Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer 7 Freezes When Loading A Link


  • This topic is locked This topic is locked
48 replies to this topic

#1 StickFigs

StickFigs

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 24 January 2009 - 12:11 AM

Recently when I have been using IE I have randomly encountered a problem where on a website I will click a link to navigate the website and the link will start to load but then IE becomes frozen and I can't interact with it in any way or close the tab the entire program is frozen. The only way to close it is to end iexplorer.exe in the processes window.

I tried disabling all of my IE add-ons that didn't seem important or looked suspicious but the problem persists, so here is my HighjackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:21 PM, on 1/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5F6C67CA-71DC-47B1-994F-D117777306BF} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix: 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231993336_6da29d98802a8e491f649e89b928c2eb&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 5510 bytes

Virus and spyware scanners also turn up no problems so I don't know what could be causing the random freezes. Also, it's not just one specific website it seems to be random and isn't the fault of any particular website.

Edited by StickFigs, 24 January 2009 - 12:12 AM.


BC AdBot (Login to Remove)

 


#2 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:53 AM

Posted 06 February 2009 - 03:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.
Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.



* Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.scr
DDS.pif

* Double click on the DDS icon, allow it to run.
* A small box will open, with an explaination about the tool. No input is needed, the scan is running.
* Notepad will open with the results, click no to the Optional_Scan
* Follow the instructions that pop up for posting the results.
* Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

After your response, someone will be with you soon.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#3 StickFigs

StickFigs
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 07 February 2009 - 06:40 PM

Here's my DDS Log:

DDS (Ver_09-02-01.01) - NTFSx86  
Run by Kyle at 16:32:59.82 on Sat 02/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2046.1322 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kyle\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5F6C67CA-71DC-47B1-994F-D117777306BF} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
uPolicies-explorer: NoAddPrinter = 1 (0x1)
uPolicies-explorer: StartMenuFavorites = 0 (0x0)
uPolicies-explorer: StartMenuRun = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoSearchCommInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchComputerLinkInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchFilesInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchInternetInStartMenu = 0 (0x0)
uPolicies-explorer: NoSearchProgramsInStartMenu = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
uPolicies-explorer: NoUserFolderInStartMenu = 0 (0x0)
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: TaskbarNoNotification = 0 (0x0)
uPolicies-explorer: TaskbarNoAddRemoveToolbar = 0 (0x0)
uPolicies-explorer: TaskbarNoDragToolbar = 0 (0x0)
uPolicies-explorer: TaskbarNoRedock = 0 (0x0)
uPolicies-explorer: TaskbarNoResize = 0 (0x0)
uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
uPolicies-explorer: ClearRecentProgForNewUserInStartMenu = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - No File

