Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

having problem with rpcss.dll removal, heres FRST scan log output


  • This topic is locked This topic is locked
4 replies to this topic

#1 User10102

User10102

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 24 April 2014 - 10:43 AM

I am repairing a computer for a friend and have run across this virus I cannot get removed. It is causing update and networking problems. Any help is greatly appreciated.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Malcolm (administrator) on MALCOLM-PC on 24-04-2014 11:27:53
Running from C:\Users\Malcolm\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service AgentComHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] -
HKU\S-1-5-21-2778759738-4075427631-1245076735-1000\...\MountPoints2: {b0ebe11b-42e8-11e1-a630-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0
HKU\S-1-5-21-2778759738-4075427631-1245076735-1000\...\Winlogon: [Shell] -
Startup: C:\Users\Malcolm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.v9.com/?type=sc&ts=1398226009&from=amt&uid=TOSHIBAXMK3276GSX_Y1KKC1PJTXXY1KKC1PJT&i=psd&t=341685b7a
SearchScopes: HKCU - {0366746C-7EF1-40D5-90E3-D9926FD34841} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {D765AF73-3B1D-4615-AB38-CF66A44F4440} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: jollywallet - {11111111-1111-1111-1111-110111251155} - C:\Program Files (x86)\jollywallet\jollywallet-bho64.dll No File
BHO: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
Hosts: 54.221.22.25 ajakpekbmnkgnjbpajgkdhimcbeoocam
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 0.0.0.0
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.v9.com/?type=hppp&ts=1398254340&from=amt&uid=TOSHIBAXMK3276GSX_Y1KKC1PJTXXY1KKC1PJT&i=psd&t=3416cae31
CHR StartupUrls: "hxxp://www.v9.com/?type=hppp&ts=1398254340&from=amt&uid=TOSHIBAXMK3276GSX_Y1KKC1PJTXXY1KKC1PJT&i=psd&t=3416cae31"
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Malcolm\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Plus-HD-7.5) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-02-18]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2012-10-11]
CHR Extension: (Google Wallet) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (MediaPlayerEnhance) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiamgkpplhllmgmjkmpoapkidpgfhmdo [2014-02-21]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Malcolm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2014-04-24]
CHR HKCU\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2012-04-18]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-24 11:27 - 2014-04-24 11:27 - 00021417 _____ () C:\Users\Malcolm\Downloads\Addition.txt
2014-04-24 11:24 - 2014-04-24 11:28 - 00016805 _____ () C:\Users\Malcolm\Downloads\FRST.txt
2014-04-24 11:23 - 2014-04-24 11:27 - 00000000 ____D () C:\FRST
2014-04-24 11:23 - 2014-04-24 11:23 - 02061824 _____ (Farbar) C:\Users\Malcolm\Downloads\FRST64.exe
2014-04-24 10:09 - 2014-04-24 10:09 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-24 10:07 - 2014-04-24 10:08 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Malcolm\Downloads\spybot-2.2.exe
2014-04-24 01:46 - 2014-04-24 11:14 - 00000112 _____ () C:\Windows\setupact.log
2014-04-24 01:46 - 2014-04-24 01:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-24 00:31 - 2014-04-24 00:31 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\AVG2014
2014-04-24 00:30 - 2014-04-24 01:01 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-24 00:30 - 2014-04-24 00:30 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-24 00:30 - 2014-04-24 00:30 - 00000000 ___HD () C:\$AVG
2014-04-24 00:30 - 2014-04-24 00:30 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\TuneUp Software
2014-04-24 00:30 - 2014-04-24 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-24 00:29 - 2014-04-24 00:29 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-24 00:27 - 2014-04-24 10:03 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-24 00:27 - 2014-04-24 00:40 - 00000000 ____D () C:\Users\Malcolm\AppData\Local\Avg2014
2014-04-24 00:27 - 2014-04-24 00:27 - 00000000 ____D () C:\Users\Malcolm\AppData\Local\MFAData
2014-04-23 22:41 - 2014-04-23 22:41 - 00003142 _____ () C:\Windows\System32\Tasks\{84A9CB79-897B-4B79-8272-831201C1C671}
