Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacker,Hijack this scan results im constantly redirected to unwanted sites


  • This topic is locked This topic is locked
26 replies to this topic

#1 billy3673

billy3673

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 25 October 2011 - 02:12 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:06 AM, on 10/25/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Billy\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {006F5D19-1E65-4CC6-9549-DD97685C636d} - C:\Documents and Settings\Billy\Local Settings\Application Data\TCPIPPTR.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {66252F33-BE30-4188-9199-63F2AC8BA137} - (no file)
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\RunOnce: [DSC3 updater] "C:\Documents and Settings\Billy\My Documents\Downloads\aulauncher.exe" /launchrunonce
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [x.exe] C:\WINDOWS\x.exe
O4 - HKCU\..\Run: [Jasc Update] rundll32 "C:\Documents and Settings\Billy\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\{7148F0A6-6813-11D6-A77B-00B0D0142030}Update\{7148F0A6-6813-11D6-A77B-00B0D0142030}updt32.dll",DllRegisterServer
O4 - HKCU\..\Run: [MicrosoftVerifierOnline] rundll32.exe "C:\Documents and Settings\All Users\Application Data\MicrosoftVerifierOnline.dll",DllRegisterServer
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: &Search - ?s=100000347&p=ZQxdm0096XUS&si=46731&a=a9KO2LtEjKRF1FqXxG_C3A&n=2011020314
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14176 bytes

Edited by boopme, 25 October 2011 - 02:53 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 29 October 2011 - 09:53 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Any underlined text in my posts indicates a clickable link.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.com
DDS.pif
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • DDS.txt and Attach.txt logs
  • GMER log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 04 November 2011 - 04:47 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 18 November 2011 - 08:59 AM

This topic has been re-opened at the request of the person who originally posted.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 billy3673

billy3673
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 19 November 2011 - 03:03 AM

DDS-GMER LOGsAttached File  dds_bleepin.txt   18.75KB   3 downloads

Attached Files



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 19 November 2011 - 11:33 AM

billy3673:

Please do this next:

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 billy3673

billy3673
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 19 November 2011 - 03:20 PM