============= SERVICES / DRIVERS ===============

S3 EMSUSB2;EMS USB Joypad2;c:\windows\system32\drivers\Emsusb2.sys [2008-5-8 9728]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2008-6-12 41272]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2008-6-12 43192]
S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2008-6-12 40856]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2006-5-30 29184]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-9 65536]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-02-06 19:00	<DIR>	--d-----	C:\sw3dg
2009-02-02 22:41	<DIR>	--d-----	c:\users\kyle\workspace
2009-02-02 22:35	<DIR>	--d-----	c:\program files\Sun
2009-02-02 21:37	54,156	a---h---	c:\windows\QTFont.qfn
2009-02-02 21:37	1,409	a-------	c:\windows\QTFont.for
2009-01-29 17:27	622,080	a-------	c:\windows\system32\icardagt.exe
2009-01-29 17:27	105,016	a-------	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-29 17:27	97,800	a-------	c:\windows\system32\infocardapi.dll
2009-01-29 17:27	43,544	a-------	c:\windows\system32\PresentationHostProxy.dll
2009-01-29 17:27	37,384	a-------	c:\windows\system32\infocardcpl.cpl
2009-01-29 17:27	11,264	a-------	c:\windows\system32\icardres.dll
2009-01-29 17:27	781,344	a-------	c:\windows\system32\PresentationNative_v0300.dll
2009-01-29 17:27	326,160	a-------	c:\windows\system32\PresentationHost.exe
2009-01-29 17:21	96,760	a-------	c:\windows\system32\dfshim.dll
2009-01-29 17:21	282,112	a-------	c:\windows\system32\mscoree.dll
2009-01-29 17:21	41,984	a-------	c:\windows\system32\netfxperf.dll
2009-01-29 17:21	158,720	a-------	c:\windows\system32\mscorier.dll
2009-01-29 17:21	83,968	a-------	c:\windows\system32\mscories.dll
2009-01-24 23:04	<DIR>	--d-----	c:\program files\SopCast
2009-01-24 03:21	<DIR>	--d-----	c:\users\kyle\appdata\roaming\Crayon Physics Deluxe
2009-01-24 03:21	<DIR>	--d-----	c:\program files\Crayon Physics Deluxe
2009-01-21 20:42	<DIR>	--d-----	c:\program files\Curse
2009-01-20 00:47	268	a---h---	C:\sqmdata04.sqm
2009-01-20 00:47	244	a---h---	C:\sqmnoopt04.sqm
2009-01-17 12:05	<DIR>	--d-----	c:\programdata\acccore
2009-01-17 12:05	<DIR>	--d-----	c:\progra~2\acccore
2009-01-17 12:04	<DIR>	--d-----	c:\programdata\AOL Downloads
2009-01-17 01:30	<DIR>	--d-----	c:\program files\common files\Blizzard Entertainment
2009-01-17 01:22	<DIR>	--d-----	c:\programdata\Blizzard
2009-01-17 01:22	<DIR>	--d-----	c:\progra~2\Blizzard
2009-01-15 13:40	<DIR>	--d-----	c:\program files\EA Games
2009-01-15 13:39	<DIR>	--d-----	c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-01-15 03:51	<DIR>	--d-----	c:\programdata\PrettyMay
2009-01-15 03:51	<DIR>	--d-----	c:\progra~2\PrettyMay
2009-01-15 01:29	<DIR>	--d-----	c:\program files\Skype
2009-01-15 00:06	<DIR>	--d-----	c:\program files\Saints Row 2
2009-01-13 20:48	288,768	a-------	c:\windows\system32\drivers\srv.sys
2009-01-10 02:52	<DIR>	--d-----	c:\program files\Ventrilo
2009-01-10 02:52	262	a-------	c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-09 22:05	56	a---h---	c:\windows\system32\ezsidmv.dat
2009-01-09 22:02	<DIR>	--d-----	c:\programdata\Skype