2014-04-23 22:35 - 2014-04-23 22:35 - 00003308 _____ () C:\Windows\System32\Tasks\4890
2014-04-23 22:35 - 2014-04-23 22:35 - 00003208 _____ () C:\Windows\System32\Tasks\0
2014-04-23 22:28 - 2014-04-23 22:28 - 00000000 ____D () C:\Windows\pss
2014-04-23 22:23 - 2014-04-23 22:23 - 00000000 ____D () C:\Program Files (x86)\predm
2014-04-23 07:58 - 2014-04-23 07:58 - 00002207 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2014-04-23 07:58 - 2014-04-23 07:58 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-23 07:55 - 2014-04-23 22:39 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-04-23 00:16 - 2014-04-23 07:54 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-04-23 00:15 - 2014-04-23 22:39 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\systweak
2014-04-23 00:15 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-23 00:14 - 2014-04-23 22:55 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-04-23 00:14 - 2014-04-23 22:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-23 00:08 - 2014-04-24 11:11 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\SupTab
2014-04-23 00:07 - 2014-04-23 22:41 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\v9
2014-04-22 23:07 - 2014-04-22 23:10 - 00000000 ____D () C:\000e56d6deb5e227d1
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-03 07:35 - 2014-04-24 11:25 - 00000082 _____ () C:\Windows\system32\jpuvn.wzm
2014-04-03 07:22 - 2014-04-03 07:22 - 00000064 _____ () C:\Windows\system32\tokz.djq
2014-04-03 07:22 - 2014-04-03 07:22 - 00000000 _____ () C:\Windows\system32\jpzq.pot
2014-04-03 07:06 - 2014-04-03 07:06 - 00299344 ____S () C:\Windows\system32\kgcn.sdc
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-24 11:28 - 2014-04-24 11:24 - 00016805 _____ () C:\Users\Malcolm\Downloads\FRST.txt
2014-04-24 11:27 - 2014-04-24 11:27 - 00021417 _____ () C:\Users\Malcolm\Downloads\Addition.txt
2014-04-24 11:27 - 2014-04-24 11:23 - 00000000 ____D () C:\FRST
2014-04-24 11:25 - 2014-04-03 07:35 - 00000082 _____ () C:\Windows\system32\jpuvn.wzm
2014-04-24 11:24 - 2012-01-19 18:01 - 01804335 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 11:23 - 2014-04-24 11:23 - 02061824 _____ (Farbar) C:\Users\Malcolm\Downloads\FRST64.exe
2014-04-24 11:21 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 11:21 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 11:18 - 2012-01-19 23:33 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{40E1447E-C1D3-4CD9-A650-F0873905DFD3}
2014-04-24 11:14 - 2014-04-24 01:46 - 00000112 _____ () C:\Windows\setupact.log
2014-04-24 11:14 - 2012-03-06 03:39 - 01083940 _____ () C:\Windows\PFRO.log
2014-04-24 11:14 - 2012-01-21 18:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 11:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 11:12 - 2012-01-21 18:59 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 11:11 - 2014-04-23 00:08 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\SupTab
2014-04-24 10:50 - 2012-04-18 09:32 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-04-24 10:33 - 2012-04-18 15:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 10:09 - 2014-04-24 10:09 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-24 10:09 - 2012-10-27 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-24 10:09 - 2012-10-09 11:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-24 10:08 - 2014-04-24 10:07 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Malcolm\Downloads\spybot-2.2.exe
2014-04-24 10:03 - 2014-04-24 00:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-24 09:59 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-24 01:46 - 2014-04-24 01:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-24 01:01 - 2014-04-24 00:30 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-24 00:40 - 2014-04-24 00:27 - 00000000 ____D () C:\Users\Malcolm\AppData\Local\Avg2014
2014-04-24 00:31 - 2014-04-24 00:31 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\AVG2014
2014-04-24 00:30 - 2014-04-24 00:30 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-24 00:30 - 2014-04-24 00:30 - 00000000 ___HD () C:\$AVG
2014-04-24 00:30 - 2014-04-24 00:30 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\TuneUp Software