ComboFix 11-11-19.04 - Billy 11/19/2011 11:54:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2335 [GMT -8:00]
Running from: c:\documents and settings\Billy\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\i4kraax9.default\extensions\{01f10047-3e70-47d1-bec8-487dd2bb8cb0}
c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\i4kraax9.default\extensions\{01f10047-3e70-47d1-bec8-487dd2bb8cb0}\chrome.manifest
c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\i4kraax9.default\extensions\{01f10047-3e70-47d1-bec8-487dd2bb8cb0}\chrome\xulcache.jar
c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\i4kraax9.default\extensions\{01f10047-3e70-47d1-bec8-487dd2bb8cb0}\defaults\preferences\xulcache.js
c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\i4kraax9.default\extensions\{01f10047-3e70-47d1-bec8-487dd2bb8cb0}\install.rdf
c:\documents and settings\Billy\Application Data\Toolbar4
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0a4f35b626016d8cd6d5731fa5e2aad7
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0b64ffa009d9e3d1236fb2b575bd953d
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0d53f0a9a42a5167b78657f1fc9488f1
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1df1df47b49e8b3090bc211048795c5a
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2cc60d08b36af576b11419505050cc6e
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f51f062108c7f20a67770bbdf546004
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\31dca3ca44f44956ffde9959067d1093
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\521788680d3595d05d274f3713057765
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\593abe4ad021a7ca3002ccb2dca1969d
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7afabe4e3af1a66103f629a38d90558a
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9fc2051aee76f9ef060973477300788d
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d1a2c0b23b2d4e91acf26940533c64f0
c:\documents and settings\Billy\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d
c:\documents and settings\Billy\vzlzlhvbpe.tmp
c:\documents and settings\Kids\WINDOWS
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\04fcb6ba0889e64393699743bb24ab3b
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0a4f35b626016d8cd6d5731fa5e2aad7
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0b64ffa009d9e3d1236fb2b575bd953d
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\0d53f0a9a42a5167b78657f1fc9488f1
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\1df1df47b49e8b3090bc211048795c5a
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2cc60d08b36af576b11419505050cc6e
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f51f062108c7f20a67770bbdf546004
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\31dca3ca44f44956ffde9959067d1093
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36edbd9cd1d972f7b815c3c429d9e778
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\521788680d3595d05d274f3713057765
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\593abe4ad021a7ca3002ccb2dca1969d
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\5d25dd004ed9512e16e1d76d6deb2a6c
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7afabe4e3af1a66103f629a38d90558a
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9fc2051aee76f9ef060973477300788d
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c0b9e89d52d9e1ff85c2db9f694af77d
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d1a2c0b23b2d4e91acf26940533c64f0
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d57d3f554ba48c6d60c03fb39c9099f9
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d
c:\documents and settings\Michelle.FAMILY\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1e6d0a92883b25f29523edfaccfcde3b
c:\documents and settings\Michelle\WINDOWS
c:\program files\FilmFanatic
c:\program files\FilmFanatic\bar\Message\COMMON\8_step1.gif
c:\program files\FilmFanatic\bar\Message\COMMON\index.htm
c:\program files\FilmFanatic\bar\Message\COMMON\rebut4b.htm
c:\program files\FilmFanatic\bar\Message\COMMON\shield.png
c:\program files\GetModule
c:\program files\GetModule\dicik.gz
c:\program files\GetModule\kwdik.gz
c:\program files\GetModule\ozadik.gz
c:\program files\Object
c:\program files\Object\config.ini
C:\VDM1C.tmp
C:\VDM1D.tmp
C:\VDM90.tmp
C:\VDM91.tmp
c:\windows\_iserr31.ini
c:\windows\AutoRun.ini
c:\windows\system32\agtiugly.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_USNJSVC
-------\Service_COMSysApp
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-18 07:29 . 2005-04-04 07:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-11-18 07:29 . 2005-04-04 07:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-11-18 07:29 . 2005-04-04 07:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-11-18 07:29 . 2005-04-04 07:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-11-18 07:29 . 2005-04-04 06:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-11-18 07:29 . 2011-11-18 07:29 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-11-18 07:29 . 2011-11-18 07:29 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-11-13 00:26 . 2011-11-13 00:53 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\ESN Sonar
2011-11-13 00:26 . 2011-11-13 00:26 -------- d-----w- c:\program files\Battlelog Web Plugins
2011-11-11 07:46 . 2011-11-11 07:46 -------- d-----w- c:\program files\PFPortChecker
2011-11-07 08:12 . 2011-11-07 08:12 -------- d-----w- c:\program files\Realtek
2011-11-07 08:11 . 2011-09-01 03:12 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-11-07 08:11 . 2006-02-07 23:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-07 08:11 . 2006-02-07 23:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-07 08:11 . 2006-02-07 23:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-07 08:11 . 2006-02-07 23:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-07 08:11 . 2005-11-14 07:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-07 08:11 . 2011-11-07 08:11 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-07 08:11 . 2011-11-07 08:11 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-10-28 22:50 . 2011-10-28 22:50 -------- d-----w- c:\program files\MSN TOOLBAR
2011-10-28 07:19 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-28 07:19 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-10-28 07:18 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-28 07:17 . 2011-10-28 07:19 -------- d-----w- c:\documents and settings\Billy\Application Data\WinPatrol
2011-10-28 07:17 . 2011-10-28 07:17 -------- d-----w- c:\program files\BillP Studios
2011-10-28 07:17 . 2011-10-28 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-10-28 07:16 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-28 07:15 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-10-28 07:11 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-28 07:09 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-10-28 06:42 . 2011-05-22 22:42 17296 ----a-w- c:\windows\system32\drivers\easytthr.sys
2011-10-28 06:42 . 2011-10-28 06:42 -------- d-----w- c:\program files\Mobile Stream
2011-10-28 05:18 . 2011-10-28 05:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-10-27 05:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-27 04:43 . 2011-10-27 04:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-10-26 10:07 . 2011-10-26 10:07 -------- d-----w- c:\windows\system32\scripting
2011-10-26 10:07 . 2011-10-26 10:07 -------- d-----w- c:\windows\l2schemas
2011-10-26 10:07 . 2011-10-26 10:07 -------- d-----w- c:\windows\system32\en
2011-10-26 10:07 . 2011-10-26 10:07 -------- d-----w- c:\windows\system32\bits
2011-10-26 09:09 . 2011-06-21 18:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-26 09:00 . 2011-10-26 09:03 -------- dc-h--w- c:\windows\ie8
2011-10-26 08:57 . 2011-10-26 08:57 -------- d-----w- C:\$AVG
2011-10-26 08:41 . 2011-10-28 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-10-26 08:41 . 2011-10-26 08:41 -------- d-----w- c:\program files\AVAST Software
2011-10-26 08:36 . 2011-10-26 08:36 -------- d-----w- c:\documents and settings\Billy\Application Data\AVG2012
2011-10-26 08:34 . 2011-11-19 19:44 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-26 08:34 . 2011-10-26 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-26 08:33 . 2011-10-26 08:33 -------- d-----w- c:\program files\AVG
2011-10-26 08:23 . 2011-10-26 08:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-26 08:23 . 2011-11-19 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-25 08:13 . 2011-10-25 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-25 08:13 . 2011-10-25 08:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-24 06:51 . 2011-10-24 06:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-24 05:47 . 2011-10-24 05:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 05:26 . 2011-10-24 05:26 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\Adobe
2011-10-24 04:59 . 2011-10-24 04:59 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\Mozilla
2011-10-24 01:16 . 2011-10-24 01:16 -------- d-sh--w- c:\documents and settings\Billy\IECompatCache
2011-10-22 03:19 . 2011-10-22 03:19 1409 ----a-w- c:\windows\QTFont.for
2011-10-21 08:22 . 2011-10-21 08:22 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 13:23 . 2011-07-11 08:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 13:21 . 2011-07-11 08:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2010-03-18 18:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 13:30 . 2011-09-13 13:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2004-08-04 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2007-03-10 23:42 . 2007-03-10 23:42 774144 -c--a-w- c:\program files\RngInterstitial.dll
2004-03-16 01:51 . 2004-03-16 01:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2005-10-13 00:04 . 2005-10-13 00:04 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2011-11-11 08:04 . 2011-10-24 04:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2011-05-23 48648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-05-06 118784]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-12 198160]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-24 00:19 57344 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 18:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 20:45 53248 -c--a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 -c----w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-26 02:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-10-31 20:12 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PROSet.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3074:UDP"= 3074:UDP:xbox
"21959:UDP"= 21959:UDP:xbox
"3074:TCP"= 3074:TCP:xbox
"88:UDP"= 88:UDP:xbox
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/13/2011 5:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/11/2011 12:13 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/11/2011 12:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/2/2010 11:45 AM 218432]
R3 easytether;easytether;c:\windows\SYSTEM32\DRIVERS\easytthr.sys [10/27/2011 10:42 PM 17296]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [7/11/2011 12:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [7/11/2011 12:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [7/11/2011 12:14 AM 16720]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\SYSTEM32\DRIVERS\motfilt.sys [1/24/2011 9:36 PM 6016]
S3 cdiskdun;cdiskdun;c:\docume~1\Michelle\LOCALS~1\Temp\cdiskdun.sys [3/10/2004 6:39 AM 31744]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\SYSTEM32\DRIVERS\motoandroid.sys [1/24/2011 9:36 PM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [1/24/2011 9:36 PM 20224]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [1/24/2011 9:36 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\SYSTEM32\DRIVERS\Motousbnet.sys [1/24/2011 9:36 PM 23424]
S3 PORTIO64;PORTIO64;\??\c:\documents and settings\Michelle.FAMILY\Desktop\JungleFlasher v0.1.78 Beta (183)\portio32.sys --> c:\documents and settings\Michelle.FAMILY\Desktop\JungleFlasher v0.1.78 Beta (183)\portio32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 01:13]
.
2011-11-19 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-05-26 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\i4kraax9.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{006F5D19-1E65-4CC6-9549-DD97685C636d} - c:\documents and settings\Billy\Local Settings\Application Data\TCPIPPTR.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 12:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\brss01a.exe
c:\windows\SYSTEM32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-19 12:19:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 20:19
.
Pre-Run: 94,405,541,888 bytes free
Post-Run: 95,549,468,672 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D3564A09922AF48D365F326B862FE205

