Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Charlotte on do 23-06-2016 at 19:01:28,81. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Charlotte\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-06-23-091351.log 101422 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\Charlotte\AppData\Local\ActiveSync deleted successfully C:\Users\Charlotte\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\WINDOWS\SysWOW64\ezSharedSvcHost.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Charlotte\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe C:\Users\Charlotte\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe R2 - [ezSharedSvc] - Easybits Services for Windows - c:\windows\system32\ezsharedsvchost.exe [x] R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - c:\program files (x86)\common files\lightscribe\lssrvc.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe R2 - [McAPExe] - McAfee AP Service - c:\program files\mcafee\msc\mcapexe.exe R2 - [mccspsvc] - McAfee CSP Service - c:\program files\common files\mcafee\csp\1.6.1180.0\mccspservicehost.exe R2 - [mfemms] - McAfee Service Controller - c:\program files\common files\mcafee\systemcore\\mfemms.exe R2 - [mfevtp] - McAfee Validation Trust Protection Service - c:\windows\system32\mfevtps.exe R2 - [MSMQ] - Message Queuing - c:\windows\system32\mqsvc.exe R2 - [UNS] - Intel(R) Management & Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [mfefire] - McAfee Firewall Core Service - c:\program files\common files\mcafee\systemcore\\mfefire.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Microsoft(R) Diagnostics Hub Standard Collector-service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe S3 - [McODS] - McAfee Scanner - c:\program files\mcafee\virusscan\mcods.exe S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpaceSoundPro"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Caster"=- ==== Deleting Files \ Folders ====================== C:\Program Files\SpaceSoundPro not found C:\Program Files\Caster not found C:\Program Files (x86)\MPC Cleaner not found C:\Program Files (x86)\Awaphhogecult not found "C:\WINDOWS\SYSWOW64\vns9232.tmp" not found "C:\windows\SysNative\DRIVERS\MPCKpt.sys" not found ==== Folders Found In C:\Users\Charlotte\AppData\Roaming\Profiles ====================== 2016-06-22 12:48:29 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default 2016-06-22 12:48:29 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\crashes --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\crashes 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\crashes\events --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\crashes\events 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\archived --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\archived 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\archived\2016-03 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\archived\2016-03 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\archived\2016-05 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\archived\2016-05 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\EXTENS~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\extensions 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-EM~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-eme-adobe 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-EM~1\15 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-eme-adobe\15 2016-06-22 12:48:30 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\gmp --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-GM~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-gmpopenh264 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-GM~1\1.1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-gmpopenh264\1.1 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-GM~1\15845A~1.3 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-gmpopenh264\1.5.3 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\HEALTH~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\healthreport 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\MINIDU~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\minidumps 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SAVED-~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\saved-telemetry-pings 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SEARCH~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\searchplugins 2016-06-22 12:48:31 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore-backups 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\default --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\default 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\chrome --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\chrome 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\chrome\idb --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\chrome\idb 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\chrome\idb\258864~1.FI~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\chrome\idb\2588645841ssegtnti.files 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\chrome\idb\291806~1.FI~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\chrome\idb\2918063365piupsah.files 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\MOZ-SA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\moz-safe-about+home 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\MOZ-SA~1\idb --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\moz-safe-about+home\idb 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\MOZ-SA~1\idb\818200~1.FI~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files 2016-06-22 12:48:32 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\webapps --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\webapps 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\crashes --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\crashes 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\crashes\events --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\crashes\events 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\archived --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\archived 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\archived\2016-03 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\archived\2016-03 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\archived\2016-05 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\archived\2016-05 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\EXTENS~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\extensions 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-EM~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-eme-adobe 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-EM~1\15 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-eme-adobe\15 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-GM~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-gmpopenh264 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-GM~1\1.1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-gmpopenh264\1.1 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-GM~1\15845A~1.3 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-gmpopenh264\1.5.3 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\gmp --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\HEALTH~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\healthreport 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\MINIDU~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\minidumps 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SAVED-~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\saved-telemetry-pings 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SEARCH~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\searchplugins 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore-backups 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\default --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\default 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\chrome --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\chrome 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\chrome\idb --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\chrome\idb 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\chrome\idb\258864~1.FI~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\chrome\idb\2588645841ssegtnti.files 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\chrome\idb\291806~1.FI~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\chrome\idb\2918063365piupsah.files 