Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegCure


  • Please log in to reply
14 replies to this topic

#1 Luvkitty

Luvkitty

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 16 March 2009 - 03:29 PM

Hello,

I was trying to play a Webinar, and after I downloaded it and tried to play it, I got a message about not being able to play it because it was an NCA file. I clicked the option to choose which program to use to play it, and it ended up taking me to RegCure. This picture shows what happened when I tried to use it:

http://i42.tinypic.com/2eecz7t.jpg

I guess that it only cleans or fixes two sections unless I pay for it, even thought it was a Microsoft thing??? I'm not really sure what I'm doing here, and I'm not sure why it found 700 something problems when I use SpySweeper on a daily basis and always have it updated. I had this RegCure fix the two sections it said it'd do for free, but what about the other stuff. Is it normal to find that many problems? Are these problems that it found truly the reason I can't seem to play the webinar? I appreciate any guidance you can give me here.

Thanks so much!
Michele

(Moderator edit and note: thread moved to more appropriate forum. jgw)

Edited by jgweed, 29 April 2009 - 07:55 AM.


BC AdBot (Login to Remove)

 


#2 Platypus

Platypus

  • Moderator
  • 14,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:30 PM

Posted 22 March 2009 - 07:51 AM

Michele, I would suggest using much caution in matters like this, I think you're wise to have asked advice on a reputable tech site.

It's not safe to assume that because the word Microsoft is used in conjunction with software, that the software is actually related to Microsoft. The supposed MicrosoftFileAssociation.org URL appearing at the bottom of that screenshot does not exist.

You can read of numerous experiences with RegCure here:

http://www.complaintsboard.com/?search=regcure

BleepingComputer does not advise the use of Registry Cleaners, and I agree with this advice. The type of "errors" reported by the scanners, if they all indeed exist in the registry, are not unusual and not a great concern. The registry is a very large and complex database, and the less it's interfered with the better.

Top 5 things that never get done:

1.


#3 Luvkitty

Luvkitty
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 23 March 2009 - 07:23 AM

OMG! I'm SO glad that I always have the wonderful support of the AWESOME people from Bleeping Computer!!! Thank you SO much for the link to all the issues with RegCure!!! I sure hope that I don't end up with bad things happening like I read about on the site you gave me the link to. I'm worried now because I DID install RegCure which I guess was the free version since I didn't pay anything to fix the 700 problems it found after scanning my computer! Also, as I mentioned in my first post on this thread, I did allow it to "fix" the two issues it found that it would fix for free. Since I read your reply to my questions I have now UNinstalled RegCure from my computer, but how can I find out if any of my credit card info., passwords, etc. have been taken or anything else done to my computer because I had installed the free version of this program?

Thanks!
Michele :thumbsup:

#4 Platypus

Platypus

  • Moderator
  • 14,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:30 PM

Posted 26 March 2009 - 08:16 AM

I'm not aware of any of these kinds of hazards being attributed to the freely available "teaser" version of the program.

What Antivirus/AntiMalware protection do you have installed on your computer?

Top 5 things that never get done:

1.


#5 figgis41

figgis41

  • Members
  • 801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hull England
  • Local time:05:30 AM

Posted 27 March 2009 - 02:55 PM

hi,,, most of these reg fixers are a load of cr,p,,,, but the ones that find loads of problems and then only fix half and promice to fix the other half if you part with cash are,,,,,,, you guessed it,, not kosher,,, its a con,,, it does not find all these problems it creates them and parts you from your cash,,, delete it and run these 2 programs to see if its left any nasties behind,,, download both free versions and update and run full scans,,, dont worry if you allraedy have spyware scanners as they never picked up our friend,,, so use these,,,
http://www.malwarebytes.org/mbam.php
http://www.superantispyware.com/
this should see it off,,, :thumbsup:
good luck.
Figgis,,,, LUFC

#6 Luvkitty

Luvkitty
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 26 April 2009 - 03:23 AM

Hello,

I was wondering if I should delete everything that the Malwarebytes.org finds? I ran the full scan, and 14 items came up. Before I delete them I thought I'd check with you.

Thanks again!
Michele :thumbsup:

#7 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:30 PM

Posted 26 April 2009 - 06:51 AM

It would be a good idea to post the log from MBAM. That will help to determine what other steps you
may need to take.

Check your Add/Remove program for RegCure and if it is there, uninstall it.

