Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bravesentry - My Computer Is Crashing


  • This topic is locked This topic is locked
13 replies to this topic

#1 OliverSato

OliverSato

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 17 October 2006 - 01:27 PM

Hi there, i really, really, really, need your help. My computer was hijacked by Bravesentry on 10/14 and is quickly being rendered helpless. I can only run applications including IE during the first few minutes after logging into the computer before the applications freeze and I need to restart the computer. The time I have before applications freeze has become shorter and shorter the longer i work on the computer. As a result I was only able to complete up to step 3 of your Preparation Guide. I made 10+ attempts at step 4 of trying to run the anti-virus programs before giving up because IE would freeze on me before the download, install, or scan of the program was complete. When I initially discovered Bravesentry on 10/14, I ran Adware and Spybot several times. Spybot encounters an error during scan. I also ran Norton's extensive scan overnight which found several Trojans that I had quarantined. Additionally, I tried to run the smitfraudfix.cmd in safe mode, which did not complete. I have deleted all of temporary files manually and have tried a System restore which currently ecounters an error and restarts the computer.

Which brings be here. I skipped directly to your step 9 because I don't know how much longer my computer will be accessible to run any programs that will help me to clean it. After attempt number 5 I was successful in running the HijackThis application. I found that I needed to launch it the second after the icon appeared on my desktop to beat the clock and make it through the entire scan without the application freezing.

I saved the log to a removable storage device, brought it with me to work with me, and i am posting this topic and my log file from my work computer. If any of your instructions involve running programs that need to be downloaded and/or installed. I will will need to download and save the program here at work and then transfer the program to the infected computer using a removable storage device. Unless, of course, any of the initial steps remedy the application/browser freezing issue.

Thanks SO much for any help - please help me get my computer back,
-Brian



Logfile of HijackThis v1.99.1
Scan saved at 10:54:25 PM, on 10/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\system32\_mzu_stonedrv3.exe
C:\DOCUME~1\Brian\LOCALS~1\Temp\11205\gm.exe
C:\WINDOWS\System32\sqoltojj.exe
C:\WINDOWS\System32\iesniff.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system32\_mzu_stonedrv3.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B9D4A6B-9C7A-8A87-EFD9-09F7F9F884F7} - C:\WINDOWS\System32\tmriase.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {987B3E71-07AF-472D-9BA2-8E17D2652C85} - C:\WINDOWS\System32\mnykgzdxyk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jqenwlb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jqenwlb.dll,ekyzdvc
O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\Brian\LOCALS~1\Temp\11205\gm.exe
O4 - HKLM\..\Run: [sqoltojj] C:\WINDOWS\System32\sqoltojj.exe
O4 - HKLM\..\Run: [ChkDisk] C:\WINDOWS\System32\iesniff.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [Winstr] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstv] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstj] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstq] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winsty] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstp] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstx] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winsth] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstl] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstk] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstu] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstn] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winsti] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winsta] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstc] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [Winstw] C:\DOCUME~1\Brian\LOCALS~1\Temp\616384.exe
O4 - HKCU\..\Run: [sqoltojj] C:\WINDOWS\System32\sqoltojj.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://elt.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: bw+0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CEC6F265-5A7A-40B0-B709-D2718FBE3D3A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\nefl.dll
O21 - SSODL: IJqRdpgl - {98774B4B-32DD-E1E1-8164-598695D1A877} - C:\WINDOWS\System32\unw.dll (file missing)
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - C:\WINDOWS\System32\zzmpf.dll
O21 - SSODL: IEFilter - {3ABF27AA-8390-4CBC-9183-9CDC41EBEADC} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 AM

Posted 17 October 2006 - 01:50 PM

Just a little note here before we continue OliverSato..

The problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show. Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

You are dealing with some very nasty pieces of malware...
These allow hackers to remotely control your computer, steal critical system information and Download and Execute files
I would recommend you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the rootkit may be identified and can be killed, because of it's functionality, your PC is compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of malware, the best course of action would be a reformat and reinstall of the OS.
I think I would definately recommend that you reformat and start afresh with a PC you can trust.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Let me know what you wish to do - I understand that sometimes with this kind of topic, you might wish not to reformat as you want to keep all your files and do not want the inconvenience of starting afresh, but as I said before it's a good idea to start afresh - Don't forget all your files/folders can be backed-up onto a disc/USB drive.

Let me know what you want to do.
If you do decide to continue, be warned this is going to be a long process.
You also need to get updates for Windows urgently.
You don't have even ServicePack1 installed!
Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Please visit http://www.microsoft.com/windowsxp/downloa...p1/network.mspx and update to Service Pack 1. Without this update, you're wide open to re-infection, and we're both just wasting our time.
When your system is clean afterwards, then update to SP2, because updating to SP2 CAN cause problems as long as you are infected.