==================== Find3M  ====================

2009-02-02 22:35	410,984	a-------	c:\windows\system32\deploytk.dll
2009-01-23 23:58	143,360	a-------	c:\windows\inf\infstrng.dat
2009-01-23 23:58	86,016	a-------	c:\windows\inf\infstor.dat
2009-01-23 23:58	51,200	a-------	c:\windows\inf\infpub.dat
2008-12-27 18:21	319,456	a-------	c:\windows\DIFxAPI.dll
2008-12-23 18:21	965,664	a-------	c:\windows\system32\RtkPgExt.dll
2008-12-23 18:20	322,080	a-------	c:\windows\system32\RtkApoApi.dll
2008-12-23 18:20	2,510,368	a-------	c:\windows\system32\RtkAPO.dll
2008-12-23 18:13	2,256,976	a-------	c:\windows\system32\drivers\RTKVHDA.sys
2008-12-23 03:47	138,240	a-------	c:\windows\system32\drivers\Rtlh86.sys
2008-12-23 03:47	10,240	a-------	c:\windows\system32\RtNicProp32.dll
2008-12-18 14:32	37,376	a-------	c:\windows\system32\RtkCoInst.dll
2008-12-14 19:04	278,984	a-------	c:\windows\system32\drivers\atksgt.sys
2008-12-14 19:04	25,416	a-------	c:\windows\system32\drivers\lirsgt.sys
2008-12-13 04:57	1,700,352	a-------	c:\windows\system32\gdiplus.dll
2008-12-10 09:45	70,936	a-------	c:\windows\system32\PhysXLoader.dll
2008-12-04 09:28	24,344	a-------	c:\windows\system32\PhysXDevice.dll
2008-12-02 23:11	801,312	a-------	c:\windows\system32\nvcplui.exe
2008-12-02 10:13	453,152	a-------	c:\windows\system32\NVUNINST.EXE
2008-09-03 22:32	22,328	a-------	c:\users\kyle\appdata\roaming\PnkBstrK.sys
2008-06-10 20:22	665,600	a-------	c:\windows\inf\drvindex.dat
2007-05-07 22:44	174	a--sh---	c:\program files\desktop.ini
2006-11-02 07:42	287,440	a-------	c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42	287,440	a-------	c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42	30,674	a-------	c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42	30,674	a-------	c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20	287,440	a-------	c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20	287,440	a-------	c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20	30,674	a-------	c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20	30,674	a-------	c:\windows\inf\perflib\0000\perfc.dat
2006-05-03 04:06	163,328	a--shr--	c:\windows\system32\flvDX.dll
2007-02-21 05:47	31,232	a--shr--	c:\windows\system32\msfDX.dll
2008-03-16 07:30	216,064	a--shr--	c:\windows\system32\nbDX.dll

============= FINISH: 16:33:14.51 ===============

and my Malwarebytes log:

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6001 Service Pack 1

2/7/2009 6:33:32 PM
mbam-log-2009-02-07 (18-33-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 282463
Time elapsed: 1 hour(s), 33 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc7d8de8-ef3d-4f44-8b54-03759fac1367} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:53 AM

Posted 07 February 2009 - 07:46 PM

How is IE working now? Are you getting any abnormal popups or ads along with the freezing?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 StickFigs

StickFigs
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 07 February 2009 - 07:49 PM

How is IE working now? Are you getting any abnormal popups or ads along with the freezing?


No, nothing out of the ordinary besides the actual freezes themselves.

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:53 AM

Posted 07 February 2009 - 08:22 PM

run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 StickFigs

StickFigs
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 07 February 2009 - 10:21 PM

ComboFix Log:

ComboFix 09-02-06.04 - Kyle 2009-02-07 21:51:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2046.1351 [GMT -5:00]
Running from: c:\users\Kyle\Downloads\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
(((((((((((((((((((((((((   Files Created from 2009-01-08 to 2009-02-08  )))))))))))))))))))))))))))))))
.

