Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan.graftor, trojan.stolendata and others


  • Please log in to reply
7 replies to this topic

#1 resa83

resa83

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:02:09 AM

Posted 28 November 2016 - 10:10 AM

My brother was using my laptop this morning and he was looking at the news on cnn website. Suddenly a page pops up and unfortunately we're unable to remember what it said, however my laptop made a LOUD noise when this page popped up. The pop up did say something about being infected with something or the other, I then panicked a little bit and removed battery immediately. I first ran mbam and 260 possible unwanted files was listed including trojan.graftor and trojan.stolendata. 

 

Any and all help I receive I just want you to know that I'm very grateful. 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Theresa (administrator) on THERESA-PC (28-11-2016 08:43:32)
Running from C:\Users\Theresa\Desktop
Loaded Profiles: Theresa (Available Profiles: Theresa)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
() C:\Users\Theresa\AppData\Local\FilterStart\FilterStart.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(name) C:\Users\Theresa\AppData\Local\Translate Mgr Helper\SyncFolders.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QPService] => C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-04-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [CTFMON.EXE] => C:\Windows\System32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-03] (Skype Technologies S.A.)
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-779955071-2386261043-3181224681-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [334336 2008-01-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{0ED92ABE-083B-405C-A6F4-4E7D4BA127B8}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {E7733ED3-CC1D-4620-8A52-C30D779F3132} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
 
