mrdanleeper Posted April 29, 2014 ID:825140 Share Posted April 29, 2014 I have a spigist infection. Malwarebytes found and removed it. Not all was removed. It keeps trying to reinstall itself but Malwarebytes stops it. I installed avast and it found anther virus and is quarantined. Now what do I do?I also reinstalled comodo just now.Hers the logs..Extras.TxtOTL.Txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 29, 2014 ID:825239 Share Posted April 29, 2014 Welcome to the forum. General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> Please run a Quick Scan with Malwarebytes For Malwarebytes ver: 1.75 Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. For Malwarebytes 2.0, please run a Threat Scan Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine all that's found Post the log Then...... Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button. (make sure the Addition box is checked)It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. Last................ Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running. Create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<-------- If I don't respond within 24 hours, please send me a PM Link to post Share on other sites More sharing options...
mrdanleeper Posted April 30, 2014 Author ID:825374 Share Posted April 30, 2014 I have a spigist infection. Somehow after posting on this forum malwarebites stopped working. It showing errors. It worked fine before. But it kept stopping the reinstallation of spigist then files ended up missing and now won't reinstall. I also have the other two logs you require. But they won't paste. I don't know what to do. I attached the files. If their was a way to record that I can't paste into the forum or the errors I would do it. I tried a screen shot but I could find one. My firefox isn't working. AdwCleanerR3.txtcheckup.txt Link to post Share on other sites More sharing options...
mrdanleeper Posted April 30, 2014 Author ID:825375 Share Posted April 30, 2014 1. Malewarebytes now has missing files. It has errors messages during reinstall. It started after I posted on this forum. Strange...2. I can't leave logs on this page. Nothing happens when I hit paste.3. I can't get firefox to work anymore.4. If I had a screen capture that would work id show whats going on. The paste option on the right side just freezes everything when I use it. That's the only reason I left them in a link. I have everything but malewarebytes logs. Any suggestions? AdwCleanerR3.txtcheckup.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 30, 2014 ID:825482 Share Posted April 30, 2014 I replied here: https://forums.malwarebytes.org/index.php?showtopic=147849&p=825239 Please carry out my instructions, MrC Link to post Share on other sites More sharing options...
mrdanleeper Posted April 30, 2014 Author ID:825601 Share Posted April 30, 2014 Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-04-2014 03Ran by kaache at 2014-04-30 11:21:00Running from C:\Users\kaache\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z21XBYVBoot Mode: Normal============================================================================== Security Center ========================AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}==================== Installed Programs ======================7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)AVG 2014 (Version: 14.0.3920 - AVG Technologies) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)CloneSpy 2.7 (HKLM\...\CloneSpy) (Version: - CloneSpy)Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 33.0.0.0 - COMODO)COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenFlashCatch (HKLM\...\{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1) (Version: - )Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.2.2.1128 - DVDVideoSoft Ltd.)GeekBuddy (HKLM\...\{17004FB0-9CFD-43DC-BB2D-E2BA612D98D0}) (Version: 4.11.91 - Comodo Security Solutions Inc)GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Glary Utilities 4.10 (HKLM\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)HandyBits EasyCrypto Deluxe (HKLM\...\HandyBits EasyCrypto Deluxe) (Version: - )Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenK-Lite Codec Pack 10.4.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.5 - )LibreOffice 4.2.3.3 (HKLM\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (Version: 16.4.1108.0727 - Microsoft) HiddenNitro Reader 3 (HKLM\...\{587BE1E5-418E-461F-B3F0-D7C07E38B481}) (Version: 3.5.5.2 - Nitro)OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenPrivDog (HKLM\...\PrivDog) (Version: 2.1.0.22 - privdog.com)RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenRevo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)Screenshot Captor 3.05.01 (HKLM\...\ScreenshotCaptor_is1) (Version: - )Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Mail (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer Resources (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)Zip Repair Pro (HKLM\...