David

#3 OliverSato

OliverSato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 17 October 2006 - 04:31 PM

First of all THANK YOU for such a fast reply and second THANK YOU for being so brutally honest about the situation and what to expect while at the same time still being open to helping me fix, as best as possible, my computer's malware infection even though it would be long process.

Given the nastiness of the pieces of malware i've been infected with and the compromising of my computer I will go with the recommendation of the security community experts to reformat and reinstall the OS. I just had a few questions that i could use you help answering before we part ways. I am not very computer savvy or technical, so if any of the questions have an obvious answer please don't hold it against me.

1. Was is my description, the log file, or both that places my Bravesentry malware infection in such a serious category? I saw gknot's Bravesentry posting on 9/23/06 in which DaveM59 walked gknot through a series of steps and all seem be resolved resolved. Of course, from my description, I was experiencing different infection symptoms than gknot.

2. Are there any special instructions that I need to follow when reformatting and reinstalling the OS on an infected computer's hard drive? Or do I simply follow the reinstall instructions from the dell recovery OS disk?

3. I installed a second hard drive in my computer awhile ago that has plenty of space remaining. I only store photos, music, and movies on this drive. Can I backup my critical files to my second hard drive or do I have to back them up to usb drive or disk.

4. Do I have to backup and reformat my second hard drive or only my primary?

5. What is the best way to avoid malware infection complications like application freezing and computer lockups while I am backing up my data e.g. can I back up files while in safe mode? I am afraid that my computer is going to crash before I have the chance to backup all of my primary drive files.

Thank you again so much! :thumbsup:

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 AM

Posted 18 October 2006 - 12:26 PM

Hey there, and you are most welcome. :thumbsup:

1. Was is my description, the log file, or both that places my Bravesentry malware infection in such a serious category? I saw gknot's Bravesentry posting on 9/23/06 in which DaveM59 walked gknot through a series of steps and all seem be resolved resolved. Of course, from my description, I was experiencing different infection symptoms than gknot.

You don't just have BraveSenty, but a whole host of nasty files capable of a whole host of things. With a computer like this even when you clean it out you can't trust it as things can stay hidden from scanners etc. For example just one of the bad files you have is able to do this -
Deletes programs. Invokes dll components. Creates Run Keys. Runs other programs. Communicates with web sites using httpout protocols. Has mass mail capabilities. Communicates with other computers across the web. Hijacks running processes. Has outbound communications. Creates registry entries. Creates run keys for known malware. Creates known malware. Creates copies of itself.
There are a number of random files which I cannot find any information on also which is also a bad sign. It's not only the malware that leads me to recommend a reformat - with a list of problems as large as you posted, without any updates from Windows and most likely an out of date antivirus, I don't want to imagine what's going on in the PC.

2. Are there any special instructions that I need to follow when reformatting and reinstalling the OS on an infected computer's hard drive? Or do I simply follow the reinstall instructions from the dell recovery OS disk?

I think the Dell instructions should be a good starting point. I recommend the following tutorial, which I have used many a time - they are very easy to follow for a even a novice:
http://www.michaelstevenstech.com/cleanxpinstall.html

3. I installed a second hard drive in my computer awhile ago that has plenty of space remaining. I only store photos, music, and movies on this drive. Can I backup my critical files to my second hard drive or do I have to back them up to usb drive or disk.

Please don't quote me on this as I myself am not too great at answering these kind of questions. I think that if you have two hard drives, one of them will have windows installed on it, the other is like a store if you like. I think you can put all the files that you want onto this second hard-drive then take it out of the PC. When you reformat you will simply wipe the 1st hard-drive and replace windows on it - then you can put the 2nd hard-drive in and you should have all the files you originally backed up. As a precaution I myself would put all the important files onto disks or USB - you can then be assured that you will have them no matter what happens. This question might be better asked in our XP forum, you might get more informative assistance there:
Windows XP Home and Professional

5. What is the best way to avoid malware infection complications like application freezing and computer lockups while I am backing up my data e.g. can I back up files while in safe mode? I am afraid that my computer is going to crash before I have the chance to backup all of my primary drive files.

I imagine here that the malware you have is making the PC unusable. In this situation I would recommend going into safe mode to remove all the files you want, in safe mode most of the malware should not start making the PC somewhat more bearable. Don't forget you won't get internet connection in normal safe mode. I think you should try and see what happens, if you do find it's near impossible we can try and get the very worst of the malware off the PC, but this should be in a worst case senario.