FireFox:
========
FF ProfilePath: C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\yqw2i4d3.default-1479086482404
FF Homepage: hxxp://hp.myway.com/getformsonline/s19080/index.html?coId=847443e778824fa8b223c20bd8f77c6b&subId=CJCqmYOas9ACFUU2gQodyzgIuw&ln=en&n=782b6cbb&ptb=D0A5A82A-8E20-4C6F-8CEA-73258C19A15F&st=tab&p2=%5EBX2%5Exdm001%5ES19080%5Eus&si=CJCqmYOas9ACFUU2gQodyzgIuw
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Extension: Email - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\yqw2i4d3.default-1479086482404\Extensions\@Email.xpi [2016-11-17]
FF Extension: GetFormsOnline - C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\yqw2i4d3.default-1479086482404\Extensions\_dbMembers_@free.getformsonline.com [2016-11-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-07-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-01-08] [not signed]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3334306&octid=EB_ORIGINAL_CTID&ISID=M40F810F6-A17F-43B7-A8A8-24D9ECB1B0DC&SearchSource=55&CUI=&UM=8&UP=SPD0A244F5-B5C1-4092-AB00-C1D78840D6E6&D=081615&SSPV=","hxxps://www.google.com/","hxxp://us.4yendex.com/?utm_source=sdks&utm_medium=us01&utm_campaign=90ff0a8c3fb1550a8c097de737ef31d1"
CHR Profile: C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Spiderman Games) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ambgbkcjeonlfhapmmbebfjikbckgadi [2016-11-26]
CHR Extension: (Google Docs) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24]
CHR Extension: (Earn to Die 2012) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjdfceflpnmimlinlkeiapjanledaadl [2016-11-26]
CHR Extension: (Skype Calling) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-11-26]
CHR Extension: (Spiderman games) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eblfpogkgjpafaabnlekhdjbmodiapcm [2016-11-26]
CHR Extension: (90 s games) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhokgefljkcpmgphogaclpgdamililgo [2016-11-26]
CHR Extension: (GameZooks Advertisements) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdkpllchojjkbgephbbeacaahecgfpga [2016-11-26]
CHR Extension: (Google Play) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-11-26]
CHR Extension: (Spiderman Games) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbhjnmlbnnimcedibhacbdlejjjaphak [2016-11-26]
CHR Extension: (Sega Genesis Emulator) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhekiangdmpngipilcncogimfbopahfd [2016-11-26]
CHR Extension: (FromDocToPDF) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2016-11-26]
CHR Extension: (Spiderman Games) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mhijdjcchbbmnaackhebnohcmhbomoji [2016-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-24]
CHR Extension: (Dragon Ball Z Games) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\paelbjpdphgahjafgknepieiofgeeojj [2016-11-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [86016 2008-02-12] (Andrea Electronics Corporation)
S4 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [1002752 2016-01-28] (Broadcom Corporation.) [File not signed]
S4 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-24] ()
S4 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-24] ()
S4 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2016-04-08] (Broadcom Corporation.)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-20] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-28] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1368960 2006-09-29] (Philips Semiconductors GmbH)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [243712 2014-08-08] (QUALCOMM Incorporated)
S1 translateMgr; C:\Windows\translateMgr.sys [57072 2016-07-08] (Windows ® Win 7 DDK provider) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-28 08:43 - 2016-11-28 08:44 - 00014177 _____ C:\Users\Theresa\Desktop\FRST.txt
2016-11-28 07:45 - 2016-11-28 07:45 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\Theresa\Downloads\flashplayer23pp_ga_install.exe
2016-11-27 07:09 - 2016-11-28 07:58 - 00262662 _____ C:\Windows\ntbtlog.txt
2016-11-26 15:27 - 2016-11-26 15:27 - 12924024 _____ (LeapFrog Enterprises, Inc.) C:\Users\Theresa\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2016-11-26 13:35 - 2016-11-26 15:59 - 00000000 ____D C:\Users\Theresa\Downloads\Spider-Man 2 - Nintendo Game Boy Advance - Play Retro Games_files
2016-11-26 13:35 - 2016-11-26 13:35 - 00188990 _____ C:\Users\Theresa\Downloads\Spider-Man 2 - Nintendo Game Boy Advance - Play Retro Games.html
2016-11-26 11:57 - 2016-11-26 11:57 - 11789616 _____ C:\Users\Theresa\Downloads\spider-man-2.apk
2016-11-24 21:34 - 2016-11-24 21:34 - 00285705 _____ C:\Users\Theresa\Downloads\Windows6.0-KB931621-x86.msu
2016-11-20 19:59 - 2016-11-20 19:59 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-18 09:41 - 2016-05-14 09:54 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-18 09:41 - 2016-05-14 09:53 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-11-18 09:41 - 2016-05-14 09:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-18 09:41 - 2016-05-14 09:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-18 09:41 - 2016-05-14 09:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2016-11-18 09:41 - 2016-05-14 08:38 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-18 09:41 - 2016-05-14 08:38 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-18 09:41 - 2016-05-14 08:38 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-18 09:41 - 2016-05-11 07:10 - 00516328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-18 09:40 - 2016-05-18 09:55 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-11-18 09:40 - 2016-05-18 09:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-11-18 09:40 - 2016-03-10 11:07 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-18 09:40 - 2016-03-10 10:43 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-18 09:26 - 2016-05-14 09:58 - 00383208 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-18 09:26 - 2016-05-14 09:53 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-18 09:26 - 2016-05-14 09:47 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-18 09:26 - 2016-05-14 09:41 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-18 09:24 - 2016-03-18 12:15 - 01915392 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-18 09:24 - 2016-03-18 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-18 09:24 - 2016-03-18 11:10 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-18 09:24 - 2016-03-18 11:10 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-18 08:45 - 2016-04-09 15:17 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-11-18 08:45 - 2016-04-09 14:48 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-11-18 08:45 - 2016-04-09 14:01 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-11-18 08:45 - 2016-04-09 13:07 - 00486912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-11-18 08:44 - 2016-03-18 12:15 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-11-18 08:44 - 2016-03-18 12:15 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-18 08:44 - 2016-03-18 12:15 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-11-18 08:44 - 2016-03-18 12:15 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-18 08:44 - 2016-03-18 12:14 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-18 08:44 - 2016-03-18 11:10 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-18 08:44 - 2016-03-18 11:10 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-11-18 08:43 - 2016-03-04 10:52 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-11-18 08:43 - 2016-03-04 10:40 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-11-18 08:03 - 2016-03-17 13:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-11-18 08:03 - 2016-03-17 11:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-11-18 08:03 - 2016-03-17 11:45 - 00105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-11-18 07:44 - 2016-05-12 08:45 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-18 07:44 - 2016-05-12 08:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-18 07:44 - 2016-05-12 08:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-18 07:44 - 2016-05-10 09:55 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-11-18 07:44 - 2016-05-10 09:54 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-11-18 07:44 - 2016-05-10 09:54 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-11-18 07:44 - 2016-05-10 09:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-11-18 07:44 - 2016-05-10 09:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-11-18 07:44 - 2016-05-10 09:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-11-18 07:44 - 2016-05-10 08:55 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-11-18 07:44 - 2016-05-10 08:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-11-18 07:44 - 2016-05-10 08:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-11-18 07:40 - 2016-03-21 