\Zip Repair Pro_is1) (Version: 5.1.0.1420 - GetData Pty Ltd)==================== Restore Points =========================25-04-2014 19:10:35 TrueCrypt installation25-04-2014 19:47:36 avast! antivirus system restore point29-04-2014 18:05:18 Device Driver Package Install: COMODO Network Service29-04-2014 19:44:40 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.616129-04-2014 19:51:38 Installed OpenOffice 4.0.130-04-2014 05:57:27 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.1.100430-04-2014 13:49:24 Restore Operation==================== Hosts content: ==========================2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {02577486-6235-4A46-8502-B6E7C5C773CA} - System32\Tasks\RNUpgradeHelperLogonPrompt_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)Task: {19D35B73-2997-4964-97A9-C725F9EDA2F8} - System32\Tasks\ReclaimerUpdateFiles_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)Task: {1F74A2B2-8D7E-4901-8FF7-53AD3840F3E0} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)Task: {2DD17203-6149-4998-B552-8BC27740366F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)Task: {30A1B524-37EF-4695-9BD3-69E6C81704F0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)Task: {3446F961-D82D-43F6-895A-39F27F93486B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)Task: {344E1730-7140-45BC-84D7-125ABD1EC7A0} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)Task: {347B0212-22B3-4540-B7E8-0655F1A48F07} - System32\Tasks\RNUpgradeHelperResumePrompt_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)Task: {53DB8AB1-6F6F-4C39-AB82-6635A0B77AB4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)Task: {78A0DEA5-51D9-4DBC-815C-82858B9363ED} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files\NCH Software\VideoPad\VideoPad.exe [2014-04-27] (NCH Software)Task: {9FCDF59D-EE92-4128-BBCD-703E28A929F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25] (AVAST Software)Task: {A0F10BDA-6099-495C-B5A0-74DAC4EEB636} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)Task: {A7528764-D805-4135-84B6-AE2C75075326} - System32\Tasks\GlaryInitialize 4 => C:\Program Files\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)Task: {B376536C-C810-4F05-AED4-14CA5C6DF5BE} - System32\Tasks\ReclaimerUpdateXML_kaache => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-24] (RealNetworks, Inc.)Task: {CA970D63-0EE1-474E-9216-AED878420684} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-898758889-3574265211-1443799843-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)Task: {E29FF810-A048-4848-A1CE-F6DCCEB9B0F5} - System32\Tasks\GU4SkipUAC => C:\Program Files\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd)Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files\Glary Utilities 4\Initialize.exeTask: C:\Windows\Tasks\ReclaimerUpdateFiles_kaache.job => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exeTask: C:\Windows\Tasks\ReclaimerUpdateXML_kaache.job => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exeTask: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_kaache.job => C:\Users\kaache\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe==================== Loaded Modules (whitelisted) =============2014-04-30 09:17 - 2014-04-30 09:17 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043000\algo.dll2014-04-30 11:09 - 2014-04-30 11:09 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043001\algo.dll2014-04-25 14:50 - 2014-04-25 14:50 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-04-23 18:54 - 2014-04-23 18:54 - 02135232 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe2014-04-14 03:05 - 2014-04-14 03:05 - 00080160 _____ () C:\Program Files\Glary Utilities 4\zlib1.dll2013-09-02 14:23 - 2013-09-02 14:23 - 01637336 _____ () C:\Program Files\WOT\WOT.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ======================================= Disabled items from MSCONFIG ================================== Faulty Device Manager Devices =============Name: Base System DeviceDescription: Base System DeviceClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Base System DeviceDescription: Base System DeviceClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Base System DeviceDescription: Base System DeviceClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (04/30/2014 11:05:20 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/30/2014 11:04:40 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/30/2014 10:16:20 AM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/30/2014 10:15:41 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/30/2014 10:15:04 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/30/2014 10:15:04 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/30/2014 10:13:33 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/30/2014 09:44:20 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/30/2014 09:38:01 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/30/2014 09:23:05 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.System errors:=============Error: (04/30/2014 11:04:59 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (04/30/2014 10:15:36 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (04/30/2014 10:14:00 AM) (Source: Service Control Manager) (User: )Description: The Superfetch service terminated with service-specific error %%0.Error: (04/30/2014 10:13:34 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (04/30/2014 09:20:42 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (04/30/2014 09:13:50 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (04/30/2014 09:01:35 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:cdromError: (04/30/2014 07:44:06 AM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Error: (04/30/2014 07:42:50 AM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Error: (04/30/2014 07:42:50 AM) (Source: Schannel) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10.Microsoft Office Sessions:=========================Error: (04/30/2014 11:05:20 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/30/2014 11:04:40 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exeError: (04/30/2014 10:16:20 AM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/30/2014 10:15:41 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exeError: (04/30/2014 10:15:04 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exeError: (04/30/2014 10:15:04 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exeError: (04/30/2014 10:13:33 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exeError: (04/30/2014 09:44:20 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exeError: (04/30/2014 09:38:01 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exeError: (04/30/2014 09:23:05 AM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe==================== Memory info ===========================Percentage of memory in use: 84%Total physical RAM: 1011.95 MBAvailable physical RAM: 155.14 MBTotal Pagefile: 2035.95 MBAvailable Pagefile: 826.18 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1921.02 MB==================== Drives ================================Drive c: () (Fixed) (Total:148.95 GB) (Free:112.01 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 11A8BA38)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
mrdanleeper Posted April 30, 2014 Author ID:825602 Share Posted April 30, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/30/2014Scan Time: 11:00:43 AMLogfile: log.txtAdministrator: YesVersion: 2.00.1.1004Malware Database: v2014.04.30.06Rootkit Database: v2014.03.27.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: kaacheScan Type: Threat ScanResult: CompletedObjects Scanned: 223144Time Elapsed: 37 min, 32 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 1PUP.Optional.AtuZi.A, HKU\S-1-5-21-898758889-3574265211-1443799843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AtuZi, , [ae52fa06847cf01075e26e06fa080bf5],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 1PUP.Optional.Softonic.A, C:\Users\kaache\Desktop\SoftonicDownloader_for_screenshot-captor.exe, , [20e0659bd12f6d9327b86eae3bc609f7],Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
mrdanleeper Posted April 30, 2014 Author ID:825604 Share Posted April 30, 2014 These were the files that the forum sasid were to long.... mbam log.txtmbam-log-2014-04-30 (10-23-10).xmlRKreport0_S_04302014_115428.txt Link to post Share on other sites More sharing options...
mrdanleeper Posted April 30, 2014 Author ID:825605 Share Posted April 30, 2014 I'm also getting a 0x0000022 when doing system restore point. Thanks.... Link to post Share on other sites More sharing options...
MrCharlie Posted April 30, 2014 ID:825610 Share Posted April 30, 2014 I need to see the FRST.txt from the FRST scan.MrC Link to post Share on other sites More sharing options...
mrdanleeper Posted May 1, 2014 Author ID:825918 Share Posted May 1, 2014 This one?FRST.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 1, 2014 ID:825919 Share Posted May 1, 2014 Did you install this BootDefragDriver.sys by Glarysoft Ltd???------------------------------------Download the attached fixlist.txt to the same folder as FRST.exe.Run FRST.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.-----------------------------------Download a fresh copy of AdwCleaner and run it.Update and run a scan with MalwarebytesPost the logs if anything is foundLet me know how it is.MrC Link to post Share on other sites More sharing options...
mrdanleeper Posted May 1, 2014 Author ID:825922 Share Posted May 1, 2014 No my friend who knows computers gave glary and some of those programs to me. It starts up sometimes on reboot so I stop it. BootDefragDriver.sys must of installed itself. The malwarebytes program says no new updates. I'll uninstall any program you wish. I downloaded a AdwCleaner copy from anther computer. Right now malwarebytes is scanning and it will take awhile to finish. I'll follow all your instructions afterwards and leave the results. Several of those freeware programs came off of download.com. It used to not have viruses. The screen capture from download.com came up as having a virus. I did nothing to get rid of it as you said. If you want me to remove glary and try to create a restore point let me know. ;D Link to post Share on other sites More sharing options...
mrdanleeper Posted May 1, 2014 Author ID:825928 Share Posted May 1, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 5/1/2014Scan Time: 2:30:30 PMLogfile: mbam.txtAdministrator: YesVersion: 2.00.1.1004Malware Database: v2014.05.01.12Rootkit Database: v2014.03.27.01License: TrialMalware Protection: EnabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: kaacheScan Type: Threat ScanResult: CompletedObjects Scanned: 221784Time Elapsed: 29 min, 22 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 1PUP.Optional.AtuZi.A, HKU\S-1-5-21-898758889-3574265211-1443799843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AtuZi, , [340c52fa69122f07474e690cc53d33cd],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
mrdanleeper Posted May 1, 2014 Author ID:825930 Share Posted May 1, 2014 I didn't do everything in the order you requested and hit fix i'll do it again... Sorry about that... Link to post Share on other sites More sharing options...
