Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

680 mgs free of 111gigs. only used 5 gigs


  • This topic is locked This topic is locked
9 replies to this topic

#1 wachumba

wachumba

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 16 July 2014 - 05:11 PM

have 2 gigs of pics and 3 game files. no way system files takes up the rest of space. help? i posted previously for a different pc might just run programs that i was told to run before and post logs to get things started



BC AdBot (Login to Remove)

 


#2 wachumba

wachumba
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 16 July 2014 - 05:13 PM

also just deleted couple programs and have less free space than when i deleted them now



#3 wachumba

wachumba
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 16 July 2014 - 05:28 PM

okk ran jrt adwcleaner and frst reports below. hope this helps

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by WACHUMBA on Wed 07/16/2014 at 18:14:21.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{61538CEE-6041-44A2-B878-22DB190C2102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\WACHUMBA\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\WACHUMBA\AppData\Roaming\mozilla\firefox\profiles\0fnmdob7.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\WACHUMBA\AppData\Roaming\mozilla\firefox\profiles\0fnmdob7.default\searchplugins\askcomsearch.xml
Successfully deleted: [Folder] C:\Users\WACHUMBA\AppData\Roaming\mozilla\firefox\profiles\0fnmdob7.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\WACHUMBA\AppData\Roaming\mozilla\firefox\profiles\0fnmdob7.default\prefs.js
 
user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com?cid={59EB3648-B085-4AB7-A9A1-8896953D07F1}&mid=f0a024b9b84447d392595dc0e3225fb5-0f7dd27df7ec7dc918fd419523d4d7ed
Emptied folder: C:\Users\WACHUMBA\AppData\Roaming\mozilla\firefox\profiles\0fnmdob7.default\minidumps [7 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/16/2014 at 18:17:56.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.215 - Report created 16/07/2014 at 18:21:35
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : WACHUMBA - WACHUMBA-PC
# Running from : C:\Users\WACHUMBA\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.7
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\WACHUMBA\AppData\Local\apn
[!] Folder Deleted : C:\Users\WACHUMBA\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\WACHUMBA\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\WACHUMBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\WACHUMBA\AppData\Roaming\Mozilla\Firefox\Profiles\0fnmdob7.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com Search");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.order.1", "Ask.com Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [5243 octets] - [16/07/2014 18:20:31]
AdwCleaner[S0].txt - [4653 octets] - [16/07/2014 18:21:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4713 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by WACHUMBA (administrator) on WACHUMBA-PC on 16-07-2014 18:24:03
Running from C:\Users\WACHUMBA\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nike) C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\chrome.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-02] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Nike+ Connect] => C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2012-11-26] (Nike)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-2530403588-4252861668-2902845633-1000\...\Run: [Google Update] => C:\Users\WACHUMBA\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-26] (Google Inc.)
HKU\S-1-5-21-2530403588-4252861668-2902845633-1000\...\Run: [chromium] => C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-2530403588-4252861668-2902845633-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2530403588-4252861668-2902845633-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2530403588-4252861668-2902845633-1000\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto
HKU\S-1-5-21-2530403588-4252861668-2902845633-1000\...\MountPoints2: {5686e364-2d24-11e3-b5d7-8c89a5c6b646} - E:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF691C41AAB3BCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\WACHUMBA\AppData\Roaming\Mozilla\Firefox\Profiles\0fnmdob7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\WACHUMBA\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\WACHUMBA\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\WACHUMBA\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\WACHUMBA\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\WACHUMBA\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\WACHUMBA\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: NoScript - C:\Users\WACHUMBA\AppData\Roaming\Mozilla\Firefox\Profiles\0fnmdob7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-05-26]
FF Extension: Adblock Plus - C:\Users\WACHUMBA\AppData\Roaming\Mozilla\Firefox\Profiles\0fnmdob7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-10]
 