17:00 - 01589168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-18 07:40 - 2016-03-21 17:00 - 01171488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-18 07:39 - 2016-04-09 15:39 - 04692200 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-18 07:13 - 2016-04-09 14:53 - 00901352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-11-18 07:13 - 2016-04-09 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-11-18 07:12 - 2016-05-12 09:56 - 00726016 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-11-18 07:12 - 2016-05-12 09:56 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-11-18 07:12 - 2016-05-12 09:56 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-11-18 07:12 - 2016-05-12 09:56 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-11-18 07:12 - 2016-05-12 09:56 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-11-18 07:12 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-11-18 07:12 - 2016-05-12 09:34 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-11-18 07:12 - 2016-05-12 09:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-11-18 07:12 - 2016-05-12 09:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-11-18 07:12 - 2016-05-12 09:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-11-17 22:51 - 2016-11-21 10:00 - 00000000 ____D C:\Users\Theresa\AppData\LocalLow\Mozilla
2016-11-17 08:22 - 2016-05-12 13:52 - 18804224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-17 08:22 - 2016-05-12 13:49 - 02351616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-17 08:22 - 2016-05-12 13:46 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-17 08:22 - 2016-05-12 13:45 - 10940416 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-17 08:22 - 2016-05-12 13:44 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-17 08:22 - 2016-05-12 13:43 - 01392640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 02159104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-17 08:22 - 2016-05-12 13:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-17 08:22 - 2016-05-12 13:42 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-11-17 08:22 - 2016-05-12 13:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-11-17 08:22 - 2016-05-12 13:42 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-11-17 08:22 - 2016-05-12 13:41 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-17 08:22 - 2016-05-12 13:11 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-17 08:22 - 2016-05-12 13:10 - 12840960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-17 08:22 - 2016-05-12 13:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-17 08:22 - 2016-05-12 13:06 - 09755136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-17 08:22 - 2016-05-12 13:06 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-17 08:22 - 2016-05-12 13:05 - 01129984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-17 08:22 - 2016-05-12 13:04 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-17 08:22 - 2016-05-12 13:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-17 08:22 - 2016-05-12 13:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-17 08:22 - 2016-05-12 13:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-17 08:22 - 2016-05-12 13:04 - 00425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-17 08:22 - 2016-05-12 13:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-11-17 08:22 - 2016-05-12 13:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-17 08:22 - 2016-05-12 13:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-17 08:22 - 2016-05-12 13:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-11-17 08:22 - 2016-05-12 13:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-17 08:22 - 2016-05-12 13:03 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-17 08:22 - 2016-05-12 13:03 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-17 08:22 - 2016-05-12 13:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-17 08:22 - 2016-05-12 13:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-17 08:22 - 2016-05-12 13:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-11-17 08:22 - 2016-05-12 13:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-11-17 02:27 - 2016-11-17 02:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-17 02:27 - 2016-11-17 02:27 - 00000000 ____D C:\Users\Theresa\Tracing
2016-11-17 02:27 - 2016-11-17 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-11-17 02:24 - 2016-11-17 02:26 - 43508184 _____ (Skype Technologies S.A.) C:\Users\Theresa\Downloads\SkypeSetupFullXp.exe
2016-11-16 23:20 - 2016-11-16 23:20 - 00000294 _____ C:\Users\Public\Public - Shortcut.lnk
2016-11-10 18:05 - 2016-11-10 18:05 - 00000104 _____ C:\Users\Theresa\Desktop\Internet - Shortcut.lnk
2016-10-29 20:44 - 2016-10-29 20:44 - 40574976 _____ C:\Users\Theresa\Downloads\EpicGamesLauncherInstaller-2.12.14-3176191.msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-28 08:43 - 2016-04-08 17:09 - 00000000 ____D C:\Users\Theresa\Desktop\tools
2016-11-28 08:43 - 2016-04-08 12:56 - 00000000 ____D C:\FRST
2016-11-28 08:17 - 2016-07-08 11:34 - 00000000 ____D C:\Program Files (x86)\01a409f7-d2b8-40a3-bd59-a0e5c69eae9a
2016-11-28 08:11 - 2016-01-15 13:46 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Skype
2016-11-28 08:07 - 2016-04-08 14:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-28 08:04 - 2015-11-23 23:26 - 00000290 _____ C:\Users\Public\Documents\hpqp.ini
2016-11-28 08:01 - 2006-11-02 09:21 - 00408600 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-28 08:00 - 2006-11-02 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-27 23:20 - 2016-04-08 17:52 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-11-27 23:20 - 2006-11-02 09:42 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-26 18:31 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\inf
2016-11-26 18:31 - 2006-11-02 06:46 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-26 18:28 - 2016-04-17 11:39 - 00000000 ____D C:\Users\Theresa\AppData\Local\LeapFrogConnect
2016-11-26 12:58 - 2016-07-17 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games for HP
2016-11-26 09:30 - 2016-07-08 11:34 - 00000000 ____D C:\Sound+
2016-11-25 15:23 - 2016-01-07 19:30 - 00000000 ____D C:\ProgramData\Oracle
2016-11-25 15:22 - 2016-01-07 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-25 15:22 - 2016-01-07 19:28 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-25 15:21 - 2016-01-07 19:28 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-24 21:20 - 2016-03-05 19:14 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\vlc
2016-11-24 18:09 - 2016-01-07 19:25 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\HpUpdate
2016-11-23 15:52 - 2016-07-28 11:48 - 00000680 _____ C:\Users\Theresa\AppData\Local\d3d9caps.dat
2016-11-20 19:59 - 2016-04-08 12:38 - 00002025 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-18 23:03 - 2016-03-12 18:03 - 00000000 ____D C:\Users\Theresa\Documents\Bandicam
2016-11-18 10:20 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\rescache
2016-11-18 09:49 - 2016-03-05 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-11-18 09:47 - 2006-11-02 09:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-11-18 09:47 - 2006-11-02 09:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-11-18 09:39 - 2015-11-27 14:21 - 00000000 ____D C:\Windows\system32\MRT
2016-11-18 09:26 - 2006-11-02 06:35 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-11-18 09:25 - 2016-03-05 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-17 04:33 - 2016-04-09 14:16 - 00000000 ____D C:\Users\Theresa\Desktop\grandma
2016-11-17 02:27 - 2016-01-15 13:46 - 00000000 ____D C:\ProgramData\Skype
2016-11-17 02:27 - 2015-11-23 22:35 - 00000000 ____D C:\Users\Theresa
2016-11-14 22:01 - 2016-09-21 20:52 - 00000848 _____ C:\Users\Theresa\AppData\Roaming\wklnhst.dat
2016-11-14 08:59 - 2015-11-23 22:41 - 00108256 _____ C:\Users\Theresa\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-13 19:32 - 2016-03-12 11:14 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-13 19:32 - 2016-03-12 11:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-13 19:32 - 2016-03-05 19:33 - 00000000 ____D C:\Users\Theresa\AppData\Local\Adobe
2016-11-13 19:31 - 2016-03-12 11:14 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-13 19:30 - 2008-07-01 02:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-13 17:45 - 2016-05-22 13:29 - 00000000 ____D C:\Users\Theresa\AppData\Local\CrashDumps
2016-11-12 16:02 - 2016-04-10 13:31 - 00000000 ____D C:\Users\Theresa\.frostwire5
2016-11-10 17:51 - 2016-04-29 09:00 - 00000000 ____D C:\Users\Theresa\AppData\Local\Unity
2016-11-10 17:50 - 2016-07-19 11:07 - 00000000 ____D C:\Users\Theresa\AppData\Roaming\Opera Software
2016-11-10 17:50 - 2016-07-19 11:07 - 00000000 ____D C:\Users\Theresa\AppData\Local\Opera Software
2016-11-10 17:50 - 2016-07-19 11:07 - 00000000 ____D C:\Program Files (x86)\Opera
 