MrCharlie Posted May 1, 2014 ID:825934 Share Posted May 1, 2014 OK, we'll take care of BootDefragDriver.sys later. MrC Link to post Share on other sites More sharing options...
mrdanleeper Posted May 1, 2014 Author ID:825935 Share Posted May 1, 2014 Heres the first request..... The answers to your others questions are above #13.... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014 01Ran by kaache at 2014-05-01 14:50:42 Run:1Running from C:\Users\kaache\Desktop\New folderBoot Mode: Normal==============================================Content of fixlist:*****************HKLM\...\Run: [ComodoFSFirefox] => "C:\Program Files\AdTrustMedia\PrivDog\FinalizeSetup.exe" /fBHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.22\trustedads.dll No FileFF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []S3 MFE_RR; \??\C:\Users\kaache\AppData\Local\Temp\mfe_rr.sys [X]*****************HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ComodoFSFirefox => Value deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key not found.HKCR\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} => Key deleted successfully.HKLM\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} => Value deleted successfully.C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ => Moved successfully.MFE_RR => Service deleted successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
mrdanleeper Posted May 1, 2014 Author ID:825939 Share Posted May 1, 2014 MALWAREBYTES said its program is corrupted and ask me if I wanted to download a new one I hit no... Heres your AdwCleaner log # AdwCleaner v3.205 - Report created 01/05/2014 at 14:52:44# Updated 28/04/2014 by Xplode# Operating System : Windows 7 Starter Service Pack 1 (32 bits)# Username : kaache - KAACHE-PC# Running from : C:\Users\kaache\Desktop\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****Folder Found : C:\Program Files\GreenTree Applications***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Mozilla Firefox v28.0 (en-US)[ File : C:\Users\kaache\AppData\Roaming\Mozilla\Firefox\Profiles\hykmvjc1.default\prefs.js ]*************************AdwCleaner[R0].txt - [1287 octets] - [29/04/2014 16:16:55]AdwCleaner[R1].txt - [1347 octets] - [29/04/2014 17:09:04]AdwCleaner[R2].txt - [1407 octets] - [29/04/2014 17:15:29]AdwCleaner[R3].txt - [1467 octets] - [29/04/2014 17:58:45]AdwCleaner[R4].txt - [1140 octets] - [01/05/2014 14:52:44]########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1200 octets] ########## Link to post Share on other sites More sharing options...
mrdanleeper Posted May 1, 2014 Author ID:825940 Share Posted May 1, 2014 Do you want me to uninstall and reinstall malwarebytes? Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:825992 Share Posted May 2, 2014 No, just run a Threat Scan, MrC Link to post Share on other sites More sharing options...
mrdanleeper Posted May 2, 2014 Author ID:826197 Share Posted May 2, 2014 From which program? Malwarebytes crashes.. Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826207 Share Posted May 2, 2014 I'm sorry...try to reinstall it: https://forums.malwarebytes.org/index.php?showtopic=122284 MrC Link to post Share on other sites More sharing options...
mrdanleeper Posted May 2, 2014 Author ID:826322 Share Posted May 2, 2014 I didn't quarantine or take any action to remove the virus. Should I? I just saved the log. mbam.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 2, 2014 ID:826325 Share Posted May 2, 2014 Yes, please quarantine it......and it's not a virus, it's a: PUP (Potentially Unwanted Program)http://searchsecurity.techtarget.com/definition/PUP and it's just a left over registry entry. MrC Link to post Share on other sites More sharing options...
mrdanleeper Posted May 2, 2014 Author ID:826330 Share Posted May 2, 2014 Ok what do I do next? Link to post Share on other sites More sharing options...
Recommended Posts