Chrome: 
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WACHUMBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\WACHUMBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [403536 2010-10-26] (Logitech, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-13] (AVG Technologies)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows ® Win 7 DDK provider)
S4 LMIRfsClientNP; No ImagePath
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2012-04-02] (LogMeIn, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-16 18:24 - 2014-07-16 18:24 - 00014765 _____ () C:\Users\WACHUMBA\Downloads\FRST.txt
2014-07-16 18:23 - 2014-07-16 18:24 - 00000000 ____D () C:\FRST
2014-07-16 18:23 - 2014-07-16 18:23 - 02086912 _____ (Farbar) C:\Users\WACHUMBA\Downloads\FRST64.exe
2014-07-16 18:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 18:19 - 2014-07-16 18:21 - 00000000 ____D () C:\AdwCleaner
2014-07-16 18:19 - 2014-07-16 18:19 - 01348263 _____ () C:\Users\WACHUMBA\Downloads\AdwCleaner.exe
2014-07-16 18:19 - 2014-07-16 18:19 - 01016261 _____ (Thisisu) C:\Users\WACHUMBA\Downloads\JRT (1).exe
2014-07-16 18:17 - 2014-07-16 18:17 - 00007998 _____ () C:\Users\WACHUMBA\Desktop\JRT.txt
2014-07-16 18:14 - 2014-07-16 18:14 - 01016261 _____ (Thisisu) C:\Users\WACHUMBA\Downloads\JRT.exe
2014-07-16 18:14 - 2014-07-16 18:14 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 09:48 - 2014-07-16 09:48 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 08:32 - 2014-07-16 08:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 15:17 - 2014-07-15 15:17 - 00000000 ____D () C:\Users\WACHUMBA\Documents\MKGame
2014-07-15 14:28 - 2014-07-15 14:28 - 00000000 ____D () C:\Users\WACHUMBA\Documents\MKJogo
2014-07-13 23:46 - 2014-07-13 23:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 23:46 - 2014-07-13 23:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-13 23:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-13 23:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-13 23:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-13 23:36 - 2014-07-13 23:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\WACHUMBA\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 11:07 - 2014-07-13 11:07 - 00000000 ____D () C:\Windows\rescache
2014-07-12 23:17 - 2014-07-12 23:17 - 00003254 _____ () C:\Windows\System32\Tasks\{E810ED9C-9574-44CE-B68D-B529677A28BA}
2014-07-12 16:37 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 16:37 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 16:37 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-12 16:37 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-12 16:37 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-12 16:37 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-12 16:37 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-12 16:37 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-12 16:37 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-12 16:37 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-12 16:37 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-12 16:37 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-12 16:37 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-12 16:37 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-12 16:36 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 16:36 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 16:36 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 16:36 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 16:36 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 16:36 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 16:36 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 16:36 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 16:36 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 16:36 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 16:36 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 16:36 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 16:36 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 16:36 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 16:36 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 16:36 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 16:36 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 16:36 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 16:36 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 16:36 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 16:36 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 16:36 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 16:36 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 16:36 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 16:36 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 16:36 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 16:36 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 16:36 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 16:36 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 16:36 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 16:36 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 16:36 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 16:36 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 16:36 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 16:36 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 16:36 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 16:36 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 16:36 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 16:36 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 16:36 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 16:36 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 16:36 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 16:36 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 16:36 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 16:36 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 16:36 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 16:36 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 16:36 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 16:36 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 16:36 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 16:36 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 16:36 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 16:36 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 16:36 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 16:36 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 16:36 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 16:36 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 16:36 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 16:36 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 16:33 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 16:33 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 16:33 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 16:33 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 16:33 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-12 16:33 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 16:33 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 16:33 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 16:33 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 16:33 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 16:33 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 16:33 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 16:33 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 16:33 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 16:33 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 16:33 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 16:33 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 16:33 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 16:33 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 16:33 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 16:24 - 2014-07-12 16:30 - 00001227 _____ () C:\Windows\SecuniaPackage.log
 