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\MOZ-SA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\moz-safe-about+home 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\MOZ-SA~1\idb --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\moz-safe-about+home\idb 2016-06-22 12:48:38 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\MOZ-SA~1\idb\818200~1.FI~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files 2016-06-22 12:48:39 d-----w- C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\webapps --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\webapps ==== Files Found In C:\Users\Charlotte\AppData\Roaming\Profiles ====================== 2013-12-02 20:31:38 29 ----a-w- A2EBF4BFC77B81492C03D7F299D66421 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\TIMES~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\times.json 2013-12-02 20:31:38 29 ----a-w- A2EBF4BFC77B81492C03D7F299D66421 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\TIMES~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\times.json 2013-12-02 20:31:53 16384 ----a-w- 347FE4748A8F3909449633DD9C2B1DDF C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\secmod.db --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\secmod.db 2013-12-02 20:31:53 16384 ----a-w- 347FE4748A8F3909449633DD9C2B1DDF C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\secmod.db --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\secmod.db 2013-12-02 20:31:54 3818 ----a-w- 8737691E5DB5C1F3032176D154C5487E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\MIMETY~1.RDF --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\mimeTypes.rdf 2013-12-02 20:31:54 3818 ----a-w- 8737691E5DB5C1F3032176D154C5487E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\MIMETY~1.RDF --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\mimeTypes.rdf 2013-12-02 20:31:55 327680 ----a-w- FB2E4450C17252CD82899C34EE98E839 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SIGNON~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\signons.sqlite 2013-12-02 20:31:55 327680 ----a-w- FB2E4450C17252CD82899C34EE98E839 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SIGNON~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\signons.sqlite 2013-12-27 12:44:00 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\MINIDU~1\2A169B~1.DMP --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\minidumps\2a169b4e-c5ec-4774-b26d-919364691b8c.dmp 2013-12-27 12:44:00 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\MINIDU~1\2A169B~1.DMP --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\minidumps\2a169b4e-c5ec-4774-b26d-919364691b8c.dmp 2014-01-07 12:30:47 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\MINIDU~1\83393C~1.DMP --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\minidumps\83393c78-80f2-46c9-ba49-ee18cda1f392.dmp 2014-01-07 12:30:47 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\MINIDU~1\83393C~1.DMP --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\minidumps\83393c78-80f2-46c9-ba49-ee18cda1f392.dmp 2014-02-16 12:15:15 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BOOKMA~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-02-16_5.json 2014-02-16 12:15:15 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BOOKMA~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-02-16_5.json 2014-02-18 16:52:30 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BOOKMA~2.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-02-18_5.json 2014-02-18 16:52:30 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BOOKMA~2.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-02-18_5.json 2014-02-18 17:47:13 458752 ----a-w- 33C865D817B8172560C9D27256347C19 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\EXTENS~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\extensions.sqlite 2014-02-18 17:47:13 458752 ----a-w- 33C865D817B8172560C9D27256347C19 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\EXTENS~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\extensions.sqlite 2014-03-11 09:58:21 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BOOKMA~3.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-03-11_5.json 2014-03-11 09:58:21 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BOOKMA~3.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-03-11_5.json 2014-03-13 18:00:05 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BOOKMA~4.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-03-13_5.json 2014-03-13 18:00:05 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BOOKMA~4.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-03-13_5.json 2014-03-17 16:25:06 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BO7A0E~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-03-17_5.json 2014-03-17 16:25:06 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BO7A0E~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-03-17_5.json 2014-04-04 14:01:38 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BO7EB1~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-04-04_5.json 2014-04-04 14:01:38 3048 ----a-w- 01D1E73BA3704F38853736BE9AD9B40D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BO7EB1~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-04-04_5.json 2014-04-04 14:26:55 57 ----a-w- 749BC5859B40FBDBA96CC61DCCA7829B C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\MARION~1.LOG --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\marionette.log 2014-04-04 14:26:55 57 ----a-w- 749BC5859B40FBDBA96CC61DCCA7829B C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\MARION~1.LOG --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\marionette.log 2014-04-24 15:32:20 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BOEBF6~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-04-24_8.json 2014-04-24 15:32:20 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BOEBF6~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-04-24_8.json 2014-05-07 12:25:35 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BOE58D~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-05-07_8.json 2014-05-07 12:25:35 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BOE58D~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-05-07_8.json 2014-05-18 08:11:32 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BO102C~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-05-18_8.json 2014-05-18 08:11:32 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BO102C~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-05-18_8.json 2014-05-19 12:29:29 154 ----a-w- 5BB5B11D6D383212CC29EE2258D550F1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\URLCLA~1.TXT --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\urlclassifierkey3.txt 2014-05-19 12:29:29 154 ----a-w- 5BB5B11D6D383212CC29EE2258D550F1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\URLCLA~1.TXT --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\urlclassifierkey3.txt 2014-05-19 12:29:38 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BO79AE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-05-19_8.json 2014-05-19 12:29:38 3599 ----a-w- BE350D08F9432775B887C8CC22BBEAD1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BO79AE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-05-19_8.json 2014-09-02 20:40:21 118 ----a-w- 2D9B98FCB18E9F8A15848010A2E016E1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-GM~1\1.1\GMPOPE~1.IN~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-gmpopenh264\1.1\gmpopenh264.info 2014-09-02 20:40:21 118 ----a-w- 2D9B98FCB18E9F8A15848010A2E016E1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-GM~1\1.1\GMPOPE~1.IN~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-gmpopenh264\1.1\gmpopenh264.info 2014-09-02 20:40:21 555520 ----a-w- 7CC4965741508BB6AC40E366F5190CF0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-GM~1\1.1\GMPOPE~1.DLL --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-gmpopenh264\1.1\gmpopenh264.dll 2014-09-02 20:40:21 555520 ----a-w- 7CC4965741508BB6AC40E366F5190CF0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-GM~1\1.1\GMPOPE~1.DLL --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-gmpopenh264\1.1\gmpopenh264.dll 2014-10-21 06:57:48 584 ----a-w- E0F7300B55391E0684C4E3C325079055 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1.BAK --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore.bak 2014-10-21 06:57:48 584 ----a-w- E0F7300B55391E0684C4E3C325079055 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1.BAK --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore.bak 2014-12-07 08:03:54 558 ----a-w- A86E599CC74F3D50618DC045FED72C3D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\HOTFIX~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\hotfix.v20140527.01.json 2014-12-07 08:03:54 558 ----a-w- A86E599CC74F3D50618DC045FED72C3D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\HOTFIX~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\hotfix.v20140527.01.json 2014-12-11 20:11:26 4926 ----a-w- D5C7B9CB18F9FCE5A9827A4253B4F26D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\LOCALS~1.RDF --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\localstore.rdf 2014-12-11 20:11:26 4926 ----a-w- D5C7B9CB18F9FCE5A9827A4253B4F26D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\LOCALS~1.RDF --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\localstore.rdf 2014-12-28 09:42:11 51 ----a-w- 88BE4BDB026EAF72E6E122771E7BF218 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\STATE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\state.json 2014-12-28 09:42:11 51 ----a-w- 88BE4BDB026EAF72E6E122771E7BF218 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\STATE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\state.json 2014-12-29 08:39:43 1457 ----a-w- 2BDFFA1C005FCE523A6C8093F40ECCF0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BO67FE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2014-12-29_14_x-TE6zw6+C9UE5PUOJLpfQ==.jsonlz4 2014-12-29 08:39:43 1457 ----a-w- 2BDFFA1C005FCE523A6C8093F40ECCF0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BO67FE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2014-12-29_14_x-TE6zw6+C9UE5PUOJLpfQ==.jsonlz4 2015-03-03 10:22:21 229376 ----a-w- 211519B516CC7E17D50C2DC28792C170 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\CONTEN~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\content-prefs.sqlite 2015-03-03 10:22:21 229376 ----a-w- 211519B516CC7E17D50C2DC28792C170 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\CONTEN~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\content-prefs.sqlite 2015-03-03 10:56:59 1450 ----a-w- 91A0EBF051ACA376C0C54D0D94A5DF4E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BOOKMA~1\BO5259~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\bookmarkbackups\bookmarks-2015-03-03_14_yoFL26BrTmjNZdAhWV23qg==.jsonlz4 2015-03-03 10:56:59 1450 ----a-w- 91A0EBF051ACA376C0C54D0D94A5DF4E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BOOKMA~1\BO5259~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\bookmarkbackups\bookmarks-2015-03-03_14_yoFL26BrTmjNZdAhWV23qg==.jsonlz4 2015-06-09 08:34:41 11121 ----a-w- 4D1A428A3025E69F1B89000A35550059 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\PREFSJ~1.BAK --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\prefs.js.BAK 2015-06-09 08:34:41 11121 ----a-w- 4D1A428A3025E69F1B89000A35550059 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\PREFSJ~1.BAK --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\prefs.js.BAK 2015-06-20 06:45:14 29 ----a-w- FAE69DC644AFFAAA1E453905E7F04F3E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\chrome\METADA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\chrome\.metadata 2015-06-20 06:45:14 29 ----a-w- FAE69DC644AFFAAA1E453905E7F04F3E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\chrome\METADA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\chrome\.metadata 2015-06-20 06:45:14 55 ----a-w- D55736AD1CA497FDD08A8B9726B43484 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\MOZ-SA~1\METADA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\moz-safe-about+home\.metadata 2015-06-20 06:45:14 55 ----a-w- D55736AD1CA497FDD08A8B9726B43484 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\MOZ-SA~1\METADA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\moz-safe-about+home\.metadata 2015-10-14 23:45:31 6937352 ----a-w- 3DD59DE846C4AB44039856F2B3BF0443 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-EM~1\15\EME-AD~1.DLL --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-eme-adobe\15\eme-adobe.dll 2015-10-14 23:45:31 6937352 ----a-w- 3DD59DE846C4AB44039856F2B3BF0443 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-EM~1\15\EME-AD~1.DLL --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-eme-adobe\15\eme-adobe.dll 2015-10-14 23:45:49 222034 ----a-w- 7A52A39A053775C7BA9F823552D74ACB C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-EM~1\15\EME-AD~1.VO~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-eme-adobe\15\eme-adobe.voucher 2015-10-14 23:45:49 222034 ----a-w- 7A52A39A053775C7BA9F823552D74ACB C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-EM~1\15\EME-AD~1.VO~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-eme-adobe\15\eme-adobe.voucher 2015-10-16 23:27:05 309 ----a-w- 4E1845B532F835576B393F91D040847B C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-EM~1\15\EME-AD~1.IN~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-eme-adobe\15\eme-adobe.info 2015-10-16 23:27:05 309 ----a-w- 4E1845B532F835576B393F91D040847B C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-EM~1\15\EME-AD~1.IN~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-eme-adobe\15\eme-adobe.info 2015-10-28 09:52:01 524288 ----a-w- 521053CF22ED4C49DB0A665202E940E7 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\chrome\idb\258864~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\chrome\idb\2588645841ssegtnti.sqlite 2015-10-28 09:52:01 524288 ----a-w- 521053CF22ED4C49DB0A665202E940E7 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\chrome\idb\258864~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\chrome\idb\2588645841ssegtnti.sqlite 2015-11-25 09:22:55 81 ----a-w- 78F68EBAFDAF219F441B34E19524D07F C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\LOGINS~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\logins.json 2015-11-25 09:22:55 81 ----a-w- 78F68EBAFDAF219F441B34E19524D07F C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\LOGINS~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\logins.json 2015-11-25 09:23:30 193 ----a-w- 8F13A8298BCBF2477E182549188EEFDD C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\HEALTH~1\STATE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\healthreport\state.json 2015-11-25 09:23:30 193 ----a-w- 8F13A8298BCBF2477E182549188EEFDD C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\HEALTH~1\STATE~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\healthreport\state.json 2015-11-25 09:31:29 196608 ----a-w- E4BF5DB2665FF01FD4885434A25A12BF C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\FORMHI~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\formhistory.sqlite 2015-11-25 09:31:29 196608 ----a-w- E4BF5DB2665FF01FD4885434A25A12BF C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\FORMHI~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\formhistory.sqlite 2015-11-25 09:58:01 2018 ----a-w- 6F986F905D2B3C4D9071435F71839F07 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SEARCH~1\MCSITE~1.XML --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\searchplugins\McSiteAdvisor.xml 2015-11-25 09:58:01 2018 ----a-w- 6F986F905D2B3C4D9071435F71839F07 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SEARCH~1\MCSITE~1.XML --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\searchplugins\McSiteAdvisor.xml 2015-11-25 09:58:01 3410 ----a-w- C00DC2DF410E15F24D6F050249EB2DD4 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1\UPGRAD~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore-backups\upgrade.js-20160210153822 2015-11-25 09:58:01 3410 ----a-w- C00DC2DF410E15F24D6F050249EB2DD4 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1\UPGRAD~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore-backups\upgrade.js-20160210153822 2015-12-18 16:59:23 120 ----a-w- 13E93C8B4E7B9EF439C0871C7429D214 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-GM~1\15845A~1.3\GMPOPE~1.IN~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-gmpopenh264\1.5.3\gmpopenh264.info 2015-12-18 16:59:23 120 ----a-w- 13E93C8B4E7B9EF439C0871C7429D214 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-GM~1\15845A~1.3\GMPOPE~1.IN~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-gmpopenh264\1.5.3\gmpopenh264.info 2015-12-18 17:49:18 720552 ----a-w- EA3D36516F6119E7480912BC6ABA432F C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\GMP-GM~1\15845A~1.3\GMPOPE~1.DLL --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\gmp-gmpopenh264\1.5.3\gmpopenh264.dll 2015-12-18 17:49:18 720552 ----a-w- EA3D36516F6119E7480912BC6ABA432F C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\GMP-GM~1\15845A~1.3\GMPOPE~1.DLL --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\gmp-gmpopenh264\1.5.3\gmpopenh264.dll 2016-03-10 12:43:46 131072 ----a-w- A8512F85DED2C214262844A645AE3F3E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\PERMIS~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\permissions.sqlite 2016-03-10 12:43:46 131072 ----a-w- A8512F85DED2C214262844A645AE3F3E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\PERMIS~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\permissions.sqlite 2016-03-10 12:43:54 49152 ----a-w- DA5D4292AB7367CDFC4D06119248123D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\chrome\idb\291806~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite 2016-03-10 12:43:54 49152 ----a-w- DA5D4292AB7367CDFC4D06119248123D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\chrome\idb\291806~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\chrome\idb\2918063365piupsah.sqlite 2016-03-10 12:44:34 5828 ----a-w- 8C276777E4605156F111CB0C055DE240 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\archived\2016-03\145761~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\archived\2016-03\1457613874696.b1141fc9-a035-47ec-859d-91efee13e6b0.main.jsonlz4 2016-03-10 12:44:34 5828 ----a-w- 8C276777E4605156F111CB0C055DE240 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\archived\2016-03\145761~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\archived\2016-03\1457613874696.b1141fc9-a035-47ec-859d-91efee13e6b0.main.jsonlz4 2016-03-12 13:24:13 5550 ----a-w- 963A1CDE35F6CC40E287BE7962753443 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\archived\2016-03\145778~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\archived\2016-03\1457789053012.5051144a-197f-4acf-8e9a-70eff46b8ddb.main.jsonlz4 2016-03-12 13:24:13 5550 ----a-w- 963A1CDE35F6CC40E287BE7962753443 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\archived\2016-03\145778~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\archived\2016-03\1457789053012.5051144a-197f-4acf-8e9a-70eff46b8ddb.main.jsonlz4 2016-03-26 13:41:07 701 ----a-w- C9C471423D9B820E8CE4FB23474A1F13 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1\UPGRAD~2.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore-backups\upgrade.js-20160407164938 2016-03-26 13:41:07 701 ----a-w- C9C471423D9B820E8CE4FB23474A1F13 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1\UPGRAD~2.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore-backups\upgrade.js-20160407164938 2016-05-01 19:14:09 66 ----a-w- A6338865EB252D0EF8FCF11FA9AF3F0D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\crashes\STOREJ~1.MO~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\crashes\store.json.mozlz4 2016-05-01 19:14:09 66 ----a-w- A6338865EB252D0EF8FCF11FA9AF3F0D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\crashes\STOREJ~1.MO~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\crashes\store.json.mozlz4 2016-05-01 19:14:18 135 ----a-w- 4A30E9F43F9D493DABAE748E2C3C4DFA C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\SESSIO~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\session-state.json 2016-05-01 19:14:18 135 ----a-w- 4A30E9F43F9D493DABAE748E2C3C4DFA C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\SESSIO~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\session-state.json 2016-05-01 19:14:18 6237 ----a-w- E071E6A50AFB528FDB594680E208CEE0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\archived\2016-05\146213~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\archived\2016-05\1462130057961.673177b1-2f9d-4361-a6e3-39651af4417b.main.jsonlz4 2016-05-01 19:14:18 6237 ----a-w- E071E6A50AFB528FDB594680E208CEE0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\archived\2016-05\146213~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\archived\2016-05\1462130057961.673177b1-2f9d-4361-a6e3-39651af4417b.main.jsonlz4 2016-05-01 19:18:03 1925 ----a-w- 6E83A03FB0BD029B9CA98FD7BC2DAD34 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1\previous.js --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore-backups\previous.js 2016-05-01 19:18:03 1925 ----a-w- 6E83A03FB0BD029B9CA98FD7BC2DAD34 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1\UPGRAD~3.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore-backups\upgrade.js-20160604131506 2016-05-01 19:18:03 1925 ----a-w- 6E83A03FB0BD029B9CA98FD7BC2DAD34 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1\previous.js --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore-backups\previous.js 2016-05-01 19:18:03 1925 ----a-w- 6E83A03FB0BD029B9CA98FD7BC2DAD34 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1\UPGRAD~3.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore-backups\upgrade.js-20160604131506 2016-05-01 19:18:04 10485760 ----a-w- CC2B7E5F35412165B14F3D8269FA4AA2 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\PLACES~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\places.sqlite 2016-05-01 19:18:04 10485760 ----a-w- CC2B7E5F35412165B14F3D8269FA4AA2 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\PLACES~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\places.sqlite 2016-05-01 19:18:04 1119 ----a-w- BFAAF65A285B8C107D17E36BFCE1364F C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\XULSTO~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\xulstore.json 2016-05-01 19:18:04 1119 ----a-w- BFAAF65A285B8C107D17E36BFCE1364F C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\XULSTO~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\xulstore.json 2016-05-01 19:18:04 1146880 ----a-w- C9889F6B5360B038CD0901B485EB7A4B C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\HEALTH~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\healthreport.sqlite 2016-05-01 19:18:04 1146880 ----a-w- C9889F6B5360B038CD0901B485EB7A4B C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\HEALTH~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\healthreport.sqlite 2016-05-01 19:18:04 131072 ----a-w- 74ED6D3BB708433F89E364DFBF22650C C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\WEBAPP~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\webappsstore.sqlite 2016-05-01 19:18:04 131072 ----a-w- 74ED6D3BB708433F89E364DFBF22650C C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\WEBAPP~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\webappsstore.sqlite 2016-05-01 19:18:04 13470 ----a-w- 2D7DE54BF158138FE695BB1808FAF974 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SAVED-~1\27DAAA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\saved-telemetry-pings\27daaa15-c478-4f35-a000-b57af0b37ac5 2016-05-01 19:18:04 13470 ----a-w- 2D7DE54BF158138FE695BB1808FAF974 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SAVED-~1\27DAAA~1 --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\saved-telemetry-pings\27daaa15-c478-4f35-a000-b57af0b37ac5 2016-05-01 19:18:04 16384 ----a-w- BA2EF5BE9CFDD24E43A7720921A78CD6 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\key3.db --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\key3.db 2016-05-01 19:18:04 16384 ----a-w- BA2EF5BE9CFDD24E43A7720921A78CD6 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\key3.db --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\key3.db 2016-05-01 19:18:04 196608 ----a-w- 1563D3B097413F8C2CB1730C52155480 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\cert8.db --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\cert8.db 2016-05-01 19:18:04 196608 ----a-w- 1563D3B097413F8C2CB1730C52155480 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\cert8.db --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\cert8.db 2016-05-01 19:18:04 524288 ----a-w- A9416695B1C85C8B780F8ED24C2A7BB1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\COOKIE~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\cookies.sqlite 2016-05-01 19:18:04 524288 ----a-w- A9416695B1C85C8B780F8ED24C2A7BB1 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\COOKIE~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\cookies.sqlite 2016-05-01 19:18:04 581 ----a-w- 78F9B8DBA2866A9ABB3CBC60F5096CDF C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SITESE~1.TXT --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\SiteSecurityServiceState.txt 2016-05-01 19:18:04 581 ----a-w- 78F9B8DBA2866A9ABB3CBC60F5096CDF C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SITESE~1.TXT --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\SiteSecurityServiceState.txt 2016-05-01 19:18:04 6133 ----a-w- CFBB7DEF386ED9B579996E6280365B3D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\DATARE~1\archived\2016-05\146213~2.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\datareporting\archived\2016-05\1462130284576.27daaa15-c478-4f35-a000-b57af0b37ac5.main.jsonlz4 2016-05-01 19:18:04 6133 ----a-w- CFBB7DEF386ED9B579996E6280365B3D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\DATARE~1\archived\2016-05\146213~2.