2009-02-02 22:41 . 2009-02-02 22:42	<DIR>	d--------	c:\users\Kyle\workspace
2009-02-02 22:35 . 2009-02-02 22:35	<DIR>	d--------	c:\program files\Sun
2009-02-02 21:37 . 2009-02-02 21:37	54,156	--ah-----	c:\windows\QTFont.qfn
2009-02-02 21:37 . 2009-02-02 21:37	1,409	--a------	c:\windows\QTFont.for
2009-01-29 17:27 . 2008-06-19 20:14	781,344	--a------	c:\windows\System32\PresentationNative_v0300.dll
2009-01-29 17:27 . 2008-06-19 20:14	622,080	--a------	c:\windows\System32\icardagt.exe
2009-01-29 17:27 . 2008-06-19 20:14	326,160	--a------	c:\windows\System32\PresentationHost.exe
2009-01-29 17:27 . 2008-06-19 20:14	105,016	--a------	c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-29 17:27 . 2008-06-19 20:14	97,800	--a------	c:\windows\System32\infocardapi.dll
2009-01-29 17:27 . 2008-06-19 20:14	43,544	--a------	c:\windows\System32\PresentationHostProxy.dll
2009-01-29 17:27 . 2008-06-19 20:14	37,384	--a------	c:\windows\System32\infocardcpl.cpl
2009-01-29 17:27 . 2008-06-19 20:14	11,264	--a------	c:\windows\System32\icardres.dll
2009-01-29 17:21 . 2008-07-27 13:03	282,112	--a------	c:\windows\System32\mscoree.dll
2009-01-29 17:21 . 2008-07-27 13:03	158,720	--a------	c:\windows\System32\mscorier.dll
2009-01-29 17:21 . 2008-07-27 13:03	96,760	--a------	c:\windows\System32\dfshim.dll
2009-01-29 17:21 . 2008-07-27 13:03	83,968	--a------	c:\windows\System32\mscories.dll
2009-01-29 17:21 . 2008-07-27 13:03	41,984	--a------	c:\windows\System32\netfxperf.dll
2009-01-24 23:04 . 2009-01-24 23:10	<DIR>	d--------	c:\program files\SopCast
2009-01-24 03:21 . 2009-01-24 03:31	<DIR>	d--------	c:\users\Kyle\AppData\Roaming\Crayon Physics Deluxe
2009-01-24 03:21 . 2009-01-24 03:31	<DIR>	d--------	c:\program files\Crayon Physics Deluxe
2009-01-21 20:42 . 2009-01-21 20:50	<DIR>	d--------	c:\program files\Curse
2009-01-20 00:47 . 2009-01-20 00:47	268	--ah-----	C:\sqmdata04.sqm
2009-01-20 00:47 . 2009-01-20 00:47	244	--ah-----	C:\sqmnoopt04.sqm
2009-01-17 12:05 . 2009-01-17 12:05	<DIR>	d--------	c:\users\All Users\acccore
2009-01-17 12:05 . 2009-01-17 12:05	<DIR>	d--------	c:\programdata\acccore
2009-01-17 12:04 . 2009-01-17 12:04	<DIR>	d--------	c:\users\All Users\AOL Downloads
2009-01-17 12:04 . 2009-01-17 12:04	<DIR>	d--------	c:\programdata\AOL Downloads
2009-01-17 01:30 . 2009-01-17 04:37	<DIR>	d--------	c:\users\Public\Games
2009-01-17 01:30 . 2009-01-17 04:37	<DIR>	d--------	c:\program files\Common Files\Blizzard Entertainment
2009-01-17 01:22 . 2009-01-17 01:22	<DIR>	d--------	c:\users\All Users\Blizzard
2009-01-17 01:22 . 2009-01-17 01:22	<DIR>	d--------	c:\programdata\Blizzard
2009-01-15 13:40 . 2009-01-15 13:40	<DIR>	d--------	c:\program files\EA Games
2009-01-15 13:39 . 2009-01-15 13:39	<DIR>	d--------	c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-01-15 03:51 . 2009-01-15 03:52	<DIR>	d--------	c:\users\All Users\PrettyMay
2009-01-15 03:51 . 2009-01-15 03:52	<DIR>	d--------	c:\programdata\PrettyMay
2009-01-15 01:29 . 2009-02-02 22:02	<DIR>	d--------	c:\users\Kyle\AppData\Roaming\Skype
2009-01-15 01:29 . 2009-01-15 03:57	<DIR>	d--------	c:\program files\Skype
2009-01-15 01:29 . 2009-01-15 01:29	<DIR>	d--------	c:\program files\Common Files\Skype
2009-01-15 00:06 . 2009-01-15 00:21	<DIR>	d--------	c:\program files\Saints Row 2
2009-01-14 23:17 . 2009-02-02 22:35	<DIR>	d--------	c:\program files\Java
2009-01-13 20:48 . 2008-12-15 21:42	288,768	--a------	c:\windows\System32\drivers\srv.sys
2009-01-10 02:52 . 2009-01-10 02:55	<DIR>	d--------	c:\users\Kyle\AppData\Roaming\Ventrilo
2009-01-10 02:52 . 2009-01-10 02:52	<DIR>	d--------	c:\program files\Ventrilo
2009-01-10 02:52 . 2009-01-10 02:52	262	--a------	c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-09 22:05 . 2009-02-02 18:33	<DIR>	d--------	c:\users\Kyle\AppData\Roaming\skypePM
2009-01-09 22:05 . 2009-01-09 22:05	56	--ah-----	c:\windows\System32\ezsidmv.dat
2009-01-09 22:02 . 2009-01-15 01:29	<DIR>	d--------	c:\users\All Users\Skype
2009-01-09 22:02 . 2009-01-15 01:29	<DIR>	d--------	c:\programdata\Skype

