Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Blue Screen


  • Please log in to reply
14 replies to this topic

#1 NutOfDeath

NutOfDeath

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 February 2014 - 06:59 PM

I'm having a problem with a computer; a different one than my past posts. When I try entering Internet Explorer, this screen pops up:
zcDH209.jpg
When it restarted by itself, this happened;
(Sorry for the blurriness)
keGFuGf.jpg
I then shut off the computer and posted this on my phone.
Thanks for the help!

BC AdBot (Login to Remove)

 


#2 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 07:27 PM

Hi NutOfDeath,

 

 

Have you tried safemode? If not please enter it by:

 

  • Power down the PC.
  • Turn it on and press F8 repeatedly until the advanced boot menu appears.
  • Select safe mode with networking <---- Required to download some utilities

Let me know if it boots.

 

If it does first and foremost download and run RKill

 

There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exehttp://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

 

After running Notepad will run with the result and rkill.txt will be on your desktop, post the result here.


"Imagine a world without malware"


#3 NutOfDeath

NutOfDeath
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 February 2014 - 07:46 PM

It didn't launch safe mode, and it came up with a black screen with white text. I couldn't take a picture, but out of two choices, I chose Launch Startup Repair. The screen isn't showing anything right now, what should I do?

Edited by NutOfDeath, 12 February 2014 - 07:47 PM.


#4 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 07:54 PM

For now, leave your PC off.

 

 

If the PC remains on with a blank screen for a while, your only option would be to hold the power button until it shuts down.

Since you can not boot in safe mode I am going to leave this one to a Mod or  someone who has more experience removing malware that causes windows to not boot at all.

Please be patient as all the mods are currently assisting other users.

 

Thanks, don't worry your problem will be solved.


"Imagine a world without malware"


#5 NutOfDeath

NutOfDeath
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 February 2014 - 08:03 PM

Well, apparently I fixed the problem. I am following your instructions and will post the rkill.txt soon.

#6 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 08:11 PM

Wow, sounds good then! I await your log.


"Imagine a world without malware"


#7 NutOfDeath

NutOfDeath
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 February 2014 - 08:12 PM

False alarm; after getting into Safe Mode and trying to load Internet Explorer, it crashed into a blue screen again... Oh dear.

#8 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 08:20 PM

Ok so ill help you download rkill a different way.

 

Try and get the PC booted again (Startup repair possibly) and to not launch Internet explorer.

 

Make sure to enable safemode with networking.

 

From here we are going to install google chrome without using internet explorer.

 

Open notepad and copy and paste this code below:

' This is the URL of the chrome EXE.
strFileURL="https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BA024641A-81C0-533A-53CB-AE9534821219%7D%26lang%3Den%26browser%3D4%26usagestats3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dfalse%26installdataindex%3Ddefaultbrowser/update2/installers/ChromeStandaloneSetup.exe"
' This is where the file will download to.
strHDLocation = "c:\ChromeStandaloneSetup.exe"
' Fetch the file
Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP")
objXMLHTTP.open "GET", strFileURL, false
objXMLHTTP.send()
If objXMLHTTP.Status = 200 Then
Set objADOStream = CreateObject("ADODB.Stream")
objADOStream.Open
objADOStream.Type = 1 'adTypeBinary
objADOStream.Write objXMLHTTP.ResponseBody
objADOStream.Position = 0 'Set the stream position to the start
Set objFSO = Createobject("Scripting.FileSystemObject")
If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile(strHDLocation)
Set objFSO = Nothing
objADOStream.SaveToFile strHDLocation
objADOStream.Close
Set objADOStream = Nothing
End if
Set objXMLHTTP = Nothing

2. Save your notepad file to your desktop, and use quotes in the filename to overwrite saving as a .txt file:
“chrome.vbs”

savechrome1.png

3. Go to your Windows command prompt (Start > CMD) RUN AS ADMIN!
4. Navigate to your desktop in the command prompt (cd desktop)
5. Run the command: cscript.exe downloadfile.vbs
chromedos.png

6. Open Windows explorer, and right on your C drive you should see the chrome installer at c:\ChromeStandaloneSetup.exe

 

Run and install ChromeStandaloneSetup.exe and use google chrome to download rKill.

 

MalwareAbort


Edited by MalwareAbort, 12 February 2014 - 08:32 PM.

"Imagine a world without malware"


#9 NutOfDeath

NutOfDeath
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 February 2014 - 08:30 PM

My computer is being a bit of a dingus. It turns out that sometimes it Works, sometimes it doesn't. I used the first method, and it's stuck:

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/12/2014 07:23:49 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001



#10 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 08:36 PM

Ugh well don't worry we will fix this.  :wink:

 

 

While its working I suggest downloading google chrome / firefox so that continuing will not be a problem.