==================== Files in the root of some directories =======
 
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\bittorrent
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files\ByteFence
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\Caster
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\contentprotector
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\Free FLV Player
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\newext
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files\UBar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\winzipper
2016-07-08 11:47 - 2016-07-08 11:47 - 0000000 __RSH () C:\Program Files (x86)\05e375e4-e4f4-41de-9089-35f873dad625
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\1 Media Player
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\360
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\48 dresses
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Ad Muncher
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Adblock for Youtube
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AdBlocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Adguard
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ADSKIP
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\advPlugin
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Aktiv Download Manager
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Anisatain
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AnvSoft Web FLV Player Free
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Any Angle
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AnyProtectEx
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AnySend
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Application Assistance
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Atapacult
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AudioVideoKit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ba3du
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\badu
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BaiduEx
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\baidus.exe
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Baisvik
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BB10  PlayBook App Manager
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BBerry
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BonusBerry
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Booking.com
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Box Green
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\browse pulse
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Cegush
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Checked List
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Chedot
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ChicaLogic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Cideyguvay
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Clcegh
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\clean2pc
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\CleanBrowser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Clip2net
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\cmcm
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Dots
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\comoboss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\compfix
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ContentProtector
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Cool getWeather
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Coupon Time
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\CouponsPlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\COVERT Pro
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Crazy Score
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Crossbrowse
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Csrss Updater
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Defsoft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Dig Deep
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Digital More
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\dlsecuretb
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DNS Unlocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DolkaRuIePlugin
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Dolphin Deals
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DoubleOptMedia
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DriverPack Notifier
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\EasyHotspot
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Edu App
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\EngineRunner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\EoxstraCouppon
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ExsutraCouepoNN
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ExtensionSimple Blocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\FastoPlayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\FB Color Changer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Fedaryqeule
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\filter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Free VPN
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Fresh Outlook
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Funshion Online
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\FusionPlayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Games-desktop
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GamesRS
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GameXPServic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GameXPService
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Ge-Force
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GetGo Software
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Ghostery Storage Server
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Glass Bottle
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\globalUpdate
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Hack this page
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Hamster Soft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HDef
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HDefsoft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HelloSign for Gmail
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\High Stairs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HomePageDefender
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HomeTab
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Hostify
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HP Defender
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HpDef
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\iCloud Bookmarks
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\IconRunner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\igs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\IncludeFunc
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\IObit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\IQIYI Video
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\iWebar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Jejochclipasp
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Jungle Net
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\kbasesrv
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\kingsoft
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\Kinoroom Browser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Lavasoft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LibraryGeneration
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LightEngine
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LighterSystem
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LiveReader
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LiveUpdateWPP
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LiveWPPUpdate
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Local Weather Beta
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Lorckphsary
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\maintenance software
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Max Computer Cleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Max Deal
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Max Driver Updater
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MaxComputerCleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Media Player Z
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Media Saver
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MediaPlayAir
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Microsoft Data
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MiniLite
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MiPony
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MixVideoPlayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MobilePCStarterKit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Mobogenie3
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Momentum
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MoshouInput
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MovieDea
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MPC Cleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MPC-HC
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\mpck_en_005030263
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Muftion
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MusicVK
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Musix Search
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MusixLib
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MyPC Backup
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\mystarttb
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\netfilter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\newext
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Nimeckreelule
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\NosClient
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Note-up
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Object Browser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Obnovi Soft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\On Stage
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\OneSystemCare
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\onlysearch
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ospd_us_014010336
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\osTip
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PathMaxx
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PC Speed Up
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PC-Mechanic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PCfix
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PCPitstop
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PennyBee
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Pine Tree
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Poper Blocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Popi TV
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PragmaEdit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Preghpluaph
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PreiceLeSs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PremierOpinion
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PricceeLess
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PricceLess
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PricELeeSas
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLEoss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLEss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PrIceLesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PrIceLiEsus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLLeess
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLoesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriiceLesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriicueLEss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Primary Color
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ProcessFoobar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PRoiceLesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Proxy SwitchyOmega
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Pwtyfemuk
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\qksee
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\QQBrowser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Quick Weather Updates
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\RapidMediaConverter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ReactorKeeper
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ReactorSubs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\RelayDouble
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\RelevantKnowledge
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Rozenaock
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sale Charger
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sale Clipper
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SavePass 1.1
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Score Escape
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Search Extensions
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SearchProtect
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SearchSnacks
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SensePlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Senses
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SFK
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shamotawoph
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sharp Angle
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shop and Save Up
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shop Master
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shop til Drop
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ShopperPro
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sm23mS
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Smileys We Love Toolbar for IE
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\snipsmart
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sonix
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sorawardanagck
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\spart
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SpeedSearchesbnd
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Staflecluwuent
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Stealthy
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Steel Cut
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\StrengthPlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Summer Sports
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\sun king
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\sunnyday
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SunnyDay21
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SunnyDay3
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SunnyDayApps
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Super Optimizer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SuperBrowser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SupTab
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\surf slide
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Swift Record
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\SystClean
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\System Optimizer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SystemDefend
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TampaEdit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Techgil
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Thacationqkk
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ThinkProtect
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ThinkupWP
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Thquse
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TNT2
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\tooldev342
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Tor Browser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Torrent Search
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ttwifi
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TuneUp Utilities
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TurboWire
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Twilight Tech
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Uniblue
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Unlimited Free VPN  betternet
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\UPCleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Video Downloader professional
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Video Saver
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Video Saver 2
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VideoBox
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Visual Protect Service
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VK Downloader
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VK OK AdBlock
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VKSmile
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VuuPC
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WajaNetEn
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WeatherChickn
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Web Amplified
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WebBars
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WebProtector
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WebProtectorPlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wifisrv
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wincy
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WindeskWinsearch
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Winsere
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinSvces
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinTaske
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinTsks
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinZipper
2016-07-08 11:47 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\win_en_77
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wohegh
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wooden Seal
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\x-rates
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\XTab
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\XTRM Group