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 02:46	---------	d-----w	c:\program files\Steam
2009-02-04 22:27	---------	d-----w	c:\program files\Common Files\Steam
2009-02-04 19:37	---------	d-----w	c:\users\Kyle\AppData\Roaming\uTorrent
2009-02-03 03:38	---------	d-----w	c:\program files\eclipse
2009-01-27 20:28	---------	d-----w	c:\users\Kyle\AppData\Roaming\DMCache
2009-01-23 21:43	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-01-21 20:35	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-01-21 20:34	---------	d-----w	c:\program files\AGEIA Technologies
2009-01-21 18:00	---------	d-----w	c:\programdata\Microsoft Help
2009-01-20 17:40	---------	d-----w	c:\users\Kyle\AppData\Roaming\mIRC
2009-01-20 16:49	---------	d-----w	c:\program files\mIRC
2009-01-17 17:05	---------	d-----w	c:\programdata\Viewpoint
2009-01-17 17:05	---------	d-----w	c:\program files\Viewpoint
2009-01-17 17:05	---------	d-----w	c:\program files\AIM6
2009-01-17 03:37	---------	d-----w	c:\program files\Rockstar Games
2009-01-15 18:05	---------	d-----w	c:\program files\Windows Live Safety Center
2009-01-14 23:35	---------	d-----w	c:\program files\Google
2009-01-14 23:34	---------	d-----w	c:\users\Kyle\AppData\Roaming\Move Networks
2009-01-14 01:50	---------	d-----w	c:\program files\Windows Mail
2009-01-11 06:55	---------	d---a-w	c:\programdata\TEMP
2009-01-08 04:54	---------	d-----w	c:\users\Kyle\AppData\Roaming\dvdcss
2009-01-07 08:51	---------	d-----w	c:\users\Kyle\AppData\Roaming\Fujitsu
2009-01-07 03:04	---------	d-----w	c:\program files\StepMania
2009-01-06 10:20	---------	d-----w	c:\programdata\NVIDIA
2009-01-03 08:00	---------	d-----w	c:\programdata\FLEXnet
2009-01-02 09:14	---------	d-----w	c:\users\Kyle\AppData\Roaming\Media Player Classic
2009-01-02 09:10	---------	d-----w	c:\programdata\GRETECH
2009-01-02 09:09	---------	d-----w	c:\users\Kyle\AppData\Roaming\GRETECH
2009-01-02 09:09	---------	d-----w	c:\program files\GRETECH
2009-01-02 04:12	---------	d-----w	c:\program files\Combined Community Codec Pack
2009-01-02 04:03	---------	d-----w	c:\program files\pspvc
2009-01-02 04:00	---------	d-----w	c:\program files\AviSynth 2.5
2009-01-01 10:28	---------	d-----w	c:\program files\Red Kawa
2009-01-01 10:14	---------	d-----w	c:\program files\Winnydows
2009-01-01 08:38	---------	d-----w	c:\program files\Alcohol Soft
2008-12-27 23:24	---------	d-----w	c:\programdata\NOS
2008-12-27 23:24	---------	d-----w	c:\program files\NOS
2008-12-27 23:22	---------	d--h--w	c:\program files\Temp
2008-12-27 23:21	319,456	----a-w	c:\windows\DIFxAPI.dll
2008-12-27 23:21	---------	d-----w	c:\program files\Realtek
2008-12-27 22:40	---------	d-----w	c:\program files\Common Files\Adobe
2008-12-27 06:01	---------	d-----w	c:\program files\Common Files\PX Storage Engine
2008-12-23 23:13	2,256,976	----a-w	c:\windows\system32\drivers\RTKVHDA.sys
2008-12-23 08:47	138,240	----a-w	c:\windows\system32\drivers\Rtlh86.sys
2008-12-19 01:30	---------	d-----w	c:\program files\1C
2008-12-17 00:20	---------	d-----w	c:\program files\Crazy Machines II
2008-12-17 00:04	---------	d-----w	c:\users\Kyle\AppData\Roaming\Damdai
2008-12-17 00:04	---------	d-----w	c:\users\Kyle\AppData\Roaming\DAEMON Tools
2008-12-17 00:04	---------	d-----w	c:\program files\Windows Installer Clean Up
2008-12-17 00:04	---------	d-----w	c:\program files\MSECACHE
2008-12-17 00:04	---------	d-----w	c:\program files\Microsoft.NET
2008-12-17 00:04	---------	d-----w	c:\program files\ConTEXT
2008-12-16 23:47	---------	d-----w	c:\program files\Windows Installer Clean Up(83)
2008-12-16 08:27	---------	d-----w	c:\program files\Crazy Machines II + Demo
2008-12-15 00:04	278,984	----a-w	c:\windows\system32\drivers\atksgt.sys