==================== One Month Modified Files and Folders =======
 
2014-07-16 18:24 - 2014-07-16 18:24 - 00014765 _____ () C:\Users\WACHUMBA\Downloads\FRST.txt
2014-07-16 18:24 - 2014-07-16 18:23 - 00000000 ____D () C:\FRST
2014-07-16 18:23 - 2014-07-16 18:23 - 02086912 _____ (Farbar) C:\Users\WACHUMBA\Downloads\FRST64.exe
2014-07-16 18:22 - 2014-04-20 20:47 - 00000374 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-07-16 18:22 - 2014-04-20 20:47 - 00000374 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-07-16 18:22 - 2013-03-20 12:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 18:22 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 18:22 - 2009-07-14 00:51 - 00090610 _____ () C:\Windows\setupact.log
2014-07-16 18:21 - 2014-07-16 18:19 - 00000000 ____D () C:\AdwCleaner
2014-07-16 18:21 - 2013-03-06 05:11 - 00000000 ____D () C:\Users\WACHUMBA\AppData\Local\AVG SafeGuard toolbar
2014-07-16 18:21 - 2012-05-23 18:49 - 01801830 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 18:21 - 2010-11-20 23:47 - 00200676 _____ () C:\Windows\PFRO.log
2014-07-16 18:19 - 2014-07-16 18:19 - 01348263 _____ () C:\Users\WACHUMBA\Downloads\AdwCleaner.exe
2014-07-16 18:19 - 2014-07-16 18:19 - 01016261 _____ (Thisisu) C:\Users\WACHUMBA\Downloads\JRT (1).exe
2014-07-16 18:17 - 2014-07-16 18:17 - 00007998 _____ () C:\Users\WACHUMBA\Desktop\JRT.txt
2014-07-16 18:17 - 2012-06-01 04:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 18:14 - 2014-07-16 18:14 - 01016261 _____ (Thisisu) C:\Users\WACHUMBA\Downloads\JRT.exe
2014-07-16 18:14 - 2014-07-16 18:14 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 18:11 - 2012-05-26 22:41 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-16 18:11 - 2012-05-26 22:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-16 17:42 - 2012-05-26 21:56 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000UA.job
2014-07-16 17:27 - 2013-03-20 12:08 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 16:42 - 2012-05-26 21:56 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000Core.job
2014-07-16 15:09 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 15:09 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 09:48 - 2014-07-16 09:48 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 09:48 - 2014-07-16 09:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-16 09:02 - 2013-12-01 05:39 - 00000000 ____D () C:\Users\WACHUMBA\AppData\Local\PMB Files
2014-07-16 08:33 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 08:32 - 2014-07-16 08:32 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 08:27 - 2012-11-27 22:50 - 00000000 ____D () C:\Bovada
2014-07-15 15:17 - 2014-07-15 15:17 - 00000000 ____D () C:\Users\WACHUMBA\Documents\MKGame
2014-07-15 14:28 - 2014-07-15 14:28 - 00000000 ____D () C:\Users\WACHUMBA\Documents\MKJogo
2014-07-15 14:28 - 2014-04-01 16:55 - 00000058 _____ () C:\Windows\JQHApp.dat
2014-07-15 14:28 - 2014-04-01 16:55 - 00000000 ____D () C:\Users\WACHUMBA\Documents\MK-LOL
2014-07-15 14:27 - 2014-04-01 16:54 - 00001109 _____ () C:\Users\WACHUMBA\Desktop\MK LOL.lnk
2014-07-15 08:17 - 2012-06-01 04:59 - 00000000 ____D () C:\Users\postgres
2014-07-14 10:47 - 2013-12-01 05:39 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-13 23:49 - 2014-07-13 23:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 23:46 - 2014-07-13 23:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-13 23:40 - 2014-07-13 23:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\WACHUMBA\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-13 20:55 - 2013-05-20 21:51 - 00003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-07-13 20:55 - 2013-03-06 05:11 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-07-13 11:07 - 2014-07-13 11:07 - 00000000 ____D () C:\Windows\rescache
2014-07-13 09:15 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 09:15 - 2012-06-04 13:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-13 09:15 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 09:15 - 2009-07-14 00:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 09:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 09:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-13 02:46 - 2013-07-21 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 23:17 - 2014-07-12 23:17 - 00003254 _____ () C:\Windows\System32\Tasks\{E810ED9C-9574-44CE-B68D-B529677A28BA}
2014-07-12 16:49 - 2012-05-26 21:51 - 00000000 ____D () C:\Users\WACHUMBA\AppData\Roaming\Mozilla
2014-07-12 16:45 - 2012-05-26 21:56 - 00002386 _____ () C:\Users\WACHUMBA\Desktop\Google Chrome.lnk
2014-07-12 16:37 - 2012-05-26 21:56 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000UA
2014-07-12 16:37 - 2012-05-26 21:56 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000Core
2014-07-12 16:30 - 2014-07-12 16:24 - 00001227 _____ () C:\Windows\SecuniaPackage.log
2014-07-12 16:29 - 2012-06-01 04:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 16:29 - 2012-06-01 04:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 16:29 - 2012-06-01 04:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-12 16:24 - 2014-05-10 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-12 16:24 - 2014-05-05 02:09 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-12 16:24 - 2012-05-26 21:51 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-12 16:24 - 2012-05-26 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-12 16:23 - 2013-03-20 12:08 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-12 16:22 - 2013-03-20 12:08 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-29 22:09 - 2014-07-12 16:37 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-12 16:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 17:40 - 2012-05-26 22:08 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-20 16:14 - 2014-07-12 16:36 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-12 16:36 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-12 16:36 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-12 16:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-12 16:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-12 16:36 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-12 16:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-12 16:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-12 16:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-12 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-12 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-12 16:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-12 16:36 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-12 16:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-12 16:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-12 16:36 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-12 16:36 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-12 16:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-12 16:36 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-12 16:36 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-12 16:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-12 16:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-12 16:36 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-12 16:36 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-12 16:36 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-12 16:36 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-12 16:36 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-12 16:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-12 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-12 16:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-12 16:36 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-12 16:36 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-12 16:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-12 16:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-12 16:36 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-12 16:36 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-12 16:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-12 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-12 16:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-12 16:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-12 16:36 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-12 16:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-12 16:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-12 16:36 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-12 16:36 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-12 16:36 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-12 16:36 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-12 16:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-12 16:36 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-12 16:36 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-12 16:36 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-12 16:36 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-12 16:36 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-12 16:36 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-12 16:36 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-12 16:36 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-12 16:36 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-12 16:36 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-12 16:36 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
Files to move or delete:
====================
C:\Users\WACHUMBA\jagex_cl_runescape_LIVE.dat
C:\Users\WACHUMBA\random.dat
 