Attached Files


Edited by RPMcMurphy, 20 November 2011 - 10:45 AM.
added log


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 20 November 2011 - 10:53 AM

billy3673:

Please do this next:

Posted Image Click Start > Run or Press the Windows Key + R. copy and paste the following text into the run box that opens and press OK:
C:\Qoobox\Add-Remove Programs.txt

Post the contents of the text file that opens in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • Add/Remove Programs list
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 billy3673

billy3673
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 November 2011 - 10:48 PM

Mbam and Addremove lists

Attached Files



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 21 November 2011 - 11:11 PM

billy3673:

How is the computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version
  • Run the insatller you just downloaded
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 billy3673

billy3673
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 26 November 2011 - 02:54 AM

Running Great! did everything for java gunna post that log as soon as i can!

#12 billy3673

billy3673
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 27 November 2011 - 12:26 AM

ESET RESULTS

Attached Files



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 27 November 2011 - 01:52 AM

billy3673:

Please do this:

Posted Image Go to Start > Run and copy/paste the contents of the codebox below into the Run box and click OK:

cmd /c del /a/f/q "C:\Documents and Settings\Billy\My Documents\Downloads\cnet_40k8511_zip.exe"

A DOS window may briefly open and close again, this is normal.

The rest of those ESET detections are in quarantine or your system restore cache - they will all be removed when we uninstall ComboFix.

Posted Image You need to update your OS. Windows XP SP2 is no longer supported, thus you are not receiving critical updates

Download the latest Windows XP service pack from the Microsoft Download Center. This page will say that this installation package is intended for IT professionals and developers. However, you can safely download this file.

http://www.microsoft.com/downloads/details.aspx?FamilyID=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en

Let me know once you have this completed and we can finish cleaning your PC up.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 billy3673

billy3673
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 28 November 2011 - 01:57 AM

Ran the script a small cmd poped up then went away.... updated to SP3 what else you got for me? =D

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 28 November 2011 - 02:31 PM

billy3673:

All I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • GMER
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users