2008-12-15 00:04	25,416	----a-w	c:\windows\system32\drivers\lirsgt.sys
2008-12-15 00:04	---------	d-----w	c:\programdata\Tages
2008-12-15 00:01	---------	d-----w	c:\program files\OpenAL
2008-12-13 20:10	---------	d-----w	c:\program files\Unity
2008-12-12 05:16	---------	d-----w	c:\users\Kyle\AppData\Roaming\Unity
2008-12-10 20:59	---------	d-----w	c:\program files\Microsoft Games for Windows - LIVE
2008-12-08 08:09	---------	d-----w	c:\program files\Maxis
2008-09-04 03:32	22,328	----a-w	c:\users\Kyle\AppData\Roaming\PnkBstrK.sys
2007-05-08 03:44	174	--sha-w	c:\program files\desktop.ini
2006-05-03 09:06	163,328	--sha-r	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31,232	--sha-r	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216,064	--sha-r	c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAddPrinter"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"StartMenuRun"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoSearchCommInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchInternetInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"TaskbarNoNotification"= 0 (0x0)
"TaskbarNoAddRemoveToolbar"= 0 (0x0)
"TaskbarNoDragToolbar"= 0 (0x0)
"TaskbarNoRedock"= 0 (0x0)
"TaskbarNoResize"= 0 (0x0)
"TaskbarNoThumbnail"= 0 (0x0)
"ClearRecentProgForNewUserInStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"vidc.i420"= i420vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"msacm.l3acm"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Users^Kyle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^pghoiacwj.lnk]
path=c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pghoiacwj.lnk
backup=c:\windows\pss\pghoiacwj.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system34
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 22:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1964261074-4095218736-1621500884-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2D08EBF7-CCD3-48D8-9D3B-82CAE5B1CE57}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{12581D67-FC43-4B44-A3D5-08E65CA3C61A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{41DD359C-00F6-44CB-B4C7-EB8DC514F1DD}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B87431B5-C773-4B68-BC60-A5DCA373C637}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5E65614E-E7FA-46AE-A876-B75664955CCD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8016128E-C465-4047-889E-27C68BCF3F7F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{446519F6-9AEA-4B87-93E0-A2589539DB08}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{ED9A3407-09C5-431A-9F87-3DE262FAAC66}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2C57D374-E795-4C18-BFDA-6486EDF4BD98}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{C2A5615C-BF73-4073-8F44-8CA1A5A0E59C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{A2A31F95-A3BD-4A62-AF2C-168A906032E1}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{F573D06C-3DD2-4C11-B465-CCA7D6312272}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{BC7B3FC8-DCCE-40F5-8DB9-D509D4754DF0}c:\\program files\\steam\\steamapps\\stickfigs@netscape.net\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\stickfigs@netscape.net\counter-strike source\hl2.exe:hl2
"UDP Query User{7E190F01-43B2-4EF3-921D-E8BCFBE48C0B}c:\\program files\\steam\\steamapps\\stickfigs@netscape.net\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\stickfigs@netscape.net\counter-strike source\hl2.exe:hl2