 
Some content of TEMP:
====================
C:\Users\WACHUMBA\AppData\Local\Temp\APNStub.exe
C:\Users\WACHUMBA\AppData\Local\Temp\AskSLib.dll
C:\Users\WACHUMBA\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\WACHUMBA\AppData\Local\Temp\devcon64.exe
C:\Users\WACHUMBA\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\WACHUMBA\AppData\Local\Temp\i4jdel0.exe
C:\Users\WACHUMBA\AppData\Local\Temp\javasysmo1110578161930011417.dll
C:\Users\WACHUMBA\AppData\Local\Temp\javasysmo4034835646110924482.dll
C:\Users\WACHUMBA\AppData\Local\Temp\javasysmo4599539702456225400.dll
C:\Users\WACHUMBA\AppData\Local\Temp\javasysmo7327078673215160260.dll
C:\Users\WACHUMBA\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\WACHUMBA\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\WACHUMBA\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\WACHUMBA\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\WACHUMBA\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\WACHUMBA\AppData\Local\Temp\oi_{8801BFED-C8CC-4DD4-835B-21A60144CB97}.exe
C:\Users\WACHUMBA\AppData\Local\Temp\Quarantine.exe
C:\Users\WACHUMBA\AppData\Local\Temp\setup.exe
C:\Users\WACHUMBA\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\WACHUMBA\AppData\Local\Temp\SkypeSetup.exe
C:\Users\WACHUMBA\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\WACHUMBA\AppData\Local\Temp\tmp1B5C.exe
C:\Users\WACHUMBA\AppData\Local\Temp\tmp1CC4.exe
C:\Users\WACHUMBA\AppData\Local\Temp\tmp24A0.exe
C:\Users\WACHUMBA\AppData\Local\Temp\tmp2FC6.exe
C:\Users\WACHUMBA\AppData\Local\Temp\tmp4AD5.exe
C:\Users\WACHUMBA\AppData\Local\Temp\tmp6C4.exe
C:\Users\WACHUMBA\AppData\Local\Temp\{4BE498D4-D944-4EA2-B180-E34F18D982C0}-29.0.1547.62_28.0.1500.95_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-12 17:22
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by WACHUMBA at 2014-07-16 18:24:21
Running from C:\Users\WACHUMBA\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{C4B95D2E-BDE6-412D-AF7B-EC43A298C55B}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{3FC9A6DE-C105-4576-8F63-656FFB1BF8EB}) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
Camtasia Studio 8 (HKLM-x32\...\{B1F8F5EB-75E2-40C3-9A50-7907F1C910F1}) (Version: 8.0.3.994 - TechSmith Corporation)
CarbonPoker (HKCU\...\CarbonPoker) (Version: 5.0 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.63.10.WIN.FullTilt.COM - )
Full Tilt Poker.Net (HKLM-x32\...\{E07B7A31-E160-466D-A003-3BB7B8989D52}) (Version: 4.46.3.WIN.FullTilt.NET - )
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KeePass Password Safe 1.22 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.22 - Dominik Reichl)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech Solar App 1.0 (HKLM\...\SolarApp) (Version: 1.00.46 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MKLOL (HKCU\...\MKLOL) (Version:  - )
MOG (HKCU\...\55559b77384385c5) (Version: 1.3.25.0 - MOG)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 5.2.14 - Nike)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PokerCoach (HKLM-x32\...\PokerCoach_is1) (Version:  - Snowie Games Ltd)
PokerOne (HKCU\...\PokerOne) (Version: 5.0 - )
PokerStove version 1.12 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version:  - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
ProPokerTools Odds Oracle 2.2.1 (HKLM-x32\...\5992-1726-3179-3433) (Version: 2.2.1 - ProPokerTools)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sportsbook Poker (HKCU\...\Sportsbook Poker) (Version: 6.0 - )
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.006 - MSI)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Restore Points  =========================
 