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Yeaplayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\YouTube Accelerator
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\youtubeadblocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\YTAHelper
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\YTDownloader
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\zaxar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Zepashchcacult
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\ZetaGames
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Zona
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Аудио и видео скачивание
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Baidu
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Duo-Ing
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Over-Ex
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\PlusStatsing
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Tintough
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\TopLinks
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\AdBlockerator
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Advancedpccare.com
2016-05-22 13:28 - 2016-05-22 13:28 - 6858752 _____ () C:\Users\Theresa\AppData\Roaming\agent.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\AppHelper
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Appverifier
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ArchiveLeader
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ASPackage
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\bafhhmlkbcigapgkfdgfikhkkaihpjjn
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\BetterViewer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Booking_helper
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Calculator
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CenterPicture
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CentralPicture
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\checkers
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CloudPrinter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ConditionalRedirect
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\costmin
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CoupSeek
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\cpuminer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\csdimedia
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\daemon.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\DailyWiki
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\DigitalSites
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\do-search
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Doubleing
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\DriverPack Notifier
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\drpsu
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\EasyFileOpener
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\eCyber
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\EmailNotifier
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\et
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\fastboot.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FastLinkChrome
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FastVKOpen
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FlvPlayer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FreeVPN
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Gameo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\GbUpdSrv
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Genieo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\GetGo Software
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\GoldenGate
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\HomePage.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Homepager
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ImageCenter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ImageCropResize
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\InstallChecker
2016-05-22 13:26 - 2016-05-22 13:26 - 0127488 _____ () C:\Users\Theresa\AppData\Roaming\Installer.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\instatime
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\IObit
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\IQIYI Video
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\istartpageing
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\istartsurf
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Lamzap
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\LoadLeader
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\luckysearches
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Mactowebise
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\MailUpdate
2016-05-22 13:28 - 2016-05-22 13:28 - 0018432 _____ () C:\Users\Theresa\AppData\Roaming\Main.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Micron
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\MoshouInput
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\mspop.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\MyDesktop
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\mysites123
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Neiron
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ntsvc
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\NUIns
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\omniboxes
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\OpenCandy
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\OpenKP
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\OpLinks
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\oursurfing
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PCFix
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PennyBee
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\pptassist
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PriceFountain
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PriceFountainUpdateVer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PushControl
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\qksee
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Schedule
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ScreenChromeShot
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\SetMyHomePage
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ShopperPro
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\SimplyTech
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\SmartSearch
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\sparta111
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\svrupg.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\svshost
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TextEditor
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TheismsLimb
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TimeTasks
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TomorrowGames
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Torrent_Search_PED
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TSearch
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TSv
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Uncheckit
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Update
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\UPUpdata
2015-11-27 16:12 - 2015-11-27 16:13 - 0026311 _____ () C:\Users\Theresa\AppData\Roaming\UserTile.png
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VK OK AdBlock
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VKDJ
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VKMusic
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\vkPro
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VooUpdate
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VOPackage
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WADHostAgent
2016-03-11 13:01 - 2016-03-11 13:01 - 0000046 _____ () C:\Users\Theresa\AppData\Roaming\WB.CFG
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WeatherChickn
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\webssearches
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WinDiagnosis
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Windows Update
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WindowsMangerProtect
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WindowsProtectManger
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WindowsUpdater
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WinZiper
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WiseManager
2016-09-21 20:52 - 2016-11-14 22:01 - 0000848 _____ () C:\Users\Theresa\AppData\Roaming\wklnhst.dat
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\x11
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\yoursearching
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\YSearcher
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\YTAHelper
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Zona
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ZU_WarThunder
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Microsoft\Video
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Microsoft\Vision
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\AdsBlokator
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\allskidkimos
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Apps
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ArchaizeDrupe
2015-11-23 22:43 - 2015-11-23 22:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\AtStart.txt
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\AuthoritiesThreefold
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\avabvyxvdy
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\AVKModules
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\BiggishBlanch
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Birds
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Birds365
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Blacount
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\CalibrationWorthless
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ComDev
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\CongasNecessariness
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ContradictivePrudes
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ConvertAd
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\crossbrowse
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\CrutchBubbled
2016-09-02 10:07 - 2016-09-02 10:07 - 0000552 _____ () C:\Users\Theresa\AppData\Local\d3d8caps.dat
2016-07-28 11:48 - 2016-11-23 15:52 - 0000680 _____ () C:\Users\Theresa\AppData\Local\d3d9caps.dat
2016-09-02 10:08 - 2016-09-02 10:17 - 0000732 _____ () C:\Users\Theresa\AppData\Local\d3d9caps64.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DailyWiki
2016-03-06 08:38 - 2016-08-19 13:38 - 0006144 _____ () C:\Users\Theresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DemotionDactylus
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DesktopMessenger
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DigitalisFossilize
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DistributeeAngers
2015-11-23 22:43 - 2015-11-23 22:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\DSwitch.txt
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DwellsSeismometric
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\extension
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\extensions
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\filesystemdriver
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\FlaggingsPlatesful
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\fupdate
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\FusionPlayer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Gameo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GamesBot
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GetGo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GMon Updater
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GobbledegookReconfigure
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GoodGame Empire
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\HasheeshesDiadic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Host Service
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\hostinstaller
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\hotskidki
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\HourNews
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\HttpFilter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\igs
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ImaginersGlares
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\InstallManager
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\InstaTime
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\InterplayIntelligent
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\IntroversionForerunners
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\IObit
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\IObit installer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ipro
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ipro2
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\itorrent
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\JamboreesAwol
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\JoysUncleaned
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\kometa
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\LobotomizeOverrank
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\macasoft
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\MasterpiecesSlitting
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Media Get LLC
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\mediaget
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\mediaget2
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\MEGAsync
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\MinimsPunkin
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\nethost
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\OmeletsBefool
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PegboardUpwelling
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PhoenixBrowserUpdater
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PowerMonitor
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PPTAssist
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PreachierOffhanded
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\prestrm
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PriceFountain
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PriceMeter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ProfitSaver
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\promoskiki
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PushControl
2015-11-23 22:43 - 2015-11-23 22:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\QSwitch.txt
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Ruspromocode
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SaveYouTime
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\screentk
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ScriptWriter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SearchGo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SHAREit
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SmartWeb
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Sparta
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SunnyDay21
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SunnyDay3
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SuperBrowser
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\svshost
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SysassistByHotWheel
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SysHlp
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\syslog
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\sysnet
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SystemDir
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SystemMonitor2016
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\TangentiallyMowers
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\tuto_monetize_120160517
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\UmmyVideoDownloader
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Up Top
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\UpdateAdmin
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\valuablecoupons
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\vsemposkidki
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\WebExtend
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\WikiUpdate.exe
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\wincheck
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Win_update
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\win_updatez
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\YaNews
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ZetaGamesNews
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ZetaGamesViewer
2016-01-16 13:13 - 2016-01-16 13:13 - 0000000 _____ () C:\Users\Theresa\AppData\Local\{667476DB-10DA-487D-AC0F-181553BD1790}
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Аудио и видео скачивание
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Cloudprinter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\dchp
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Doubleing
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\emailnotifier
2008-07-01 02:50 - 2008-07-01 02:51 - 0000372 _____ () C:\ProgramData\hpzinstall.log
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\ProgramData\IObit
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\ProgramData\KRB Updater Utility
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\RenewalService
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Ronzap
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Smilebar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Statdex
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\SwinpS
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Torrent_Search_PED
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\ProgramData\UBar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\viaair
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\VideoFetcher
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\VkontakteDJ
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\VKSaver
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\xifs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\xwinpx
 
