Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

596 GB \\.\PhysicalDrive0 MBR Code Faked! (BOOTKIT)


  • This topic is locked This topic is locked
5 replies to this topic

#1 Kaitnieks

Kaitnieks

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 18 February 2012 - 04:04 PM

I have been forwarded here i will post the virus ive been told i have as well as the log:

596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

The log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Gateway
System Product Name: FX4710-UB003A
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 197):
0x03857000 \SystemRoot\system32\ntoskrnl.exe
0x0380E000 \SystemRoot\system32\hal.dll
0x00BB3000 \SystemRoot\system32\kdcom.dll
0x00CFE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D4D000 \SystemRoot\system32\PSHED.dll
0x00D61000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EAE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F52000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F61000 \SystemRoot\system32\drivers\ACPI.sys
0x00FB8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FC1000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FCB000 \SystemRoot\system32\drivers\pci.sys
0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\drivers\volmgr.sys
0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E93000 \SystemRoot\system32\drivers\pciide.sys
0x00E9A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DBF000 \SystemRoot\system32\drivers\nvraid.sys
0x0106D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x0109D000 \SystemRoot\system32\drivers\vmbus.sys
0x010D9000 \SystemRoot\system32\drivers\winhv.sys
0x010ED000 \SystemRoot\system32\drivers\atapi.sys
0x010F6000 \SystemRoot\system32\drivers\ataport.SYS
0x01120000 \SystemRoot\system32\drivers\amdxata.sys
0x0112B000 \SystemRoot\system32\drivers\nvstor.sys
0x01156000 \SystemRoot\system32\drivers\storport.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01244000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014A0000 \SystemRoot\System32\Drivers\msrpc.sys
0x014FE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01519000 \SystemRoot\System32\Drivers\cng.sys
0x0158B000 \SystemRoot\System32\drivers\pcw.sys
0x0159C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01613000 \SystemRoot\system32\drivers\ndis.sys
0x01706000 \SystemRoot\system32\drivers\NETIO.SYS
0x01766000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01826000 \SystemRoot\System32\drivers\tcpip.sys
0x01A2A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A74000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01A84000 \SystemRoot\system32\drivers\volsnap.sys
0x01AD0000 \SystemRoot\System32\Drivers\spldr.sys
0x01AD8000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B12000 \SystemRoot\System32\Drivers\mup.sys
0x01B24000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B2D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B67000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BDD000 \SystemRoot\System32\Drivers\Null.SYS
0x01BE6000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BED000 \SystemRoot\System32\drivers\vga.sys
0x01800000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BB3000 \SystemRoot\System32\drivers\watchdog.sys
0x01BC3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BCC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01791000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0179A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017A5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x017B6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x017D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x015A6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x017E5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01200000 \SystemRoot\system32\DRIVERS\pacer.sys
0x017EE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01226000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01489000 \SystemRoot\system32\drivers\termdd.sys
0x011B9000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x02E60000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02EB1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02EBD000 \SystemRoot\system32\drivers\mssmbios.sys
0x02EC8000 \SystemRoot\System32\drivers\discache.sys
0x02ED7000 \SystemRoot\system32\drivers\csc.sys
0x02F5A000 \SystemRoot\System32\Drivers\dfsc.sys
0x02F78000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F89000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02FAF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F2C9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FF40000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x03EF8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E6A000 \SystemRoot\system32\DRIVERS\e1e6032e.sys
0x03EB2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0FF42000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03EBF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0F200000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys
0x0F26F000 \SystemRoot\system32\DRIVERS\ks.sys
0x04455000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x0462B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x046F6000 \SystemRoot\system32\drivers\modem.sys
0x04705000 \SystemRoot\system32\drivers\1394ohci.sys
0x04743000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04753000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04769000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0478D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04799000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x047C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04600000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x047E3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045C7000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x045D2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x045E1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04400000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x0FF98000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x047FD000 \SystemRoot\system32\drivers\swenum.sys
0x0443D000 \SystemRoot\system32\DRIVERS\circlass.sys
0x03ED0000 \SystemRoot\system32\drivers\umbus.sys
0x02E00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03EE2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0FFC7000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0543E000 \SystemRoot\system32\drivers\portcls.sys
0x0547B000 \SystemRoot\system32\drivers\drmk.sys
0x0549D000 \SystemRoot\system32\drivers\ksthunk.sys
0x0580E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x054A3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x054AF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x054B8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x054CB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x054D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x054F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x059FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x000D0000 \SystemRoot\System32\win32k.sys
0x054FB000 \SystemRoot\System32\drivers\Dxapi.sys
0x05507000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05514000 \SystemRoot\system32\DRIVERS\point64.sys
0x05524000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05541000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0554F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0556A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x05597000 \SystemRoot\system32\drivers\luafv.sys
0x055BA000 \SystemRoot\system32\drivers\WudfPf.sys
0x055DB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05400000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0607F000 \SystemRoot\system32\drivers\HTTP.sys
0x06148000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06179000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06197000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0604E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06EDE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06F47000 \SystemRoot\System32\DRIVERS\srv.sys
0x06FDF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x06E00000 \SystemRoot\system32\drivers\peauth.sys
0x06EA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06EB1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06EC3000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x061C4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x02FC5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06ECB000 \SystemRoot\system32\DRIVERS\sscdwh.sys
0x06FE4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x06FF1000 \SystemRoot\system32\DRIVERS\sscdcm.sys
0x775E0000 \Windows\System32\ntdll.dll
0x47970000 \Windows\System32\smss.exe
0xFF900000 \Windows\System32\apisetschema.dll
0xFFD40000 \Windows\System32\autochk.exe
0x774C0000 \Windows\System32\kernel32.dll
0x773C0000 \Windows\System32\user32.dll
0xFF690000 \Windows\System32\iertutil.dll
0xFE900000 \Windows\System32\shell32.dll
0xFE8A0000 \Windows\System32\Wldap32.dll
0xFE850000 \Windows\System32\ws2_32.dll
0xFE820000 \Windows\System32\imm32.dll
0xFE810000 \Windows\System32\lpk.dll
0xFE730000 \Windows\System32\advapi32.dll
0xFE710000 \Windows\System32\sechost.dll
0xFE630000 \Windows\System32\oleaut32.dll
0xFE560000 \Windows\System32\usp10.dll
0xFE4F0000 \Windows\System32\gdi32.dll
0xFE450000 \Windows\System32\comdlg32.dll
0xFE3D0000 \Windows\System32\shlwapi.dll
0xFE2A0000 \Windows\System32\rpcrt4.dll
0xFE090000 \Windows\System32\ole32.dll
0xFDF10000 \Windows\System32\urlmon.dll
0x777B0000 \Windows\System32\normaliz.dll
0xFDD30000 \Windows\System32\setupapi.dll
0xFDC20000 \Windows\System32\msctf.dll
0xFDAF0000 \Windows\System32\wininet.dll
0xFDA70000 \Windows\System32\difxapi.dll
0xFD9D0000 \Windows\System32\clbcatq.dll
0xFD9B0000 \Windows\System32\imagehlp.dll
0x777A0000 \Windows\System32\psapi.dll
0xFD9A0000 \Windows\System32\nsi.dll
0xFD900000 \Windows\System32\msvcrt.dll
0xFD860000 \Windows\System32\comctl32.dll
0xFD840000 \Windows\System32\devobj.dll
0xFD7D0000 \Windows\System32\KernelBase.dll
0xFD790000 \Windows\System32\cfgmgr32.dll
0xFD620000 \Windows\System32\crypt32.dll
0xFD5E0000 \Windows\System32\wintrust.dll
0xFD5D0000 \Windows\System32\msasn1.dll