"{476C8AC1-AE08-48D5-A60D-D3CDCFFDE1B8}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{4AB0A87D-5785-4AA8-9AD1-0A24503AD6DC}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{CC9C7681-68E5-4B20-BF96-FD50883A77D4}"= Disabled:UDP:c:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{E49631EA-C38F-40D6-BF0E-C2391EBB8116}"= Disabled:TCP:c:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{F4441C63-2AF6-405E-A83B-19789A92260F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{194FCBD1-518F-41CD-89A5-8A4085E9B5FA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CEAAEC49-7757-4F3D-A8F5-2C3147AC5DE8}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{756B8E23-BDB6-43CA-9EE6-9E97F0FE1604}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{39AC88E1-F2EF-42CB-AF80-05A653475A33}"= UDP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{D1880D2D-8B87-4FE0-9734-4CB2280F20F5}"= TCP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{1323BD51-1945-4672-9099-CDDA5A801FB0}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{0C85CEA6-8943-4585-8372-651FFEF71E4A}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{682BC72E-A05C-4AE8-97FD-2B58052BFB44}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{BBD4B2AF-C144-49F6-B982-405A7821E31C}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{81CCBCA5-C43B-4FD9-8EBE-4CBB3BEF1E7D}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{317048BE-AFD5-4992-A4E8-ABA26E83C1FE}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{EEC6D404-00C7-4556-AAAD-C3FD78B589FF}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{CF3E36D2-A338-4D50-8332-323B2B1484BB}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{E889DF6C-8F02-40A0-BC4E-EBBEE4A84AFE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5F94861C-70CA-4956-ADDF-E8A2A008FF75}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{FCA7C494-C94C-4206-96AD-8B5DB7E0C982}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C4C4B016-7829-4B3B-8A58-0A262644AF53}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4CECF18C-EED6-4DFA-8F3F-8946CEA524E6}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A5DD31AC-A2CD-40CE-BF79-5F06EB53E6FF}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{2CE330DC-FAA7-4613-B28F-BA9B77EC9B32}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{F5D1F2BB-AE3D-43DE-A303-108D4715CA7D}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{2DD56753-5437-49F4-93C9-FB803F13652A}"= UDP:5353:Adobe CSI CS4
"{9165A5C1-F85D-48B0-8625-3B09465B6A25}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{4B84CBED-E2C6-4BD8-BD3F-3ED5E2237349}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{1F589B67-D416-47B3-82DC-337EE2F3F5BA}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F10FDEE9-DD58-4AFC-A75B-9EC9E53AF802}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A9057BA6-7913-421D-BDBC-F5A989BCBC4A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C1A487D6-8A89-43D9-A772-6C75DD405054}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{D6AC6377-EBE0-4833-95E5-B5960EA32812}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{B8FC6549-0A2F-42EB-B7EC-DCC3E12DD945}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{58B11466-E580-4FC5-9EC5-E0854CB3B6C1}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{01D79D50-04AE-4221-9031-EB64E784791D}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{8EE37FDF-A612-4846-AE4F-BC1490621A10}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S3 EMSUSB2;EMS USB Joypad2;c:\windows\System32\drivers\Emsusb2.sys [2008-05-08 9728]
S3 hid7906;hid7906;c:\windows\System32\drivers\hid7906.sys [2008-06-12 41272]
S3 hid8101;hid8101;c:\windows\System32\drivers\hid8101.sys [2008-06-12 43192]
S3 hid8103;hid8103;c:\windows\System32\drivers\hid8103.sys [2008-06-12 40856]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\System32\drivers\libusb0.sys [2006-05-30 29184]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHANS REMOVED - - - -

