After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?

1. mkdir -p /etc/X11/applnk/Internet/.etc

2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd

3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

4. touch -acmr /etc /etc/X11/applnk/Internet/.etc

5. passwd nobody -d

6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

7. passwd dns -d

8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

A.
IUSR_

B.
acmr, dns

C.
nobody, dns

D.
nobody, IUSR_

Explanation:
Passwd is the command used to modify a user password and it has been used together with the usernames nobody and dns.