2014-04-24 00:30 - 2014-04-24 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-04-24 00:29 - 2014-04-24 00:29 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-04-24 00:27 - 2014-04-24 00:27 - 00000000 ____D () C:\Users\Malcolm\AppData\Local\MFAData
2014-04-23 23:36 - 2011-02-10 12:10 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-23 23:13 - 2013-08-20 19:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-23 23:06 - 2012-01-19 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-04-23 22:55 - 2014-04-23 00:14 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-04-23 22:55 - 2012-01-21 19:00 - 00000000 ____D () C:\Program Files\Google
2014-04-23 22:48 - 2012-01-21 18:59 - 00000000 ____D () C:\Users\Malcolm\AppData\Local\Google
2014-04-23 22:48 - 2012-01-21 18:59 - 00000000 ____D () C:\ProgramData\Google
2014-04-23 22:48 - 2012-01-21 18:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-23 22:47 - 2012-01-19 20:58 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-04-23 22:43 - 2014-04-23 00:14 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-04-23 22:41 - 2014-04-23 22:41 - 00003142 _____ () C:\Windows\System32\Tasks\{84A9CB79-897B-4B79-8272-831201C1C671}
2014-04-23 22:41 - 2014-04-23 00:07 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\v9
2014-04-23 22:41 - 2012-01-19 17:42 - 00001419 _____ () C:\Users\Malcolm\Desktop\Internet Explorer.lnk
2014-04-23 22:41 - 2012-01-19 16:47 - 00001419 _____ () C:\Users\Malcolm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-23 22:39 - 2014-04-23 07:55 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-04-23 22:39 - 2014-04-23 00:15 - 00000000 ____D () C:\Users\Malcolm\AppData\Roaming\systweak
2014-04-23 22:36 - 2012-01-20 12:57 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-04-23 22:35 - 2014-04-23 22:35 - 00003308 _____ () C:\Windows\System32\Tasks\4890
2014-04-23 22:35 - 2014-04-23 22:35 - 00003208 _____ () C:\Windows\System32\Tasks\0
2014-04-23 22:28 - 2014-04-23 22:28 - 00000000 ____D () C:\Windows\pss
2014-04-23 22:28 - 2012-01-19 16:47 - 00000000 ___RD () C:\Users\Malcolm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 22:28 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 22:24 - 2014-03-14 03:36 - 00000118 _____ () C:\Windows\wininit.ini
2014-04-23 22:23 - 2014-04-23 22:23 - 00000000 ____D () C:\Program Files (x86)\predm
2014-04-23 07:58 - 2014-04-23 07:58 - 00002207 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2014-04-23 07:58 - 2014-04-23 07:58 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-23 07:54 - 2014-04-23 00:16 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector
2014-04-23 07:49 - 2012-05-06 12:36 - 00000000 ____D () C:\Windows\Minidump
2014-04-23 00:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-23 00:06 - 2012-01-21 19:18 - 00002407 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-22 23:10 - 2014-04-22 23:07 - 00000000 ____D () C:\000e56d6deb5e227d1
2014-04-18 15:01 - 2014-04-18 15:01 - 00237336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-04-10 23:12 - 2012-01-19 16:46 - 00000000 ____D () C:\Users\Malcolm
2014-04-03 07:22 - 2014-04-03 07:22 - 00000064 _____ () C:\Windows\system32\tokz.djq
2014-04-03 07:22 - 2014-04-03 07:22 - 00000000 _____ () C:\Windows\system32\jpzq.pot
2014-04-03 07:06 - 2014-04-03 07:06 - 00299344 ____S () C:\Windows\system32\kgcn.sdc
2014-04-03 07:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-02 23:07 - 2012-01-21 18:59 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 23:07 - 2012-01-21 18:59 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 16:20 - 2014-03-31 16:20 - 00274200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-31 16:06 - 2014-03-31 16:06 - 00130840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-03-31 09:35 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2012-01-19 19:26 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-27 22:14 - 2014-03-27 22:14 - 00192792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-03-27 22:07 - 2014-03-27 22:07 - 00236824 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-03-27 22:05 - 2014-03-27 22:05 - 00324376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00032536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
 