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\datareporting\archived\2016-05\1462130284576.27daaa15-c478-4f35-a000-b57af0b37ac5.main.jsonlz4 2016-06-14 18:01:18 234535 ----a-w- 9506A118EA327A72D0AC71FDA52BE686 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\BLOCKL~1.XML --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\blocklist.xml 2016-06-14 18:01:18 234535 ----a-w- 9506A118EA327A72D0AC71FDA52BE686 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\BLOCKL~1.XML --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\blocklist.xml 2016-06-22 06:54:45 331007 ----a-w- DF6008E2073F0005C9AB6D1C9A510430 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\EXTENS~1\@A3592~1.XPI --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi 2016-06-22 06:54:45 331007 ----a-w- DF6008E2073F0005C9AB6D1C9A510430 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\EXTENS~1\@A3592~1.XPI --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi 2016-06-22 12:48:06 228 ----a-w- BA44F9678A7682BC187B0AB6C98CB9DB C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\COMPAT~1.INI --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\compatibility.ini 2016-06-22 12:48:06 228 ----a-w- BA44F9678A7682BC187B0AB6C98CB9DB C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\COMPAT~1.INI --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\compatibility.ini 2016-06-22 12:48:06 7488 ----a-w- 695030997419E84DAA4998B61F850F49 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\REVOCA~1.TXT --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\revocations.txt 2016-06-22 12:48:06 7488 ----a-w- 695030997419E84DAA4998B61F850F49 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\REVOCA~1.TXT --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\revocations.txt 2016-06-22 12:48:07 2 ----a-w- 99914B932BD37A50B983C5E7C90AE93B C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\webapps\WEBAPP~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\webapps\webapps.json 2016-06-22 12:48:07 2 ----a-w- 99914B932BD37A50B983C5E7C90AE93B C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\webapps\WEBAPP~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\webapps\webapps.json 2016-06-22 12:48:07 32768 ----a-w- 60B804169033726A1CB55BDDB35D8142 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\COOKIE~2.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\cookies.sqlite-shm 2016-06-22 12:48:07 32768 ----a-w- 60B804169033726A1CB55BDDB35D8142 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\COOKIE~2.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\cookies.sqlite-shm 2016-06-22 12:48:07 6570 ----a-w- B9C6F209D11D0C3F6C3C96A09E629283 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\EXTENS~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\extensions.json 2016-06-22 12:48:07 6570 ----a-w- B9C6F209D11D0C3F6C3C96A09E629283 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\EXTENS~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\extensions.json 2016-06-22 12:48:10 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\PLACES~3.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\places.sqlite-wal 2016-06-22 12:48:10 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\PLACES~3.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\places.sqlite-wal 2016-06-22 12:48:10 10211 ----a-w- 6F371FDEE6116D4AF41A9FEF3DC4A020 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\PLUGIN~1.DAT --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\pluginreg.dat 2016-06-22 12:48:10 10211 ----a-w- 6F371FDEE6116D4AF41A9FEF3DC4A020 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\PLUGIN~1.DAT --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\pluginreg.dat 2016-06-22 12:48:10 302 ----a-w- 5B6383C5BCBC71695522EECB4E031D3D C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\EXTENS~1.INI --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\extensions.ini 2016-06-22 12:48:10 302 ----a-w- 5B6383C5BCBC71695522EECB4E031D3D C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\EXTENS~1.INI --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\extensions.ini 2016-06-22 12:48:10 32768 ----a-w- B7C14EC6110FA820CA6B65F5AEC85911 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\PLACES~2.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\places.sqlite-shm 2016-06-22 12:48:10 32768 ----a-w- B7C14EC6110FA820CA6B65F5AEC85911 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\PLACES~2.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\places.sqlite-shm 2016-06-22 12:48:10 3337 ----a-w- CA5B3B751E568B6A1AC709DDED0BD4C2 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\ADDONS~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\addons.json 2016-06-22 12:48:10 3337 ----a-w- CA5B3B751E568B6A1AC709DDED0BD4C2 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\ADDONS~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\addons.json 2016-06-22 12:48:12 262368 ----a-w- A557E5A529BD50BDCB32CCF26919533A C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\WEBAPP~3.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\webappsstore.sqlite-wal 2016-06-22 12:48:12 262368 ----a-w- A557E5A529BD50BDCB32CCF26919533A C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\WEBAPP~3.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\webappsstore.sqlite-wal 2016-06-22 12:48:12 32768 ----a-w- BDE7A5A1F3978C74B9CB4115F1194180 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\WEBAPP~2.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\webappsstore.sqlite-shm 2016-06-22 12:48:12 32768 ----a-w- BDE7A5A1F3978C74B9CB4115F1194180 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\WEBAPP~2.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\webappsstore.sqlite-shm 2016-06-22 12:48:12 90 ----a-w- C4AB2EE59CA41B6D6A6EA911F35BDC00 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionCheckpoints.json 2016-06-22 12:48:12 90 ----a-w- C4AB2EE59CA41B6D6A6EA911F35BDC00 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionCheckpoints.json 2016-06-22 12:48:14 2534 ----a-w- DEF57D3000AEB7537B52F62C237F6EBB C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1\recovery.bak --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore-backups\recovery.bak 2016-06-22 12:48:14 2534 ----a-w- DEF57D3000AEB7537B52F62C237F6EBB C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1\recovery.bak --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore-backups\recovery.bak 2016-06-22 12:48:17 57344 ----a-w- AC0831603F7F6E070E77427BD9035DA0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\storage\PERMAN~1\MOZ-SA~1\idb\818200~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite 2016-06-22 12:48:17 57344 ----a-w- AC0831603F7F6E070E77427BD9035DA0 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\storage\PERMAN~1\MOZ-SA~1\idb\818200~1.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite 2016-06-22 12:48:18 65616 ----a-w- BD4DE92A08EAC40599BF6E16B554BD9E C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\COOKIE~3.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\cookies.sqlite-wal 2016-06-22 12:48:18 65616 ----a-w- BD4DE92A08EAC40599BF6E16B554BD9E C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\COOKIE~3.SQ~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\cookies.sqlite-wal 2016-06-22 12:48:29 2534 ----a-w- FAAF8FD6F52EB0CB62D16C90F6E62D99 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SESSIO~1\recovery.js --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\sessionstore-backups\recovery.js 2016-06-22 12:48:29 2534 ----a-w- FAAF8FD6F52EB0CB62D16C90F6E62D99 C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\SESSIO~1\recovery.js --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\sessionstore-backups\recovery.js 2016-06-22 12:48:39 592 ----a-w- 1B2E3BC7ADA938AF7409B3646996D274 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SEARCH~1\osuldhcd.xml --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\searchplugins\osuldhcd.xml 2016-06-22 12:48:40 214 ----a-w- C6B16360C24707155551951163E742D9 C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\SEARCH~1.JS~ --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\search-metadata.json 2016-06-23 09:06:24 15893 ----a-w- 1409A57F219929B8A6C4DD7028BE3C0B C:\Users\CHARLO~1\AppData\Roaming\Profiles\RSWWV7~1.DE~\prefs.js --- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\prefs.js 2016-06-23 09:06:32 15893 ----a-w- 1409A57F219929B8A6C4DD7028BE3C0B C:\Users\CHARLO~1\AppData\Roaming\Profiles\TMPDEF~1\prefs.js --- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\prefs.js ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 6072 MB CPU Info: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz CPU Speed: 3194,4 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: AMD Radeon HD 5570 | AMD Radeon HD 5570 Monitors: 1x; HP x23LED Series Wide LCD Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: 802.11n Wireless LAN Card | Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Microsoft Hosted Network Virtual Adapter CD / DVD Drives: 1x (E: | ) E: hp DVD-RAM GH60L Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 916,4GB | D: 14,6GB Hard Disks - Free: C: 709,8GB | D: 1,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 07/12/10 | HPQOEM - 20100712 Time Zone: Romance (standaardtijd) Motherboard *: MSI 2A9C Country: Nederland Language: NLD ==== System Specs (Software) ====================== Internet Explorer Version: 11.420.10586.0 Mozilla Firefox version: 47.0 (x86 nl) Google Chrome version: 51.0.2704.103 Adobe Reader version: 15.16.20045.188096 Sun Java version: 1.8.0_60 (32-bit) Sun Java version: 1.8.0_60 (64-bit) Flash Player version: 22.0.0.192 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-06-15 18:30:10 E15BEB03592BA12C5C99E2BA46146BDD 4515264 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\CHARLO~1\AppData\Local\Temp ==== ====== Java Cache ===== 2016-06-22 13:38:45 CEBAF4D52745C7785F26177FEA967C51 54 ----a-w- C:\Users\Charlotte\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4e0a1e00-3f06e4c2 ====== C:\WINDOWS\SysWOW64 ===== 2016-06-15 18:30:44 F58B6B20BB45E99C99D0F2B73B9EE373 1372312 ----a-w- C:\WINDOWS\SysWOW64\gdi32.dll 2016-06-15 18:30:44 B004992A381FCE04934893BB7D9BDD19 504320 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2016-06-15 18:30:42 F62430C1C9A23E5BAD5C4A43A66F662B 87040 ----a-w- C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-06-15 18:30:42 688687C8D860657E6BFDD77B0FFE1DE4 59904 ----a-w- C:\WINDOWS\SysWOW64\MosStorage.dll 2016-06-15 18:30:42 1C09B75EF1869E7790444928F89E3D3C 50176 ----a-w- C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-06-15 18:30:41 CA90D72C7249D79017057F1F48FD1958 711680 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-06-15 18:30:41 73A58788F32A98E446220B5E48843967 349696 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-06-15 18:30:41 3C563003AFDD2E6CDC199C2EBDB07886 784896 ----a-w- C:\WINDOWS\SysWOW64\NMAA.dll 2016-06-15 18:30:41 20D8DBFB40E025C2E99F7146E48116CD 800768 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-06-15 18:30:40 21D80595A8427CB6F1DDC134E948AECE 6295552 ----a-w- C:\WINDOWS\SysWOW64\mos.dll 2016-06-15 18:30:40 105DE7AF1C9763E56D5322CECF3465EB 5205504 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll 2016-06-15 18:30:39 B981A07C0A0CCE68BD90DF3E3EC520DE 1707520 ----a-w- C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-06-15 18:30:39 388077FF1642D94BF81F9D814F22BBA2 499712 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-06-15 18:30:29 E391DD57E6965C8D2DB05A4A52F80EC8 546456 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-06-15 18:30:29 B09DFF7CD8E40EA77559C87F3BF310DE 703840 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe 2016-06-15 18:30:29 5922C03A67F868265E5AB176DB6D641D 316256 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll 2016-06-15 18:30:24 92347FC58A8BD2A45F440239EA9A4F04 12128256 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2016-06-15 18:30:23 6D879552B32CCD2536F66F4F88F54800 19344384 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2016-06-15 18:30:21 FB68B81CBD3F79D09E3EA1D0DFB424B6 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll 2016-06-15 18:30:21 DDE33C05D644CC57429340ACB2DA53C5 18674176 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2016-06-15 18:30:20 6762E4ACE8D11FCD80EA4011DD22B857 5660160 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll 2016-06-15 18:30:19 DCAC3EE469A3B0C0EC5660D730DF6BDF 9918976 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2016-06-15 18:30:18 9BD17D372080234722C1139DAC039C9D 93696 ----a-w- C:\WINDOWS\SysWOW64\fontsub.dll 2016-06-15 18:30:17 7823862FA05558EB61C72D8A5A163ADA 3664896 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2016-06-15 18:30:17 02ABF6A6775B745CCCEAEB4594AA6354 5323776 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-06-15 18:30:16 D8C44C34BC206902947E55E2C94E8D38 2921880 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2016-06-15 18:30:16 1E497317417C1C68B5453DD04721B16D 614400 ----a-w- C:\WINDOWS\SysWOW64\winhttp.dll 2016-06-15 18:30:13 A495EA4706387D12C00641D8C48BA527 890368 ----a-w- C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-06-15 18:30:12 C3BB1475ABDFBC0BB5A37D8BAF3DE733 687616 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2016-06-15 18:30:12 71DF6482300C802BB104514F34B460F0 91648 ----a-w- C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-06-15 18:30:11 B9AD8E15F6641E328C1543688B5EE2E8 2061824 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-06-15 18:30:11 92A252E7DAF67D36BC81758A0F8596EB 2195632 ----a-w- C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-06-15 18:30:10 836DF245362A9E09CC050EB107E85D74 467456 ----a-w- C:\WINDOWS\SysWOW64\AppContracts.dll 2016-06-15 18:30:10 7FFD756E7DD8BA83B4B4EF41F51B7DF5 1582080 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-06-15 18:30:09 8162BC2EC9E529AA90F196A12D887308 4268880 ----a-w- C:\WINDOWS\SysWOW64\setupapi.dll 2016-06-15 18:30:09 56339962C1448BA2CF4C4D25C89938D2 521664 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll 2016-06-15 18:30:08 A142F1D0FF07C172FA90075B7848CCD0 521728 ----a-w- C:\WINDOWS\SysWOW64\StructuredQuery.dll 2016-06-15 18:30:07 E724CB02012CEBF773DC9FE304DCD946 501600 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-06-15 18:30:07 B011360F95F911F025BC91CB17449798 1500160 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2016-06-15 18:30:06 FBBE8B9147474379F54F8A1BACBF9748 388384 ----a-w- C:\WINDOWS\SysWOW64\ws2_32.dll 2016-06-15 18:30:06 FB8900191867C5B4AA61AF85B8DD1869 4074160 ----a-w- C:\WINDOWS\SysWOW64\explorer.exe 2016-06-15 18:30:05 F07AE86B2CD1C2CF6AE7812C60299032 535040 ----a-w- C:\WINDOWS\SysWOW64\rastls.dll 2016-06-15 18:30:05 1B4F03A9F11169672067ED4FD7504AD6 1445888 ----a-w- C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-06-15 18:30:04 0B2EB30A9E987E8F85C9B28BDE04F028 254656 ----a-w- C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-06-15 18:30:02 9BBE7D1B5B0FC534CBA0B2444BD05204 957608 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll 2016-06-15 18:30:00 B503CB64CC62265B914DA10A5CF87B05 2230272 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2016-06-15 18:30:00 1F5B5642253FC9760EEACD81900C38DC 312160 ----a-w- C:\WINDOWS\SysWOW64\mswsock.dll 2016-06-15 18:30:00 110EE87B0F4E38609AD73E9075EF82A4 97096 ----a-w- C:\WINDOWS\SysWOW64\ncryptsslp.dll 2016-06-15 18:29:56 D93D6F9BC1EE3329A9DCF3B9591EB156 219136 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-06-15 18:29:56 56DEB6F17F290B8C4AF8B2AA10097B55 88576 ----a-w- C:\WINDOWS\SysWOW64\olepro32.dll 2016-06-15 18:29:55 551624F398703A90CAFCC5777CEA99E8 450560 ----a-w- C:\WINDOWS\SysWOW64\SyncController.dll 2016-06-15 18:29:55 2FDF5001427D457AC43942FADC742404 360480 ----a-w- C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2016-06-15 18:29:54 CD12A269274F2916A3661198E13CBBC4 799744 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll 2016-06-15 18:29:54 8000FB1D40149AC05F6BDE9248A6B956 230400 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore6.dll 2016-06-15 18:29:53 A3B6AED415AEEA114597E5043F45FF18 415232 ----a-w- C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-06-15 18:29:53 861D71E2284DCEA5E9309CDE8D920252 485888 ----a-w- C:\WINDOWS\SysWOW64\newdev.dll 2016-06-15 18:29:53 53BD5A0B7D0B027984D99BEDB945CEE6 84832 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-06-15 18:29:53 4DED20A327D15D69FB85310D14D67711 291328 ----a-w- C:\WINDOWS\SysWOW64\polstore.dll 2016-06-15 18:29:52 4243F729D260C0D6C6A3B605F51FD518 103424 ----a-w- C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-06-15 18:29:51 88A3958213B43EED8402D4496149924A 64000 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2016-06-15 18:29:51 4F34CCC76E60CCE8BA12663A747EC05B 57344 ----a-w- C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2016-06-15 18:29:50 CEF14DB231B344BBDBF7C04A12D8336B 293888 ----a-w- C:\WINDOWS\SysWOW64\dhcpcore.dll 2016-06-15 18:29:50 5DC9ED2C89D94C47892DF237D604BDC8 200192 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2016-06-15 18:29:50 4C6145BBEFDD7092ABFA5F7614BA2E66 53760 ----a-w- C:\WINDOWS\SysWOW64\FwRemoteSvr.dll 2016-06-15 