Spigist infected

[mrdanleeper]

I have a spigist infection. Malwarebytes found and removed it. Not all was removed. It keeps trying to reinstall itself but Malwarebytes stops it. I installed avast and it found anther virus and is quarantined. Now what do I do?

I also reinstalled comodo just now.

Hers the logs..

Extras.Txt

OTL.Txt

[MrCharlie]

Welcome to the forum.

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button. (make sure the Addition box is checked)
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

[mrdanleeper]

I have a spigist infection. Somehow after posting on this forum malwarebites stopped working. It showing errors. It worked fine before. But it kept stopping the reinstallation of spigist then files ended up missing and now won't reinstall. I also have the other two logs you require. But they won't paste. I don't know what to do. I attached the files. If their was a way to record that I can't paste into the forum or the errors I would do it. I tried a screen shot but I could find one. My firefox isn't working.

 

 

 

AdwCleanerR3.txt

checkup.txt

[mrdanleeper]

1. Malewarebytes now has missing files. It has errors messages during reinstall. It started after I posted on this forum. Strange...

2. I can't leave logs on this page. Nothing happens when I hit paste.

3. I can't get firefox to work anymore.

4. If I had a screen capture that would work id show whats going on. The paste option on the right side just freezes everything when I use it. That's the only reason I left them in a link. I have everything but malewarebytes logs.

 

 

Any suggestions?

 

AdwCleanerR3.txt

checkup.txt

[MrCharlie]

I replied here:

 

https://forums.malwarebytes.org/index.php?showtopic=147849&p=825239

 

Please carry out my instructions, MrC

[mrdanleeper]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-04-2014 03
Ran by kaache at 2014-04-30 11:21:00
Running from C:\Users\kaache\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z21XBYV
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
AVG 2014 (Version: 14.0.3920 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CloneSpy 2.7 (HKLM\...\CloneSpy) (Version: - CloneSpy)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.0.0.0 - COMODO)
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
FlashCatch (HKLM\...\{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1) (Version: - )
Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.2.2.1128 - DVDVideoSoft Ltd.)
GeekBuddy (HKLM\...\{17004FB0-9CFD-43DC-BB2D-E2BA612D98D0}) (Version: 4.11.91 - Comodo Security Solutions Inc)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Glary Utilities 4.10 (HKLM\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
HandyBits EasyCrypto Deluxe (HKLM\...\HandyBits EasyCrypto Deluxe) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.4.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LibreOffice 4.2.3.3 (HKLM\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Nitro Reader 3 (HKLM\...\{587BE1E5-418E-461F-B3F0-D7C07E38B481}) (Version: 3.5.5.2 - Nitro)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PrivDog (HKLM\...\PrivDog) (Version: 2.1.0.22 - privdog.com)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Screenshot Captor 3.05.01 (HKLM\...\ScreenshotCaptor_is1) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
Zip Repair Pro (HKLM\...\Zip Repair Pro_is1) (Version: 5.1.0.1420 - GetData Pty Ltd)

==================== Restore Points =========================

25-04-2014 19:10:35 TrueCrypt installation
25-04-2014 19:47:36 avast! antivirus system restore point
29-04-2014 18:05:18 Device Driver Package Install: COMODO Network Service
29-04-2014 19:44:40 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
29-04-2014 19:51:38 Installed OpenOffice 4.0.1
30-04-2014 05:57:27 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.1004
30-04-2014 13:49:24 Restore Operation

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02577486-6235-4A46-8502-B6E7C5C773CA} - System32\Tasks\RNUpgradeHelperLogonPrompt_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)
Task: {19D35B73-2997-4964-97A9-C725F9EDA2F8} - System32\Tasks\ReclaimerUpdateFiles_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)
Task: {1F74A2B2-8D7E-4901-8FF7-53AD3840F3E0} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {2DD17203-6149-4998-B552-8BC27740366F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {30A1B524-37EF-4695-9BD3-69E6C81704F0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3446F961-D82D-43F6-895A-39F27F93486B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {344E1730-7140-45BC-84D7-125ABD1EC7A0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {347B0212-22B3-4540-B7E8-0655F1A48F07} - System32\Tasks\RNUpgradeHelperResumePrompt_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)
Task: {53DB8AB1-6F6F-4C39-AB82-6635A0B77AB4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {78A0DEA5-51D9-4DBC-815C-82858B9363ED} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files\NCH Software\VideoPad\VideoPad.exe [2014-04-27] (NCH Software)
Task: {9FCDF59D-EE92-4128-BBCD-703E28A929F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25] (AVAST Software)
Task: {A0F10BDA-6099-495C-B5A0-74DAC4EEB636} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {A7528764-D805-4135-84B6-AE2C75075326} - System32\Tasks\GlaryInitialize 4 => C:\Program Files\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)
Task: {B376536C-C810-4F05-AED4-14CA5C6DF5BE} - System32\Tasks\ReclaimerUpdateXML_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)
Task: {CA970D63-0EE1-474E-9216-AED878420684} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E29FF810-A048-4848-A1CE-F6DCCEB9B0F5} - System32\Tasks\GU4SkipUAC => C:\Program Files\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd)
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_kaache.job => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_kaache.job => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_kaache.job => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2014-04-30 09:17 - 2014-04-30 09:17 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043000\algo.dll
2014-04-30 11:09 - 2014-04-30 11:09 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043001\algo.dll
2014-04-25 14:50 - 2014-04-25 14:50 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-23 18:54 - 2014-04-23 18:54 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-14 03:05 - 2014-04-14 03:05 - 00080160 _____ () C:\Program Files\Glary Utilities 4\zlib1.dll
2013-09-02 14:23 - 2013-09-02 14:23 - 01637336 _____ () C:\Program Files\WOT\WOT.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2014 11:05:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 11:04:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 10:16:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 10:15:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 10:15:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 10:15:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 10:13:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 09:44:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 09:38:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/30/2014 09:23:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/30/2014 11:04:59 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 10:15:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 10:14:00 AM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with service-specific error %%0.