16-07-2014 22:11:51 Removed LogMeIn
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2004AD67-DCE3-44F4-8429-4FE48F160462} - System32\Tasks\{426DDE1D-A418-4280-9DF5-D0BA8BF54D04} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment)
Task: {580490D8-2312-4946-9710-119008161C02} - System32\Tasks\{C998E985-02A7-4A1D-8710-33EFC4D91D50} => C:\Program Files (x86)\StarCraft\StarCraft.exe [2009-01-09] (Blizzard Entertainment)
Task: {694A2D67-7274-45EC-90D5-D004D95CF789} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D45436F-6692-44AC-8385-017DEB6C7B32} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {7DB91ECA-E648-4175-A1B8-3169BD4274E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {8BE6C743-5E9D-4D4D-A4D3-5A00E1D5B135} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000Core => C:\Users\WACHUMBA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26] (Google Inc.)
Task: {ACE20ED4-AF8C-4E38-A6DE-CA226B679AB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20] (Google Inc.)
Task: {B254615E-5385-4512-9B57-AE3E89938E63} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000UA => C:\Users\WACHUMBA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-26] (Google Inc.)
Task: {CDA00B24-5210-4F93-B698-7F6F92AF5DEF} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D28AA219-6AFE-4516-BD1A-3237D05CD390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20] (Google Inc.)
Task: {EBCF46DE-3AD5-4E5F-9FFF-1181D6DDB046} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {F666099E-0FE1-476D-BEA9-2D96377907A6} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000Core.job => C:\Users\WACHUMBA\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530403588-4252861668-2902845633-1000UA.job => C:\Users\WACHUMBA\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-25 14:36 - 2010-08-19 15:25 - 00272864 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2012-05-25 14:36 - 2011-09-16 12:35 - 04559840 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-01 04:59 - 2011-01-28 01:15 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2012-06-01 04:59 - 2009-02-12 15:01 - 00976384 _____ () c:\postgreSQL\bin\libxml2.dll
2012-06-01 04:59 - 2005-07-20 06:48 - 00059904 _____ () c:\postgreSQL\bin\zlib1.dll
2012-05-25 14:36 - 2010-11-10 17:28 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-05-25 14:36 - 2010-07-08 11:24 - 00258048 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-07-12 16:45 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-12 16:45 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-12 16:45 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-12 16:45 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-12 16:45 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\WACHUMBA\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2012-05-23 19:04 - 2012-01-19 23:23 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/16/2014 06:23:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/16/2014 06:22:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (07/16/2014 06:23:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-03-19 16:50:02.870
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-19 16:50:02.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 8146.43 MB
Available physical RAM: 6571.36 MB
Total Pagefile: 15766.06 MB
Available Pagefile: 13892.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:0.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: AEB71D23)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 AM