Processes (total 63):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
516 csrss.exe
588 csrss.exe
596 C:\Windows\System32\wininit.exe
636 C:\Windows\System32\winlogon.exe
700 C:\Windows\System32\services.exe
708 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
904 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
948 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1316 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1328 C:\Windows\System32\nvvsvc.exe
1576 C:\Windows\System32\spoolsv.exe
1900 C:\Windows\System32\svchost.exe
1956 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2012 C:\Windows\System32\taskhost.exe
1396 C:\Windows\System32\dwm.exe
1708 C:\Windows\System32\svchost.exe
1760 C:\Windows\explorer.exe
1548 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
780 C:\Program Files\Common Files\Motive\McciCMService.exe
2144 C:\Windows\SysWOW64\PnkBstrA.exe
2192 C:\Windows\System32\svchost.exe
2244 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2356 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2372 C:\Windows\PixArt\Pac207\Monitor.exe
2452 C:\Windows\Philips\SPC230NC\Monitor.exe
2484 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2500 C:\Program Files\Microsoft IntelliType Pro\itype.exe
2716 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2900 C:\Windows\System32\svchost.exe
2924 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3036 C:\Windows\System32\drivers\XAudio64.exe
1592 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2384 C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
2348 C:\Windows\SysWOW64\drivers\Phibtn.exe
2572 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1584 C:\Windows\System32\SearchIndexer.exe
1048 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3328 C:\Program Files\iPod\bin\iPodService.exe
3496 WUDFHost.exe
3904 C:\Windows\System32\igfxsrvc.exe
1520 C:\Windows\System32\svchost.exe
2800 C:\Program Files (x86)\Nero\Update\NASvc.exe
792 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
436 C:\Windows\System32\svchost.exe
384 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3180 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4008 C:\Windows\System32\audiodg.exe
4668 C:\Windows\System32\SearchProtocolHost.exe
5020 C:\Windows\System32\SearchFilterHost.exe
5016 C:\Users\Kaitnieks\Downloads\MBRCheck(1).exe
5108 C:\Windows\System32\conhost.exe
4688 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`e2bf5a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-22A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:25 PM

Posted 23 February 2012 - 08:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Kaitnieks

Kaitnieks
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 24 February 2012 - 10:14 PM

I am here.. sir the virus is actually crashing my internet browser every time i get on this topic now, my drivers are acting up and freezing my computer in middle of my games i really cant deal with it i was just about to wipe out everything on my hard drive but im going to try ur method first before i do so, thank you for replying.. im lookking forward to ur help

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:25 PM

Posted 25 February 2012 - 01:05 AM

We need to boot outside of Windows to check your partitions.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert a USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:25 PM

Posted 29 February 2012 - 06:34 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:25 PM

Posted 02 March 2012 - 06:49 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users