18:29:49 A9E193BE154B7145EF06FD0FD10232A0 151040 ----a-w- C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-06-15 18:29:48 69E1CFC67F4A4043F01AD3513A73ED02 161280 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-06-15 18:30:44 7A654D6E586FDE14C8B805BED03D74B7 45568 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll 2016-06-15 18:30:44 6521E1FB66B3E1897C4EFDECC7C95D4C 606208 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2016-06-15 18:30:43 E7522EFA8A09808046F88BCF3F1B8827 1594416 ----a-w- C:\WINDOWS\Sysnative\gdi32.dll 2016-06-15 18:30:43 C1B13204994572C941C14A7FF410C4D6 24605696 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2016-06-15 18:30:42 730D45D8008EECC0BAD2CBEB48A5EA6F 853504 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll 2016-06-15 18:30:42 669A63116B94E259A6D583C099A6B48C 460800 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll 2016-06-15 18:30:41 8E49ED08328FB7446228617B129DD377 7200256 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll 2016-06-15 18:30:41 3CF4B1B09166346F5CA6C3BFBEF2EB8C 1056256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll 2016-06-15 18:30:40 E91AB87F7E533BA1566FDEC651347E07 988160 ----a-w- C:\WINDOWS\Sysnative\NMAA.dll 2016-06-15 18:30:40 4799A06F0BC0694E8D6FBF38110B7F65 939520 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll 2016-06-15 18:30:39 EBE69568E527FD4EF37EDD0C62608B28 7977472 ----a-w- C:\WINDOWS\Sysnative\mos.dll 2016-06-15 18:30:39 C49E5A83F5454A06A1306A8B1589B928 1996288 ----a-w- C:\WINDOWS\Sysnative\ActiveSyncProvider.dll 2016-06-15 18:30:38 CAB0FCF4F680E552329366614C83A808 630784 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll 2016-06-15 18:30:38 2FEEF51C4A1DB9D1334D5B77DEC92865 22379008 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2016-06-15 18:30:32 FA2CDF42B3E9F53B12E506BA48BE16AA 72704 ----a-w- C:\WINDOWS\Sysnative\moshost.dll 2016-06-15 18:30:32 985F15F4F0922BD34BDD42AD2F5EC86A 89088 ----a-w- C:\WINDOWS\Sysnative\MapsCSP.dll 2016-06-15 18:30:32 77C9887E5E4A99F3A6F717DF24874E00 66560 ----a-w- C:\WINDOWS\Sysnative\MosHostClient.dll 2016-06-15 18:30:32 76A304EBFC5FF61C5F5B35259AA64EAE 269824 ----a-w- C:\WINDOWS\Sysnative\moshostcore.dll 2016-06-15 18:30:32 3704397D35001B56B371B3395BD8B876 123392 ----a-w- C:\WINDOWS\Sysnative\tdlrecover.exe 2016-06-15 18:30:32 0DA05DFF1CFF34D421475DCEEB4F42A8 74752 ----a-w- C:\WINDOWS\Sysnative\MosStorage.dll 2016-06-15 18:30:32 0C1F4E23E2E834C7EE795D23EC383205 28672 ----a-w- C:\WINDOWS\Sysnative\mapsupdatetask.dll 2016-06-15 18:30:32 0272C6FF9DB6902D9958AC108EB7F7C2 120320 ----a-w- C:\WINDOWS\Sysnative\MapsBtSvc.dll 2016-06-15 18:30:31 224DC52AE777A1B23A6774B6C4C04853 2609664 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll 2016-06-15 18:30:30 F7A0927CE6772BD2B809DAB4C18F52F2 46784 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe 2016-06-15 18:30:30 CE8A06FE15854BAEE15E5E87D1CB6EBA 1401024 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2016-06-15 18:30:30 AA2D40D4C045D014FD481BC17308A09A 118272 ----a-w- C:\WINDOWS\Sysnative\fontsub.dll 2016-06-15 18:30:30 05E07AE24F3BE69DEF01145C9BF99B8C 6973952 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll 2016-06-15 18:30:29 F0DF375130CF8A135D9BF5459BD7691D 636304 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe 2016-06-15 18:30:29 E53E383F2C47424BD793210CC3A17FE5 808288 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe 2016-06-15 18:30:29 5CE34C981833706A0B6051572AC5B6CE 379232 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll 2016-06-15 18:30:28 26E32337D1525AE114645A53EBA9ECDE 13385728 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2016-06-15 18:30:27 9EDE32C8BEAF4E95CBCE3CA158984D2A 3585536 ----a-w- C:\WINDOWS\Sysnative\SystemSettingsThresholdAdminFlowUI.dll 2016-06-15 18:30:27 80851FD6C1795071602244DDAC856C78 11545088 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2016-06-15 18:30:25 A68F4601A79556A0E912458703D30A1D 7832576 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll 2016-06-15 18:30:23 C9CF27CF340A5909B1C1953776957C87 567808 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll 2016-06-15 18:30:22 1CF69EF4E2844F9D297F309CF80122CB 2168320 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2016-06-15 18:30:20 D2A63D882C5A702C0E3081D4CC6855B0 3994624 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll 2016-06-15 18:30:19 5370350A591EC5A55801AA8378DFADCE 4896256 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2016-06-15 18:30:18 B89C353AFC8F56D961D07FF1FE7B4BCD 1339904 ----a-w- C:\WINDOWS\Sysnative\gpsvc.dll 2016-06-15 18:30:17 D4B30E23A3B373648F61290DAF432CB2 794624 ----a-w- C:\WINDOWS\Sysnative\winhttp.dll 2016-06-15 18:30:17 C3417E8791096AA0E211B201ACA66757 2582016 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2016-06-15 18:30:16 2C3C82F85556F91EC1621268DDCC7554 3675512 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2016-06-15 18:30:15 C39B97A8B3C193303D09A3C95AF46531 1322248 ----a-w- C:\WINDOWS\Sysnative\ole32.dll 2016-06-15 18:30:15 4B4439FE941574FDF7A757DF6E100705 3590144 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2016-06-15 18:30:15 131547B1C1D2ABD355C5DFE945BCB9A4 693600 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll 2016-06-15 18:30:14 2BB3FACF2648595E14FAD596DC68DB65 7474528 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2016-06-15 18:30:14 186F9035AEF7E15C4D3F15C3536AB24C 2548944 ----a-w- C:\WINDOWS\Sysnative\d3d10warp.dll 2016-06-15 18:30:13 DDA0A83CA083DC6CBFAB7015B10F5377 1716736 ----a-w- C:\WINDOWS\Sysnative\SRHInproc.dll 2016-06-15 18:30:13 D56E06BE971D9AE99400D435D28D56ED 592896 ----a-w- C:\WINDOWS\Sysnative\AppContracts.dll 2016-06-15 18:30:13 CA2F55C653DEEEC99802103AD6C9E810 1797120 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Immersive.dll 2016-06-15 18:30:13 BDF4623C41C0782EE640C2466510FDD7 784384 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2016-06-15 18:30:13 A8AFB8AD3E24134382BFA0EBE534F95C 290496 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2016-06-15 18:30:13 7ECACE6D0B4C2D323408EB00FD93C682 503808 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll 2016-06-15 18:30:12 8D3AC00C88BC2A63D1D3CC320E0EAA19 2281472 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2016-06-15 18:30:12 729B7FF96EC3C2EC13EEBD12BBF15322 649792 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll 2016-06-15 18:30:12 5AAB28A6AC2AAC9F66D4EAB6695D0474 963072 ----a-w- C:\WINDOWS\Sysnative\iphlpsvc.dll 2016-06-15 18:30:11 FA8E0A9C648035CA1B47C9DA77EDB7EA 380416 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll 2016-06-15 18:30:11 A63889B4BCFDF67306AC239374F823B0 2066432 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll 2016-06-15 18:30:11 1A7C3451A5BD863F9FC4D7421D353374 982016 ----a-w- C:\WINDOWS\Sysnative\AppxPackaging.dll 2016-06-15 18:30:10 5B813FADEA5BE9195F01C83287F823F7 190464 ----a-w- C:\WINDOWS\Sysnative\wscsvc.dll 2016-06-15 18:30:10 248EE89220C4B1156EDA5F295C9133D3 1730560 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2016-06-15 18:30:09 CD9F1B2F8D6FDDEB0501666542E31D96 990208 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll 2016-06-15 18:30:08 F69610C2C741B025CE28BBAA7DA8A9EA 684544 ----a-w- C:\WINDOWS\Sysnative\StructuredQuery.dll 2016-06-15 18:30:08 F68AD4ACC7535D811F94A52233AE0457 430312 ----a-w- C:\WINDOWS\Sysnative\ws2_32.dll 2016-06-15 18:30:08 E3B8996D970DB8926A817A4BFC3DA5FD 285184 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll 2016-06-15 18:30:08 57C88C15CEC97318F580D7F4327AAA46 163328 ----a-w- C:\WINDOWS\Sysnative\tetheringservice.dll 2016-06-15 18:30:08 3EAE04B6CBACAB9CF850A5009F02065E 730344 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Shell.Broker.dll 2016-06-15 18:30:07 DD285F10B3AB2588FED953E559ABEADD 610816 ----a-w- C:\WINDOWS\Sysnative\rastls.dll 2016-06-15 18:30:07 BD5DD35352A6DEDBBF1472C06A123E27 965632 ----a-w- C:\WINDOWS\Sysnative\SRH.dll 2016-06-15 18:30:07 8DB6AE22A974739EB53C7FA3DBD7EAAA 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll 2016-06-15 18:30:07 4973B94DE96E78AF1128A557846E8411 4387680 ----a-w- C:\WINDOWS\Sysnative\setupapi.dll 2016-06-15 18:30:06 F818A7A8BA20F9E20087248FFF1717C8 90624 ----a-w- C:\WINDOWS\Sysnative\DeviceEnroller.exe 2016-06-15 18:30:06 87F0A5CDFF9DE712B1F009EDBF8D9779 641536 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll 2016-06-15 18:30:06 56622DFB0F03B7697B054F256C900A8E 303216 ----a-w- C:\WINDOWS\Sysnative\LockAppHost.exe 2016-06-15 18:30:06 0D33D06EF42E3BC6A7BBC4F7F7517C25 368640 ----a-w- C:\WINDOWS\Sysnative\usocore.dll 2016-06-15 18:30:05 F3E636B2A747493206336114208918FB 173056 ----a-w- C:\WINDOWS\Sysnative\mdmmigrator.dll 2016-06-15 18:30:05 