
REGSERVO
Shop To Win
TotalRecipeSearch
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar


Close the window.

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

 

 

 

When finished, provide new logs with FRST.

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

fixlist.txt

Link to post
Share on other sites

Looks good!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\FRST\Quarantine\C\Program Files (x86)\2jUninstall Recipe Hub.dll.xBAD a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll.xBAD Win32/Toolbar.MyWebSearch.T potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14brmon.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14datact.dll a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14html.dll probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14impipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll a variant of Win32/Toolbar.MyWebSearch potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14skin.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application

C:\FRST\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\TotalRecipeSearch_14\bar\1.bin\14skplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application

C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OOK4VW5\RecipeHub.exe Win32/AdInstaller potentially unwanted application

C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\955A8ZEX\ApnIC11130[1].dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Evelyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4Z81FBR\ApnToolbarInstaller11130[1].exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Evelyn\AppData\Local\Temp\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Evelyn\AppData\Local\Temp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

C:\Users\Evelyn\AppData\Local\Temp\Set124A.tmp Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Users\Evelyn\AppData\Local\Temp\Set6A2D.tmp Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Users\Evelyn\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\Users\Evelyn\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05CA7F79.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application

C:\Users\Evelyn\AppData\LocalLow\TotalRecipeSearch_14EI\Installr\Cache\357FB459.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application

C:\Users\Evelyn\Downloads\RecipeHub (1).exe Win32/AdInstaller potentially unwanted application

C:\Users\Evelyn\Downloads\RecipeHub.exe Win32/AdInstaller potentially unwanted application

C:\Windows\Installer\MSIC300.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

 

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also



Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2



  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.