Back at the main Scanner screen of MBAM: (MalwareBytes AntiMalware)

* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Edited by buddy215, 26 April 2009 - 06:53 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Luvkitty

Luvkitty
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 29 April 2009 - 03:03 AM

Thank you again for great directions!! Here is my log:

Malwarebytes' Anti-Malware 1.36
Database version: 2043
Windows 6.0.6001 Service Pack 1

4/29/2009 12:53:52 AM
mbam-log-2009-04-29 (00-53-51).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 213869
Time elapsed: 59 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\prodegetoolbar680\prodegetoolbar680.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\gamevancetext.linker (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevancetext.linker.1 (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\prodegetoolbar680.prodegetoolbar680 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed5} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a057a204-bacc-4d26-b2fc-48f8ccab3ed6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a057a204-bacc-4d26-b2fc-48f8ccab3ed4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\prodegetoolbar680\prodegetoolbar680.dll (Trojan.BHO) -> Quarantined and deleted successfully.



Have a great day!!!
Michele :thumbsup:

#9 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:30 PM

Posted 29 April 2009 - 06:19 AM

I see no mention of RegCure. Was it in your Add/Remove program?

The trojan.BHO could have gotten on your computer via an exploit.
Suggest you use Secunia online scan to scan your programs for missing security updates/patches. Link below.
http://secunia.com/vulnerability_scanning/online/

Run another scan using Super Antispyware free. Be sure to update SAS after downloading, installing and before scanning.

INSTRUCTIONS FOR USING SAS:
http://www.superantispyware.com/

Download and install SUPERAntiSpyware Free from the link above.

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates".
* Under the "Configuration and Preferences", click the Preferences... button.
* Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
* Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit the program.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

* Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Luvkitty

Luvkitty
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 29 April 2009 - 08:45 AM

Good Morning!

I don't see an Add/Remove Programs link in my Control Panel, but is that the same thing as Uninstall a Program? If so, I went through that list and didn't see RegCure, but I'm wondering if I removed right away after getting the first response for advice on the problem.

Also, I was wondering what a ComboFix log is? That's not what I posted, is it?

I will follow the newest instructions you provided for me and let you know what I find out.

Thanks Again!!
Michele

#11 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:30 PM

Posted 29 April 2009 - 10:34 AM

Yes, Add/Remove=XP ; Uninstall Program=Vista

ComboFix is a tool that should only be used under the guidance by someone such as a member of
the Hijack This team here at BC.

Old Java programs may be exploited. If Secunia finds that yours needs updating and after updating
Java, check in the Unistall Program list for older versions and uninstall them if found.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Luvkitty

Luvkitty
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 29 April 2009 - 10:24 PM

Okay, here is the OSI scan. It's in two parts. The first pic shows the top half of the screen, and the second pic shows the bottom half of the screen. For some reason, I couldn't do a "print screen" where it showed the entire thing when I pasted it in Paint.

http://i41.tinypic.com/29pclrt.jpg

http://i40.tinypic.com/z66ah.jpg

I'm not sure what to do with the results of this scan. Also, did I use the correct version of OSI? I noticed there were other ones to upgrade to, but I just did the first one that popped up. Is that enough?

Finally, the earlier log that I posted today.....were there "bad things" found as a result?

Thanks!
Michele

Edited by Luvkitty, 29 April 2009 - 10:59 PM.


#13 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:30 PM

Posted 30 April 2009 - 07:42 AM

The results of the Online Secunia Scan are that you need to update Adobe Flash, Java and Firefox browser.

To update Java, open Java by double clicking on the Java coffee cup icon in the control panel. Click on the
update tab and then click on update now. During the install you should uncheck the box for Yahoo toolbar
unless you want it. Once you have updated Java, go to the uninstall program list and if there are older Java
programs listed than the one you just installed, uninstall them.

To update Firefox, click on Help, click on check for updates, then follow prompts.

To update Adobe Flash, here is a link to the best explanation of how best to update it. Follow the
seven steps and you will have a successful install of flash in both IE and Firefox.
http://news.cnet.com/seven-steps-to-update...yer-on-windows/

It would still be a good idea to run a scan with Super Antispyware that I posted instructions
for in my post #9.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Luvkitty

Luvkitty
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:30 PM

Posted 04 May 2009 - 01:34 AM

Thank you for the advice.

I just finished the Java update, but I have a question about the step of uninstalling previous versions. I did a screen print to show you the two things listed under Java. I didn't know if they were the same thing, even though they have different names so I thought I'd check before deleting the November one.

http://i43.tinypic.com/2m3oa3c.jpg

Thanks,
Michele

#15 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:30 PM

Posted 04 May 2009 - 03:55 AM

Yes, now that you have updated, remove the November one.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users