David

#5 OliverSato

OliverSato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 18 October 2006 - 02:33 PM

Thank you, thank you, and THANK YOU! Safe mode worked last night allowing me to copy all of my important files to my second hard drive. Tonight, I am going to perform the reformat and reinstall. Better safe now than more sorry later. Thanks for all your help, David!

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 AM

Posted 18 October 2006 - 02:58 PM

You're welcome Oliver, I think you'll find it's a wise move. :thumbsup:
Let me know how it goes..

#7 OliverSato

OliverSato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 23 October 2006 - 12:11 PM

Hi David, here is an update. I am afraid that I will still need your help. I reformatted my HD and reinstalled my OS. Within a few secconds of opening up my browser for the first time and establishing a connection to the MSN homepage a system message box opened with the content and an 'OK' button:
_____________________________________________________

Message from system alert on 10/23/2006 8:55 AM

To fix system please do the following
1. Download and install registry cleaner from www.msreg.com
2. Run registry clean
3. Reboot system
_____________________________________________________

Two following messages proceeded this message when I closed the window by clickin on the 'X'. They were same type of message with different websites: www.regrinsepro.com and www.tocleanpc.com. Here is my HiJackThis log. Thank you again for your help.



Logfile of HijackThis v1.99.1
Scan saved at 9:44:10 AM, on 10/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kozuma\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EAD83EB-EC91-4073-8AED-757196D037A7}: NameServer = 68.94.156.1 68.94.157.1

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 AM

Posted 23 October 2006 - 12:16 PM

Hey there OliverSato,

Glad to see you reformatted ok, I think this problem should be easy to solve.

The Windows "Messenger Service" is being exploited to spray the Internet with unsolicited commercial eMail. The receipt of a single UDP packet can cause a "Messenger Service" dialog to pop-up on the user's screen. It is possible for the sender to "spoof" (falsify) the packet's "Source IP", making these packets impossible to trace back to their origin. The first thing to understand is that the Windows Messenger Service is completely different from, and not in any way related to, "MSN Messenger", "Windows Messenger", or any other well-known instant messaging system. Therefore, disabling the Windows Messenger service will have no effect upon your use of any other instant messaging applications. They will continue to work without trouble.

To block the spam is to turn off Messenger Service.
Click Start>>Settings>>Control Panel

--Double click Administrative Tools
--Double click Services
--Double click Messenger
--Under Service Status, click Stop
--In the box next to Startup Type, select Disabled
--Click Apply>>OK

Alternatively, you can download a small program that will disable Messenger Service for you Called Shoot The Messenger. It's available at: http://www.grc.com/stm/shootthemessenger.htm

Reboot afterwards and let me know happens, are the popups gone?
David

#9 OliverSato

OliverSato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 23 October 2006 - 01:40 PM

Thanks David. I followed your instructions but after rebooting, Messenger is enabled again and pop up messages continued until I followed your instructions to stop Messenger again. Is there a way to turn off Messenger without having it start whenever I start my computer? Thanks.

#10 OliverSato

OliverSato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 24 October 2006 - 11:16 AM

Hi David, Messenger still continues everytime I restart my computer. Is there any way to turn it off without it restarting? Thank you.

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 AM

Posted 24 October 2006 - 11:26 AM

Did you try the "Shoot The Messenger" program in my reply?

#12 OliverSato

OliverSato
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 25 October 2006 - 12:59 PM

Worked like a charm, thanks David! One last question; what firewall software program/package do you feel comfortable recommending that would best prevent my computer from getting infected again and me in a another situation as this? A recommendation of one that is available to buy and another that is free would be super. Thank you!

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 AM

Posted 25 October 2006 - 01:53 PM

Glad to here that it worked Oliver.
Now I would definitely recommend you buy Kaspersky internet security suite..
It's relatively cheap, and doesn't use much resources at all.
It's my AV/firewall of choice and I've recommended it to family and friends.
So far they all seem really pleased with both performance and it's pretty easy to use.
It's about 40 for a subscription here in the UK, about $70 US I would imagine.
Note that's both a firewall and AV in one bundle, great value! :thumbsup:
http://usa.kaspersky-labs.com/products/internet-security.php

There are a whole host of reasonably good free AV's.
AVG and Avast are free antivirus programs..
I always feel though that all of the things I should pay for on the PC, it's for internet security.
Kaspersky always does great in tests, the free ones don't do so well.

Zonealarm, and Kerio are also good, free firewalls.
You can read this tutorial for more information:
Understanding and using firewalls.

Let me know what you think...
David

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 AM

Posted 16 November 2006 - 05:42 PM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users