BHO-{5F6C67CA-71DC-47B1-994F-D117777306BF} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 22:12:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1964261074-4095218736-1621500884-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):20,4a,d5,19,4d,d0,5e,f2,87,ce,38,5d,c1,bc,3e,3e,b5,d8,c3,de,11,
   0e,0b,57,c1,5b,eb,3b,7b,9a,59,cc,5a,10,f6,79,57,a4,0f,6f,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1964261074-4095218736-1621500884-1000_Classes\CLSID\{9dc59b26-62da-45b6-83b0-48b34e581db8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011a
"Therad"=dword:0000001d
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
   4b,7b,ad,f4,75,0b,57,e1,e7,11,92,8a,e8,28,a6,42,ce,f4,99,80,7b,32,3f,d4,4b,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-02-07 22:15:48 - machine was rebooted
ComboFix-quarantined-files.txt  2009-02-08 03:15:46

Pre-Run: 30,313,545,728 bytes free
Post-Run: 30,363,230,208 bytes free

315	--- E O F ---	2009-02-05 19:49:41


#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:53 AM

Posted 07 February 2009 - 10:38 PM

Run your browser and see if it freezes up the way you it has. When it does run hijackthis right away and post the log.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 StickFigs

StickFigs
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 07 February 2009 - 10:59 PM

Run your browser and see if it freezes up the way you it has. When it does run hijackthis right away and post the log.


I'm having trouble reading the first sentence. What am I supposed to do?

#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:53 AM

Posted 07 February 2009 - 11:42 PM

Basically what I would like you to do is to get on the internet and just do what you normally do. When it freezes up, run hijackthis, and get a new log and post it up. I would like to see what is running right at the time you have the problem.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 StickFigs

StickFigs
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 08 February 2009 - 01:13 AM

Basically what I would like you to do is to get on the internet and just do what you normally do. When it freezes up, run hijackthis, and get a new log and post it up. I would like to see what is running right at the time you have the problem.


Ok I'll make sure to do that next time it freezes but there's no telling when that will be.

Also, when it does happen should I leave the frozen window open while HJT runs? What if I have one frozen iexplorer instance and the other isn't frozen?

Edited by StickFigs, 08 February 2009 - 01:14 AM.


#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:53 AM

Posted 08 February 2009 - 01:16 AM

Leave it open if you can, but if you need to close it, go ahead and close it.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 StickFigs

StickFigs
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 12 February 2009 - 03:10 PM

Ok it froze again and I remembered to do a HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:53 PM, on 2/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4096 bytes


#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:10:53 AM

Posted 12 February 2009 - 03:38 PM

Well that didn't work. Try downloading the IE7 installation file and reinstall IE7. Also I would like you to download Firefox and when IE seizes up run FireFox and run it and see if it acts normally.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 StickFigs

StickFigs
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 12 February 2009 - 08:42 PM

Well that didn't work. Try downloading the IE7 installation file and reinstall IE7. Also I would like you to download Firefox and when IE seizes up run FireFox and run it and see if it acts normally.


What will reinstalling IE7 do? Does it remove all the add-ons and such because I tried restoring it to default already which I thought was the same and all the add-ons remained.

Also rather than downloading FireFox it seems that if I just open a different IE window then the new window works perfectly fine. So the freezing only affects the one window that froze and all of the tabs open in that window.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users