Posted 21 July 2014 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    
    HKLM-x32\...\Run: [] => [X]
    ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File)
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    Task: {7D45436F-6692-44AC-8385-017DEB6C7B32} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
    
    end
    

    Save the files as fixlist.txt in to the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?


#5 wachumba

wachumba
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 21 July 2014 - 10:59 AM

computer has been running fine. i just noticed there's no space on my harddrive and it should be empty. 
 
i posted this in my original post. does that mean my computer is partitioned and all the space is just on another partition?

==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:0.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: AEB71D23)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014
Ran by WACHUMBA at 2014-07-21 11:53:49 Run:1
Running from C:\Users\WACHUMBA\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (No File)
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
Task: {7D45436F-6692-44AC-8385-017DEB6C7B32} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
 
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
postgresql-8.4 => Service stopped successfully.
postgresql-8.4 => Service deleted successfully.
LMIInfo => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D45436F-6692-44AC-8385-017DEB6C7B32}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D45436F-6692-44AC-8385-017DEB6C7B32}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar' => Key deleted successfully.
 
==== End of Fixlog ====
 
you didnt ask for the security check log but cant hurt to post
 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (2.0.0.4003)   
 JavaFX 2.1.1    
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 AM

Posted 21 July 2014 - 01:36 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet

===


Looks like the wrong partition is active.

Run this tool and post the log.

Please download this ListPart.exe to a folder of you choice. Select the proper tool for your system.

For x86 (x32) bit systems please download Listparts
For x64 bit systems please download Listparts64
Run the tool as an Administrator , click Scan and copy and post the log (Result.txt) in your next reply.

#7 wachumba

wachumba
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 22 July 2014 - 08:08 AM

 
 
ListParts by Farbar Version: 17-04-2014
Ran by WACHUMBA (administrator) on 22-07-2014 at 09:07:32
Windows 7 (X64)
Running From: C:\Users\WACHUMBA\Downloads
Language: 0409
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 30%
Total physical RAM: 8146.43 MB
Available physical RAM: 5636.8 MB
Total Pagefile: 16291.03 MB
Available Pagefile: 13468.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
======================= Partitions =========================
 
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:3.33 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          111 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: AEB71D23
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            111 GB   101 MB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System (partition with boot components)  
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    111 GB  Healthy    Boot    
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: AEB71D23
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
 
****** End Of Log ****** 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 AM

Posted 22 July 2014 - 09:26 AM

I'm checking with the experts.
I will get back to you.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 AM

Posted 23 July 2014 - 06:04 PM

That looks good, nothing need to be changed there (the system recovery partition should be set as active).

I would suggest clearing out all temp files and folders, and then have a look where most of the space is going with TreeSiz

You can find thr tool here.
http://www.bleepingcomputer.com/download/treesize-free/

One other comment was and I quote
 

They might gain some space by removing temporary files but still the size of the OS drive is too small. They need to buy an external drive and transfer all the personal files to it and keep maintaining the OS partition.


Clean temporary files.
http://windows.microsoft.com/en-ca/windows/delete-files-using-disk-cleanup#delete-files-using-disk-cleanup=windows-7

I'm sorry this is no longer malware and not my forte, if you need additional help please start a ne wtopic in the Windows 8 forum

Windows 8 Forum
http://www.bleepingcomputer.com/forums/f/209/windows-8/

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 AM

Posted 29 July 2014 - 08:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users