Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Firefox & IE redirect searches and loan random ad sites

  • This topic is locked This topic is locked
3 replies to this topic

#1 imbiber


  • Members
  • 2 posts
  • Local time:10:56 AM

Posted 13 December 2010 - 08:08 PM


First time forum poster here.

I'm experiencing chronic browser issues which is almost surely malware related. I use Firefox 99% of the time, with IE as a backup. In the last few months I've experienced very odd behavior in Firefox. First, I usually need to click on the Firefox icon in the taskbar twice before it will actually load and show the browser screen. In Task Manager, I see two active instances of Firefox in the processes section. Second, Firefox runs fine at a normal pace, but at least once every 5 minutes, a new browsing tab will open in Firefox and a suspicious ad or search page will load with a very convoluted URL. A pop-up button almost surely appears as well, sometimes saying I've won a prize, click here, etc, etc. I can close those with out issue. Third, when I click on search links that appear on a search result page from Google or Yahoo(only two I use at the moment), the desired URL loads for a second, then rapidly re-routes to an undesired URL for a somewhat similar search. This happens to all links in a search result page for Google or Yahoo.

I have run MalwareBytes, Avast Free Antivirus, Spyware Doctor w/ AV(currently uninstalled), gmer, and CCleaner, all to no avail.

At one point 1.5 months ago, my outbound Internet was practically disabled. I could not update my AV, load web pages, or ping anything. Strangely, Windows Update was able to function fine, or a boot-up AV could update itself while in DOS. This was fixed by a local computer repair tech who informed me that my "IP Tables" were corrupt and he fixed them. My browser issues were beyond his skill level, so he advised me to seek help on that issue.

Which brings me to this point. Rather than a clean re-install of Win 7 and all of my software, I'd like to 'hopefully' resolve this problem now with your assistance. I've followed the Prep Guide sticky and am ready to move forward.

Thank you in advance for your assistance with this!


Josh T

P.S. - I'm having trouble attaching the GMER log/txt file. GMER is not saving any text in a log after I run it. Not sure why. I've attached a HijackThis log from today just in case.

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Josh at 16:25:56.60 on Mon 12/13/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6282 [GMT -8:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\IObit\Game Booster\gamebox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\SP\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usbportal.usbank.com/,DanaInfo=EPEM615.us.bank-dns.com+dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\oiwjqeg4.default\
FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\oiwjqeg4.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-11-3 121936]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-11-3 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-11-3 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-8-16 21480]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NasPmService;NAS PM Service;C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-11-16 155752]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-3-9 42016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-6 136176]
S3 BrSerIb;RICOH Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-11-3 87552]
S3 BrUsbSIb;RICOH Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2009-11-3 14592]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-11 79360]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;QuickCam Pro for Notebooks(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-5-6 639512]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-8 1255736]

=============== Created Last 30 ================

2010-12-10 15:16:58 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3B2286BF-5315-4E94-BBA8-CF8D43CF9016}\mpengine.dll
2010-11-30 01:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-24 16:04:42 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-24 16:04:41 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-19 21:29:59 5554512 ----a-w- C:\Windows\System32\d3dcsx_42.dll
2010-11-18 15:40:07 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2010-11-16 16:54:04 -------- d-----w- C:\Program Files (x86)\Ventrilo
2010-11-16 16:53:50 -------- d-----w- C:\Users\Josh\AppData\Roaming\Xfire
2010-11-16 16:53:49 -------- d-----w- C:\Program Files (x86)\Xfire
2010-11-16 16:53:49 -------- d-----w- C:\PROGRA~3\Xfire
2010-11-16 16:49:36 -------- d-----w- C:\PROGRA~3\IObit
2010-11-16 15:52:26 -------- d-----w- C:\Program Files\Defraggler
2010-11-14 01:06:26 -------- d-----w- C:\Program Files\iPod
2010-11-14 01:06:25 -------- d-----w- C:\Program Files\iTunes
2010-11-14 01:06:25 -------- d-----w- C:\Program Files (x86)\iTunes

==================== Find3M ====================

2010-11-30 01:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-11 15:51:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-26 00:31:31 0 ----a-w- C:\Windows\SysWow64\lsp6B9.tmp
2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 21:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 21:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 21:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 21:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-05 03:28:23 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-09-28 23:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 23:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

============= FINISH: 16:26:25.93 ===============

Attached Files

BC AdBot (Login to Remove)


#2 snemelk



  • Malware Response Team
  • 1,468 posts
  • Gender:Male
  • Location:Poland
  • Local time:08:56 PM

Posted 22 December 2010 - 06:44 PM

Hi imbiber, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.
  • Please post that log here.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

#3 imbiber

  • Topic Starter

  • Members
  • 2 posts
  • Local time:10:56 AM

Posted 23 December 2010 - 11:59 AM

Hi snemelk,

Thank you for your reply to my post. I must update you on my current situation.

With time on my hands for the holidays, I did a custom fresh install of Win 7 yesterday on a newly formatted drive. I backed up only my personal data and scanned it when I transferred it back to my computer. I believe that rectified the issue. Thank you again for your valuable time in reviewing my issue.

Please close my thread.

Thank you,


#4 snemelk



  • Malware Response Team
  • 1,468 posts
  • Gender:Male
  • Location:Poland
  • Local time:08:56 PM

Posted 23 December 2010 - 12:09 PM

Hi imbiber!!.. :)

Thank you for an update!!.. With a fresh install, you're sure you have a clean system!.. :thumbup2:

Please check my site - snemelk.hekko.pl: A few steps to make your web browsing safer

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users