Some files in TEMP:
====================
C:\Users\Theresa\AppData\Local\Temp\jre-8u111-windows-au.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\CRMSvc.exe
C:\Windows\SysWOW64\lnsecsl.exe
C:\Windows\SysWOW64\SearchProtectService.exe
C:\Windows\System32\lnsecsl.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-28 08:21
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:09 AM

Posted 28 November 2016 - 07:21 PM

hi,

 

Usually only on this site once or twice per day so you may not get a reply back from me until the following day. We will get two tools for you to run. And we will go from there based on the results:

 

1) Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2) Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message


How Can I Reduce My Risk to Malware?


#3 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:02:09 AM

Posted 28 November 2016 - 07:54 PM

the adaware program wont run on my vista machine. it says the program has stopped working, right after i click scan



#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:09 AM

Posted 29 November 2016 - 05:47 PM

ok, lets do this first:

 

Copy/paste whats below in the box into notepad.

Save it as Fixlist.txt in the same location you have FRST (on your desktop).

Start first like before except this time click on the fix button once.

Machine will reboot to finish the process.

Upon reboot it will display a new log called Fixlog.txt which you can copy/paste in your reply.

 

If you havent yet after the above run JRT.exe and you can try adwcleaner again also.

GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-779955071-2386261043-3181224681-1000 -> {E7733ED3-CC1D-4620-8A52-C30D779F3132} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
CHR StartupUrls: Profile 1 -> "hxxp://www.trovi.com/?gd=&ctid=CT3334306&octid=EB_ORIGINAL_CTID&ISID=M40F810F6-A17F-43B7-A8A8-24D9ECB1B0DC&SearchSource=55&CUI=&UM=8&UP=SPD0A244F5-B5C1-4092-AB00-C1D78840D6E6&D=081615&SSPV=","hxxps://www.google.com/","hxxp://us.4yendex.com/?utm_source=sdks&utm_medium=us01&utm_campaign=90ff0a8c3fb1550a8c097de737ef31d1"
C:\Users\Theresa\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Windows\CRMSvc.exe
C:\Windows\SysWOW64\lnsecsl.exe
C:\Windows\SysWOW64\SearchProtectService.exe
C:\Windows\System32\lnsecsl.exe
Task: {1B7E9B78-410E-448E-A952-D778B8B3A642} - System32\Tasks\MicroCleaner => C:\Users\Theresa\AppData\Local\MicroCleaner\mrz2.exe [2016-07-08] (name)
Task: {28E85501-D02E-43A7-A787-6F81A247AD0F} - System32\Tasks\Advanced System Check => C:\Users\Theresa\AppData\Local\MicroCleaner\mrz2.exe [2016-07-08] (name)
Task: {8A936A39-B018-4D41-9550-514461157F4E} - System32\Tasks\Command Manifest Manager => C:\Users\Theresa\AppData\Local\FilterStart\FilterStart.exe [2016-07-08] ()
C:\Users\Theresa\AppData\Local\MicroCleaner\mrz2.exe
C:\Users\Theresa\AppData\Local\FilterStart\FilterStart.exe
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\bittorrent
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files\ByteFence
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\Caster
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\contentprotector
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\Free FLV Player
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\newext
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files\UBar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files\winzipper
2016-07-08 11:47 - 2016-07-08 11:47 - 0000000 __RSH () C:\Program Files (x86)\05e375e4-e4f4-41de-9089-35f873dad625
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\1 Media Player
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\360
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\48 dresses
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Ad Muncher
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Adblock for Youtube
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AdBlocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Adguard
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ADSKIP
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\advPlugin
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Aktiv Download Manager
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Anisatain
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AnvSoft Web FLV Player Free
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Any Angle
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AnyProtectEx
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AnySend
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Application Assistance
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Atapacult
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\AudioVideoKit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ba3du
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\badu
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BaiduEx
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\baidus.exe
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Baisvik
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BB10  PlayBook App Manager
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BBerry
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\BonusBerry
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Booking.com
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Box Green
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\browse pulse
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Cegush
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Checked List
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Chedot
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ChicaLogic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Cideyguvay
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Clcegh
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\clean2pc
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\CleanBrowser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Clip2net
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\cmcm
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Dots
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\comoboss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\compfix
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ContentProtector
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Cool getWeather
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Coupon Time
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\CouponsPlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\COVERT Pro
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Crazy Score
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Crossbrowse
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Csrss Updater
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Defsoft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Dig Deep
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Digital More
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\dlsecuretb
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DNS Unlocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DolkaRuIePlugin
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Dolphin Deals
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DoubleOptMedia
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\DriverPack Notifier
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\EasyHotspot
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Edu App
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\EngineRunner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\EoxstraCouppon
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ExsutraCouepoNN
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ExtensionSimple Blocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\FastoPlayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\FB Color Changer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Fedaryqeule
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\filter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Free VPN
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Fresh Outlook
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Funshion Online
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\FusionPlayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Games-desktop
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GamesRS
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GameXPServic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GameXPService
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Ge-Force
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\GetGo Software
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Ghostery Storage Server
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Glass Bottle
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\globalUpdate
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Hack this page
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Hamster Soft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HDef
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HDefsoft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HelloSign for Gmail
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\High Stairs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HomePageDefender
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HomeTab
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Hostify
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HP Defender
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\HpDef
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\iCloud Bookmarks
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\IconRunner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\igs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\IncludeFunc
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\IObit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\IQIYI Video
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\iWebar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Jejochclipasp
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Jungle Net
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\kbasesrv
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\kingsoft
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\Kinoroom Browser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Lavasoft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LibraryGeneration
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LightEngine
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LighterSystem
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LiveReader
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LiveUpdateWPP
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\LiveWPPUpdate
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Local Weather Beta
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Lorckphsary
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\maintenance software
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Max Computer Cleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Max Deal
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Max Driver Updater
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MaxComputerCleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Media Player Z
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Media Saver
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MediaPlayAir
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Microsoft Data
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MiniLite
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MiPony
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MixVideoPlayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MobilePCStarterKit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Mobogenie3
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Momentum
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MoshouInput
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MovieDea
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MPC Cleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MPC-HC
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\mpck_en_005030263
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Muftion
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MusicVK
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Musix Search
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MusixLib
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\MyPC Backup
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\mystarttb
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\netfilter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\newext
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Nimeckreelule
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\NosClient
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Note-up
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Object Browser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Obnovi Soft
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\On Stage
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\OneSystemCare
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\onlysearch
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ospd_us_014010336
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\osTip
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PathMaxx
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PC Speed Up
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PC-Mechanic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PCfix
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PCPitstop
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PennyBee
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Pine Tree
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Poper Blocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Popi TV
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PragmaEdit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Preghpluaph
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PreiceLeSs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PremierOpinion
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PricceeLess
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PricceLess
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PricELeeSas
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLEoss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLEss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PrIceLesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PrIceLiEsus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLLeess
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriceLoesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriiceLesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PriicueLEss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Primary Color
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ProcessFoobar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\PRoiceLesss
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Proxy SwitchyOmega
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Pwtyfemuk
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\qksee
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\QQBrowser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Quick Weather Updates
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\RapidMediaConverter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ReactorKeeper
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ReactorSubs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\RelayDouble
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\RelevantKnowledge
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Rozenaock
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sale Charger
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sale Clipper
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SavePass 1.1
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Score Escape
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Search Extensions
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SearchProtect
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SearchSnacks
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SensePlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Senses
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SFK
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shamotawoph
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sharp Angle
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shop and Save Up
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shop Master
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Shop til Drop
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ShopperPro
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sm23mS
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Smileys We Love Toolbar for IE
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\snipsmart
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sonix
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Sorawardanagck
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\spart
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SpeedSearchesbnd
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Staflecluwuent
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Stealthy
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Steel Cut
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\StrengthPlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Summer Sports
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\sun king
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\sunnyday
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SunnyDay21
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SunnyDay3
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SunnyDayApps
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Super Optimizer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SuperBrowser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SupTab
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\surf slide
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Swift Record
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\SystClean
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\System Optimizer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\SystemDefend
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TampaEdit
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Techgil
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Thacationqkk
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ThinkProtect
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ThinkupWP
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Thquse
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TNT2
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\tooldev342
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Tor Browser
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Torrent Search
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\ttwifi
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TuneUp Utilities
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\TurboWire
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Twilight Tech
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Uniblue
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Unlimited Free VPN  betternet
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\UPCleaner
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Video Downloader professional
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Video Saver
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Video Saver 2
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VideoBox
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Visual Protect Service
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VK Downloader
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VK OK AdBlock
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VKSmile
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\VuuPC