Error: (04/30/2014 10:13:34 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 09:20:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 09:13:50 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 09:01:35 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/30/2014 07:44:06 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/30/2014 07:42:50 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/30/2014 07:42:50 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (04/30/2014 11:05:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 11:04:40 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/30/2014 10:16:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/30/2014 10:15:41 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/30/2014 10:15:04 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/30/2014 10:15:04 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/30/2014 10:13:33 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/30/2014 09:44:20 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/30/2014 09:38:01 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (04/30/2014 09:23:05 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe


==================== Memory info ===========================

Percentage of memory in use: 84%
Total physical RAM: 1011.95 MB
Available physical RAM: 155.14 MB
Total Pagefile: 2035.95 MB
Available Pagefile: 826.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:112.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 11A8BA38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[mrdanleeper]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/30/2014
Scan Time: 11:00:43 AM
Logfile: log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.30.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: kaache

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 223144
Time Elapsed: 37 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.AtuZi.A, HKU\S-1-5-21-898758889-3574265211-1443799843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AtuZi, , [ae52fa06847cf01075e26e06fa080bf5],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Softonic.A, C:\Users\kaache\Desktop\SoftonicDownloader_for_screenshot-captor.exe, , [20e0659bd12f6d9327b86eae3bc609f7],

Physical Sectors: 0
(No malicious items detected)


(end)

[mrdanleeper]

These were the files that the forum sasid were to long.... 

mbam log.txt

mbam-log-2014-04-30 (10-23-10).xml

RKreport0_S_04302014_115428.txt

[mrdanleeper]

I'm also getting a 0x0000022 when doing system restore point. Thanks.... 

[MrCharlie]

I need to see the FRST.txt from the FRST scan.

MrC

[mrdanleeper]

This one?

FRST.txt

[MrCharlie]

Did you install this BootDefragDriver.sys by Glarysoft Ltd???

------------------------------------

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

-----------------------------------

Download a fresh copy of AdwCleaner and run it.

Update and run a scan with Malwarebytes

Post the logs if anything is found

Let me know how it is.

MrC

[mrdanleeper]

No my friend who knows computers gave glary and some of those programs to me. It starts up sometimes on reboot so I stop it. BootDefragDriver.sys must of installed itself. The malwarebytes program says no new updates.  I'll uninstall any program you wish. I downloaded a AdwCleaner copy from anther computer.  Right now malwarebytes is scanning and it will take awhile to finish. I'll follow all your instructions afterwards and leave the results. Several of those freeware programs came off of download.com. It used to not have viruses. The screen capture from download.com came up as having a virus. I did nothing to get rid of it as you said. If you want me to remove glary and try to create a restore point let me know. ;D

[mrdanleeper]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 2:30:30 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: kaache

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 221784
Time Elapsed: 29 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.AtuZi.A, HKU\S-1-5-21-898758889-3574265211-1443799843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AtuZi, , [340c52fa69122f07474e690cc53d33cd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[mrdanleeper]

I didn't do everything in the order you requested and hit fix i'll do it again... Sorry about that...

[MrCharlie]

OK, we'll take care of BootDefragDriver.sys later.

 

MrC

[mrdanleeper]

Heres the first request..... The answers to your others questions are above #13....

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014 01
Ran by kaache at 2014-05-01 14:50:42 Run:1
Running from C:\Users\kaache\Desktop\New folder
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [ComodoFSFirefox] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /f
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll No File
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
S3 MFE_RR; \??\C:\Users\kaache\AppData\Local\Temp\mfe_rr.sys [X]


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ComodoFSFirefox => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key not found.
HKCR\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} => Value deleted successfully.
C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ => Moved successfully.
MFE_RR => Service deleted successfully.

==== End of Fixlog ====

[mrdanleeper]

MALWAREBYTES said its program is corrupted and ask me if I wanted to download a new one I hit no... 

 

 

 

Heres your AdwCleaner log # AdwCleaner v3.205 - Report created 01/05/2014 at 14:52:44

# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : kaache - KAACHE-PC
# Running from : C:\Users\kaache\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\GreenTree Applications

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\kaache\AppData\Roaming\Mozilla\Firefox\Profiles\hykmvjc1.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1287 octets] - [29/04/2014 16:16:55]
AdwCleaner[R1].txt - [1347 octets] - [29/04/2014 17:09:04]
AdwCleaner[R2].txt - [1407 octets] - [29/04/2014 17:15:29]
AdwCleaner[R3].txt - [1467 octets] - [29/04/2014 17:58:45]
AdwCleaner[R4].txt - [1140 octets] - [01/05/2014 14:52:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1200 octets] ##########

[mrdanleeper]

Do you want me to uninstall and reinstall malwarebytes?

[MrCharlie]

No, just run a Threat Scan, MrC

[mrdanleeper]

From which program? Malwarebytes crashes..

[MrCharlie]

I'm sorry...try to reinstall it:

https://forums.malwarebytes.org/index.php?showtopic=122284

MrC

[mrdanleeper]

I didn't quarantine or take any action to remove the virus. Should I? I just saved the log.

 

 

 

 

mbam.txt

[MrCharlie]

Yes, please quarantine it......and it's not a virus, it's a:

 

PUP (Potentially Unwanted Program)

http://searchsecurity.techtarget.com/definition/PUP

 

and it's just a left over registry entry.

 

MrC

[mrdanleeper]

Ok what do I do next?