 

Next up download MBAM (Malwarebytes)https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

 

  • Install MBAM by clicking on mbam-setup.exe
  • Once the install finishes make sure to check Update MBAM and Launch MBAM
  • Once the program opens click preform quick scan then scan
  • When the scan completes click OK then Show Results.
  • MAKE SURE TO CHECK EVERYTHING!
  • Click Remove Selected.
  • A log will appear when complete, please post it here.

If you can not run MBAM or it closes, please reply saying so.


Edited by MalwareAbort, 12 February 2014 - 08:37 PM.

"Imagine a world without malware"


#11 TazzyOpz

TazzyOpz

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 08:55 PM

By you saying there is a white screen it reminds me of the FBI Virus... And some of the older versions of the FBI virus would fail to load correctly resulting in a White screen that covers the desktop..

However I'd recommend try going into safemode if you can't do that. Boot into safe mode (via) CMD (It should ask you if you want to boot into safe mode with command prompt).. Once you get to that type in "explorer.exe" you should then be in safemode with the desktop showing. If you've gotten that far. Try running Malware-Bytes and Combofix.


Software Developer & Malware Analyst
Programming Langues: VB.net, C#, Java, & HTML.
Reverse Engineering/Tracking Tool familiarity: Ollydbg, IDA, CE, & Wireshark
My Website


#12 NutOfDeath

NutOfDeath
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 February 2014 - 09:11 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.12.11

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16798
[censored] :: [censored] [administrator]

2/12/2014 7:56:20 PM
mbam-log-2014-02-12 (19-56-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252421
Time elapsed: 11 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 43
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\f (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.Optional.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Optional.Funmoods.A) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Optional.Funmoods.A) -> Data:  -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: tBzv1H1N0U1L1OtG0GtF0B -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.Optional.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Users\[censored]\AppData\LocalLow\Funmoods (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\[censored]AppData\LocalLow\Funmoods\Funmoods (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\LocalLow\Funmoods\Funmoods\us (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Roaming\OpenCandy\7890A9BCE4E647B898A5330C54A45AF3 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Roaming\OpenCandy\OpenCandy_7890A9BCE4E647B898A5330C54A45AF3 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Files Detected: 17
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Optional.Funmoods.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\rmdir\ReminderHelper.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\rmdir\update.zip (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\ProgramData\WeCareReminder\rmdir\WCAutoUpdate.exe (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Roaming\OpenCandy\7890A9BCE4E647B898A5330C54A45AF3\SliderCOTMv4.1.24.2_20131003.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Users\[censored]\AppData\Roaming\OpenCandy\7890A9BCE4E647B898A5330C54A45AF3\WeCare_COTM_ALL_p3v4.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)


Edited by NutOfDeath, 12 February 2014 - 09:15 PM.


#13 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 09:17 PM

Great, the probable cause of the BSOD is PUP and adware attaching to IE.

 

Go ahead and run AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

 

Make sure to check off all the scan options and post the log!

 

Making progress.


"Imagine a world without malware"


#14 NutOfDeath

NutOfDeath
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 12 February 2014 - 09:27 PM

# AdwCleaner v3.018 - Report created 12/02/2014 at 20:19:18
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : [censored] - [censored]
# Running from : C:\Users\[censored]\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K9DL22Z\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\Giant Savings
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\StartNow Toolbar
Folder Deleted : C:\Users\[censored]\AppData\Local\Babylon
Folder Deleted : C:\Users\[censored]\AppData\Local\Conduit
Folder Deleted : C:\Users\[censored]\AppData\Local\iMesh
Folder Deleted : C:\Users\[censored]\AppData\Local\PackageAware
Folder Deleted : C:\Users\[censored\]AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\[censored]\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\[censored]\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\[censored]\AppData\Roaming\Babylon
Folder Deleted : C:\Users\[censored]\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\[censored]\AppData\Roaming\SeeSimilar
Folder Deleted : C:\Users\[censored]\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\[censored]\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\[censored]\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh
File Deleted : C:\END
File Deleted : C:\Users\[censored]\AppData\Local\funmoods-speeddial.crx

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SeeSimilar@SeeSimilar.com]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mmlkabjddkpgkgfhdhpimhcbonapngoh
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227981
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303000
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v

[ File : C:\Users\[censored]\AppData\Roaming\Mozilla\Firefox\Profiles\oh1z8iec.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\[censored]\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [15369 octets] - [12/02/2014 20:18:23]
AdwCleaner[S0].txt - [15052 octets] - [12/02/2014 20:19:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15113 octets] ##########



#15 MalwareAbort

MalwareAbort

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 PM

Posted 12 February 2014 - 09:30 PM

Next up run ESET  (takes a long time usually)

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

"Imagine a world without malware"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users