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WajaNetEn
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WeatherChickn
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Web Amplified
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WebBars
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WebProtector
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WebProtectorPlus
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wifisrv
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wincy
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WindeskWinsearch
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Winsere
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinSvces
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinTaske
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinTsks
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\WinZipper
2016-07-08 11:47 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\win_en_77
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wohegh
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Wooden Seal
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\x-rates
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\XTab
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\XTRM Group
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Yeaplayer
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\YouTube Accelerator
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\youtubeadblocker
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\YTAHelper
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\YTDownloader
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\zaxar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Zepashchcacult
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Program Files (x86)\ZetaGames
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Zona
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Аудио и видео скачивание
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Baidu
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Duo-Ing
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Over-Ex
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\PlusStatsing
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Tintough
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Program Files (x86)\Common Files\TopLinks
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\AdBlockerator
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Advancedpccare.com
2016-05-22 13:28 - 2016-05-22 13:28 - 6858752 _____ () C:\Users\Theresa\AppData\Roaming\agent.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\AppHelper
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Appverifier
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ArchiveLeader
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ASPackage
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\bafhhmlkbcigapgkfdgfikhkkaihpjjn
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\BetterViewer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Booking_helper
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Calculator
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CenterPicture
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CentralPicture
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\checkers
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CloudPrinter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ConditionalRedirect
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\costmin
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\CoupSeek
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\cpuminer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\csdimedia
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\daemon.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\DailyWiki
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\DigitalSites
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\do-search
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Doubleing
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\DriverPack Notifier
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\drpsu
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\EasyFileOpener
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\eCyber
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\EmailNotifier
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\et
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\fastboot.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FastLinkChrome
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FastVKOpen
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FlvPlayer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\FreeVPN
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Gameo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\GbUpdSrv
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Genieo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\GetGo Software
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\GoldenGate
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\HomePage.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Homepager
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ImageCenter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ImageCropResize
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\InstallChecker
2016-05-22 13:26 - 2016-05-22 13:26 - 0127488 _____ () C:\Users\Theresa\AppData\Roaming\Installer.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\instatime
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\IObit
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\IQIYI Video
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\istartpageing
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\istartsurf
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Lamzap
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\LoadLeader
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\luckysearches
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Mactowebise
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\MailUpdate
2016-05-22 13:28 - 2016-05-22 13:28 - 0018432 _____ () C:\Users\Theresa\AppData\Roaming\Main.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Micron
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\MoshouInput
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\mspop.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\MyDesktop
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\mysites123
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Neiron
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ntsvc
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\NUIns
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\omniboxes
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\OpenCandy
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\OpenKP
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\OpLinks
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\oursurfing
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PCFix
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PennyBee
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\pptassist
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PriceFountain
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PriceFountainUpdateVer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\PushControl
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\qksee
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Schedule
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ScreenChromeShot
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\SetMyHomePage
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ShopperPro
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\SimplyTech
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\SmartSearch
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\sparta111
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\svrupg.exe
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\svshost
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TextEditor
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TheismsLimb
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TimeTasks
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TomorrowGames
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Torrent_Search_PED
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TSearch
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\TSv
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Uncheckit
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Update
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\UPUpdata
2015-11-27 16:12 - 2015-11-27 16:13 - 0026311 _____ () C:\Users\Theresa\AppData\Roaming\UserTile.png
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VK OK AdBlock
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VKDJ
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VKMusic
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\vkPro
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VooUpdate
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\VOPackage
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WADHostAgent
2016-03-11 13:01 - 2016-03-11 13:01 - 0000046 _____ () C:\Users\Theresa\AppData\Roaming\WB.CFG
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WeatherChickn
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\webssearches
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WinDiagnosis
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Windows Update
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WindowsMangerProtect
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WindowsProtectManger
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WindowsUpdater
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WinZiper
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\WiseManager
2016-09-21 20:52 - 2016-11-14 22:01 - 0000848 _____ () C:\Users\Theresa\AppData\Roaming\wklnhst.dat
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\x11
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\yoursearching
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\YSearcher
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\YTAHelper
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Zona
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\ZU_WarThunder
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Microsoft\Video
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Roaming\Microsoft\Vision
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\AdsBlokator
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\allskidkimos
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Apps
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ArchaizeDrupe
2015-11-23 22:43 - 2015-11-23 22:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\AtStart.txt
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\AuthoritiesThreefold
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\avabvyxvdy
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\AVKModules
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\BiggishBlanch
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Birds
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Birds365
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Blacount
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\CalibrationWorthless
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ComDev
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\CongasNecessariness
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ContradictivePrudes
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ConvertAd
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\crossbrowse
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\CrutchBubbled
2016-09-02 10:07 - 2016-09-02 10:07 - 0000552 _____ () C:\Users\Theresa\AppData\Local\d3d8caps.dat
2016-07-28 11:48 - 2016-11-23 15:52 - 0000680 _____ () C:\Users\Theresa\AppData\Local\d3d9caps.dat
2016-09-02 10:08 - 2016-09-02 10:17 - 0000732 _____ () C:\Users\Theresa\AppData\Local\d3d9caps64.dat
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DailyWiki
2016-03-06 08:38 - 2016-08-19 13:38 - 0006144 _____ () C:\Users\Theresa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DemotionDactylus
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DesktopMessenger
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DigitalisFossilize
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DistributeeAngers
2015-11-23 22:43 - 2015-11-23 22:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\DSwitch.txt
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\DwellsSeismometric
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\extension
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\extensions
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\filesystemdriver
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\FlaggingsPlatesful
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\fupdate
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\FusionPlayer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Gameo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GamesBot
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GetGo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GMon Updater
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GobbledegookReconfigure
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\GoodGame Empire
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\HasheeshesDiadic
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Host Service
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\hostinstaller
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\hotskidki
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\HourNews
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\HttpFilter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\igs
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ImaginersGlares
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\InstallManager
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\InstaTime
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\InterplayIntelligent
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\IntroversionForerunners
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\IObit
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\IObit installer
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ipro
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ipro2
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\itorrent
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\JamboreesAwol
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\JoysUncleaned
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\kometa
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\LobotomizeOverrank
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\macasoft
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\MasterpiecesSlitting
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Media Get LLC
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\mediaget
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\mediaget2
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\MEGAsync
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\MinimsPunkin
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\nethost
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\OmeletsBefool
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PegboardUpwelling
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PhoenixBrowserUpdater
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PowerMonitor
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PPTAssist
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PreachierOffhanded
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\prestrm
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PriceFountain
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PriceMeter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ProfitSaver
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\promoskiki
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\PushControl
2015-11-23 22:43 - 2015-11-23 22:43 - 0000000 _____ () C:\Users\Theresa\AppData\Local\QSwitch.txt
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Ruspromocode
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SaveYouTime
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\screentk
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ScriptWriter
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SearchGo
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SHAREit
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SmartWeb
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Sparta
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SunnyDay21
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SunnyDay3
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SuperBrowser
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\svshost
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SysassistByHotWheel
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SysHlp
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\syslog
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\sysnet
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SystemDir
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\SystemMonitor2016
2016-07-08 11:45 - 2016-07-08 11:45 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\TangentiallyMowers
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\tuto_monetize_120160517
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\UmmyVideoDownloader
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Up Top
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\UpdateAdmin
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\valuablecoupons
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\vsemposkidki
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\WebExtend
2016-07-15 17:50 - 2016-07-15 17:50 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\WikiUpdate.exe
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\wincheck
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Win_update
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\win_updatez
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\YaNews
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ZetaGamesNews
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\ZetaGamesViewer
2016-01-16 13:13 - 2016-01-16 13:13 - 0000000 _____ () C:\Users\Theresa\AppData\Local\{667476DB-10DA-487D-AC0F-181553BD1790}
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\Users\Theresa\AppData\Local\Аудио и видео скачивание
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Cloudprinter
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\dchp
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Doubleing
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\emailnotifier
2008-07-01 02:50 - 2008-07-01 02:51 - 0000372 _____ () C:\ProgramData\hpzinstall.log
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\ProgramData\IObit
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\ProgramData\KRB Updater Utility
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\RenewalService
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Ronzap
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Smilebar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Statdex
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\SwinpS
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\Torrent_Search_PED
2016-07-08 11:44 - 2016-07-08 11:44 - 0000000 __RSH () C:\ProgramData\UBar
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\viaair
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\VideoFetcher
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\VkontakteDJ
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\VKSaver
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\xifs
2016-07-08 11:46 - 2016-07-08 11:46 - 0000000 __RSH () C:\ProgramData\xwinpx
Empty Temp:

How Can I Reduce My Risk to Malware?


#5 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:02:09 AM

Posted 29 November 2016 - 08:50 PM

still cant get adware program to work.

 

attached is the fixlist log and jrt thank you for helping what is my next step? should i run mbam?

 

I just hope I did everything correctly.

Attached Files



#6 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:09 AM

Posted 30 November 2016 - 08:08 PM

ok good. check mbam for updates and run that. You can try this also: boot machine into safe mode to try running adwcleaner. To do that;

 

During a computer restart tap the f8 key (before the Windows logo appears) to bring up a options menu

if machine boots up normally, restart and tap the f8 key again.

 

At the options menu chose: Safe Mode and click enter

Log on as you usually would

Once at the safe mode desk top go ahead and try running adwcleaner again and run mbam also in safe mode.

When done just restart and let machine start up like it usually does

 


How Can I Reduce My Risk to Malware?


#7 resa83

resa83
  • Topic Starter

  • Members
  • 163 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:louisiana
  • Local time:02:09 AM

Posted 03 December 2016 - 04:58 PM

in safe mode the adware program wont run bc it said it was broken or something i cant remember sorry and i ran mbam in normal mode it removed 3 items then in safemode it removed several more



#8 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:09 AM

Posted 03 December 2016 - 07:42 PM

Ok, How are things looking on your end? any better?


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users