Some content of TEMP:
====================
C:\Users\Malcolm\AppData\Local\Temp\air95CF.exe
C:\Users\Malcolm\AppData\Local\Temp\bpuninstall.exe
C:\Users\Malcolm\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Malcolm\AppData\Local\Temp\rl5xocfv.dll
C:\Users\Malcolm\AppData\Local\Temp\setup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0513536 ____A (Microsoft Corporation) 87103248ED78AF1FBDFC3DE98CF89A91
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-04 23:08
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   30.28KB   0 downloads


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 24 April 2014 - 10:45 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

Also, please post the addition.txt from FRST as well!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 User10102

User10102
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 24 April 2014 - 11:33 AM

additional: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014

Ran by Malcolm at 2014-04-24 11:29:39
Running from C:\Users\Malcolm\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon 1Button App (x32 Version: 1.0.4 - Amazon) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3920 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell KM632 Wireless Keyboard Caps Lock Indicator (HKLM-x32\...\{55586382-6704-4237-AAA7-85FF9C055022}) (Version: 2.1.9.0401 - Dell)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 8.0 - Dell)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaPlayerEnhance (HKLM-x32\...\MediaPlayerEnhance) (Version: 1.34.1.29 - Feven) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
 
==================== Restore Points  =========================
 
24-04-2014 15:19:37 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-04-23 00:14 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts
54.221.22.25 ajakpekbmnkgnjbpajgkdhimcbeoocam
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {18F29E51-991C-42D4-A407-2E503C080E33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-22] (Adobe Systems Incorporated)
Task: {43F93524-0E10-412A-B257-AD7023A09275} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {8D6DE406-5A20-4EEA-8C94-BB9464BDBE51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21] (Google Inc.)
Task: {9CD80C40-8F46-4999-9BF0-41513ABBF522} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21] (Google Inc.)
Task: {EC08991D-AD35-4800-A2FE-594972292329} - System32\Tasks\4890 => Wscript.exe C:\Users\Malcolm\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-19 19:01 - 2011-01-12 20:17 - 00053248 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
2012-01-19 19:01 - 2011-03-11 12:09 - 00028672 _____ () C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\INDICATOR_OSD.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "DisplayName"="HFN Client"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ImagePath"="C:\Program Files (x86)\HFN\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "Application"="C:\Program Files (x86)\HFN\Client\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HFN Client\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftwareUpdater.lnk => C:\Windows\pss\SoftwareUpdater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Malcolm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Malcolm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk => C:\Windows\pss\Severe Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2014 11:15:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2014 10:04:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x1198
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:04:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x530
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:03:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x1108
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:03:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x1a18
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:03:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x18e0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:03:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x1aa0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:03:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x18fc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:03:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0x1478
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (04/24/2014 10:02:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
Faulting module name: jscript9.dll, version: 11.0.9600.16521, time stamp: 0x53115050
Exception code: 0xc0000005
Fault offset: 0x00008a95
Faulting process id: 0xdd4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (04/24/2014 11:25:46 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (04/24/2014 11:25:46 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (04/24/2014 11:25:46 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (04/24/2014 11:25:46 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (04/24/2014 11:25:46 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (04/24/2014 11:25:46 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (04/24/2014 11:25:46 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (04/24/2014 11:24:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070216: Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2929437).
 
Error: (04/24/2014 11:15:18 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (04/24/2014 11:14:34 AM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
 
Microsoft Office Sessions:
=========================
Error: (04/24/2014 11:15:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2014 10:04:18 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a95119801cf5fc6120e44e5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll5358d353-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:04:10 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a9553001cf5fc60bd696c6C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll4e56e1cf-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:03:56 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a95110801cf5fc605352abcC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll45ceb215-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:03:52 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a951a1801cf5fc6053f3d02C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll43d5294e-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:03:48 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a9518e001cf5fc5ff747ad3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll414ccb8a-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:03:43 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a951aa001cf5fc5ff76ebdcC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll3e4a5739-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:03:36 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a9518fc01cf5fc5d6de7b67C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll3a4eb8f9-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:03:02 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a95147801cf5fc5e1e89105C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll25ea0514-cbb9-11e3-acba-180373ad21f2
 
Error: (04/24/2014 10:02:54 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1652153114399jscript9.dll11.0.9600.1652153115050c000000500008a95dd401cf5fc5e1eadafeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\jscript9.dll20c9b873-cbb9-11e3-acba-180373ad21f2
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 4058.36 MB
Available physical RAM: 2617.92 MB
Total Pagefile: 8114.91 MB
Available Pagefile: 6643.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:284.24 GB) (Free:252.71 GB) NTFS
Drive d: (AND_NOW_FOR_SOMETHING_COMPLETE) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 7107E142)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
ARK.TXT:
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-24 12:31:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3276GSX rev.GS002D 298.09GB
Running: bjf58o8z.exe; Driver: C:\Users\Malcolm\AppData\Local\Temp\uwriifog.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\system32\svchost.exe [928:244]                               00000000005e4a82
Thread  C:\Windows\system32\svchost.exe [928:380]                               00000000005db276
Thread  C:\Windows\system32\svchost.exe [928:376]                               0000000000446722
Thread  C:\Windows\system32\svchost.exe [928:372]                               0000000000445f9e
Thread  C:\Windows\system32\svchost.exe [928:384]                               00000000004454b6
Thread  C:\Windows\system32\svchost.exe [928:344]                               00000000005db1e6
Thread  C:\Windows\system32\svchost.exe [428:1104]                              00000000001c6722
Thread  C:\Windows\system32\svchost.exe [428:1120]                              00000000001c5f9e
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5280:5376]  0000000077dc3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5280:5380]  0000000077dc3e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5280:5384]  00000000775f7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5280:5412]  0000000071eb7712
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5280:5432]  0000000077dc2e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5280:5292]  0000000077dc3e85
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch         121434
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch        105887
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpDomain      hsd1.ga.comcast.net.
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer  75.75.75.75 75.75.76.76 0.0.0.0
 
---- EOF - GMER 2.1 ----
 


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 25 April 2014 - 04:38 AM

Search for files with FRST (Recovery Environment)


Run FRST.

Type the following in the edit box after "Search:"

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 08 May 2014 - 04:20 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users