861DE49C2ACE112CE1A83DF5E6A7AB97 239104 ----a-w- C:\WINDOWS\Sysnative\BrokerLib.dll 2016-06-15 18:30:05 2885631DD8DDB06C091310E6C837AFB0 92352 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2016-06-15 18:30:04 FFFDA814EE04E06DA9F0BADAA22ABBFD 145920 ----a-w- C:\WINDOWS\Sysnative\omadmclient.exe 2016-06-15 18:30:04 DF7A59E70F398EEB9FDCDD310987D8AE 1073152 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll 2016-06-15 18:30:04 4F2621E187382D22045D0BC65B23858E 587776 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll 2016-06-15 18:30:03 6DC05FFA78B5E1D34AFDBA08D00B1A8B 22561256 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2016-06-15 18:30:02 BEE99FBB55E3BFFCF85D0C0A8D26261F 431296 ----a-w- C:\WINDOWS\Sysnative\bcryptprimitives.dll 2016-06-15 18:30:02 9547F6675FB25D558BB0F10F1EC9DDD8 591360 ----a-w- C:\WINDOWS\Sysnative\vpnike.dll 2016-06-15 18:30:01 75CC21C976BFF286E706AA2D133EB9D4 2755584 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2016-06-15 18:30:01 39231A451D553196A909D02C05945CED 428896 ----a-w- C:\WINDOWS\Sysnative\hal.dll 2016-06-15 18:30:01 199298181CB86E5056D82BD1F86C8A97 357216 ----a-w- C:\WINDOWS\Sysnative\mswsock.dll 2016-06-15 18:30:00 4F99255A964A4009D434338D87A3610D 332288 ----a-w- C:\WINDOWS\Sysnative\polstore.dll 2016-06-15 18:30:00 2E6EBC6F331900D943EB5F58C1835AFB 417792 ----a-w- C:\WINDOWS\Sysnative\dmenrollengine.dll 2016-06-15 18:29:57 D67052BD0DA9C17BCBBF8AB5B6D354EE 392192 ----a-w- C:\WINDOWS\Sysnative\IPSECSVC.DLL 2016-06-15 18:29:57 6655228B16A6371BE3B45E7913B52250 111064 ----a-w- C:\WINDOWS\Sysnative\ncryptsslp.dll 2016-06-15 18:29:56 FEAFB991662BF0AD233CC090E83E4FD3 131248 ----a-w- C:\WINDOWS\Sysnative\gpapi.dll 2016-06-15 18:29:56 579BA42B70965456C170E98BD481E8F6 315392 ----a-w- C:\WINDOWS\Sysnative\RDXTaskFactory.dll 2016-06-15 18:29:55 9E79A2208A9ED205A7383CBC92C28053 79872 ----a-w- C:\WINDOWS\Sysnative\cryptsvc.dll 2016-06-15 18:29:55 9A293A4EE7C2283AD9689AB268B6CBA5 555520 ----a-w- C:\WINDOWS\Sysnative\SyncController.dll 2016-06-15 18:29:55 6B585B45402B04EF80CB81969682DBE6 693760 ----a-w- C:\WINDOWS\Sysnative\internetmail.dll 2016-06-15 18:29:55 537CC506D45C691CD1FFF2D918E8C27C 174080 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_Privacy.dll 2016-06-15 18:29:54 D7C68ADAF1DA79072A44620CD3042E44 170848 ----a-w- C:\WINDOWS\Sysnative\NetworkUXBroker.exe 2016-06-15 18:29:54 D5F1729225B3D3B69F76A191320952C7 514752 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2016-06-15 18:29:54 D07172DFA6BD46545A7708DD78F02D14 1184960 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2016-06-15 18:29:54 672694F7708B6531F7B3219D9FAE2845 199168 ----a-w- C:\WINDOWS\Sysnative\GnssAdapter.dll 2016-06-15 18:29:54 26E9FC9FFDEF863021D3C18A30B4373F 267264 ----a-w- C:\WINDOWS\Sysnative\dhcpcore6.dll 2016-06-15 18:29:53 EFE15754302A2188C933164CFF9AEFD1 111104 ----a-w- C:\WINDOWS\Sysnative\updatepolicy.dll 2016-06-15 18:29:53 D461D2BECEFA661291EB1B748A8D2CCB 355840 ----a-w- C:\WINDOWS\Sysnative\dhcpcore.dll 2016-06-15 18:29:53 C91D271837F2A7DE9875CF50068BF503 511488 ----a-w- C:\WINDOWS\Sysnative\newdev.dll 2016-06-15 18:29:53 A83B4BBA591A3243C61DB825201BA024 115040 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll 2016-06-15 18:29:53 83BF0EE2DB8AB8059B8979E7DF143AF1 26408 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2016-06-15 18:29:53 38A4CE75D9E6FDC28393971ADFD6F9FB 218624 ----a-w- C:\WINDOWS\Sysnative\cdd.dll 2016-06-15 18:29:52 8561E653AEB0EFCAD88DE082C282E831 76800 ----a-w- C:\WINDOWS\Sysnative\ngcpopkeysrv.dll 2016-06-15 18:29:52 58BC9F0C8D92AD7E45F03596BE2E68B4 550912 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll 2016-06-15 18:29:52 519E5DB2F227B7293EF94D18D5753738 157184 ----a-w- C:\WINDOWS\Sysnative\dmcertinst.exe 2016-06-15 18:29:51 FA0CCA622E2046BC47A81D9A2630F5E9 67072 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc6.dll 2016-06-15 18:29:51 3CFDA42F5C7914509CD660D1062A8E55 19456 ----a-w- C:\WINDOWS\Sysnative\httpprxp.dll 2016-06-15 18:29:51 201A90736B86C3478DD03FD238691944 1387520 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2016-06-15 18:29:51 163A6E3A267DBE416679A76D1FA57C4B 86016 ----a-w- C:\WINDOWS\Sysnative\dhcpcsvc.dll 2016-06-15 18:29:50 F605380B537201BD3BC0CDFB5AD53530 162816 ----a-w- C:\WINDOWS\Sysnative\enrollmentapi.dll 2016-06-15 18:29:50 E37D5E1BB9F53BD499125B3F0F27E94E 128512 ----a-w- C:\WINDOWS\Sysnative\httpprxm.dll 2016-06-15 18:29:50 E32F15E26724F3BB6423FB29FF3E2A8F 278016 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Management.dll 2016-06-15 18:29:50 47C395DAD8900E2E054FE3AE0FE7C345 406528 ----a-w- C:\WINDOWS\Sysnative\MusUpdateHandlers.dll 2016-06-15 18:29:50 265CCC1C1FEF749DC82458D114C2BE34 166400 ----a-w- C:\WINDOWS\Sysnative\MusNotification.exe 2016-06-15 18:29:50 0F98F18445707A9141F74B3C48F919A6 90112 ----a-w- C:\WINDOWS\Sysnative\FwRemoteSvr.dll 2016-06-15 18:29:50 003A0EA097767462F3417B7857DCE1CC 79360 ----a-w- C:\WINDOWS\Sysnative\adhsvc.dll 2016-06-15 18:29:49 D6DAEA66B2A9349DD38BFE528BBFAFA6 91136 ----a-w- C:\WINDOWS\Sysnative\browserbroker.dll 2016-06-15 18:29:49 3E10999029D3D2C13F8AAA204E7D5B5F 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll 2016-06-15 18:29:49 1F933CB5AECF7484A0589633A75132A2 176640 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll 2016-06-15 18:29:48 E527156DDC1367CD795AD231C5C439C4 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe 2016-06-15 18:29:48 A3AA03C0C5002F3D89397637B770A1BA 207360 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll 2016-06-15 18:29:48 A1E25DFE54E3D41CB528ACA5CE9480F7 199168 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe 2016-06-15 18:29:48 6B7F0785FF5AA23B7005D969BED95DB2 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2016-06-15 18:30:14 3996DF4D52FD6273750C7033D1447C0A 31744 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsdport.sys 2016-06-15 18:30:08 8B83335B6A86F39785FC7C9DE5F5B29F 1996640 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-06-15 18:30:05 425CFD45BDF5B9F8B790BEB20E0A8721 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-06-15 18:30:04 C03E926B0E7D66D68994067231DC3246 278528 ----a-w- C:\WINDOWS\Sysnative\drivers\netbt.sys 2016-06-15 18:30:04 2568B86F6A50D254324CB89022CA9EFC 690176 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2016-06-15 18:30:03 CF78AF126B00C1B0A6FF45BD838E8EFE 331616 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-06-15 18:30:02 BE88248427A6AA548A904FD867667F70 406528 ----a-w- C:\WINDOWS\Sysnative\drivers\srv.sys 2016-06-15 18:30:02 3F7C80D9F16B94367646CBF8B8C052F4 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-06-15 18:30:01 8E9E48E4BC6EACB811FE6066ADACC7A5 577376 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-06-15 18:30:00 87B9ABB965F7AF987D52791F0DD1663D 211296 ----a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys 2016-06-15 18:29:56 6E520D6B16EA8AE23D1F81C1194F00C8 237056 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2016-06-15 18:29:55 D330D74B5F99309B5CCA30AE41C57CDE 118624 ----a-w- C:\WINDOWS\Sysnative\drivers\partmgr.sys 2016-06-15 18:29:54 05DD22294A4F3F89E52351C7721E6D2C 258912 ----a-w- C:\WINDOWS\Sysnative\drivers\ufx01000.sys 2016-06-15 18:29:52 883A36E2FF7FA3E1281CB575579FE3AF 124928 ----a-w- C:\WINDOWS\Sysnative\drivers\Ndu.sys 2016-06-15 18:29:51 020F3FD207AFEDAC8E05E4C567547A78 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys ====== C:\WINDOWS\Tasks ====== 2016-06-22 12:49:40 FF23AD621037C78DA201FFE3C4532F37 9070 ----a-w- C:\WINDOWS\Sysnative\Tasks\Awaphhogecult Nodifier ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-06-20 20:43:23 -------- d-----w- C:\Program Files\Microsoft Office 15 ======= C:\PROGRA~2 ===== 2016-06-22 10:58:23 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER ======= C: ===== ====== C:\Users\Charlotte\AppData\Roaming ====== 2016-06-06 17:32:41 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Charlotte ====== 2016-06-22 19:19:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Charlotte\Downloads\RSITx64.exe 2016-06-20 20:44:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools ====== C: exe-files == 2016-06-22 13:22:20 0BC3BEB793D7AF45AB42CF64A6C6AA24 4141586 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\F1474PZ0PY.exe 2016-06-22 12:54:48 2496C5295948C58519E6B4E5781364D4 764224 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\INetCache\IE\0PZDKG9X\OrbiterInstaller[1].exe 2016-06-22 12:54:44 6848CFD6D1075C23B9C571FB85F9DE11 177760 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\INetCache\IE\WLASUAGO\Stub[1].exe 2016-06-22 12:53:15 B8FCAE95A2F16169FEE6F24C5A81DCE0 5795458 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\Windows\INetCache\IE\2726B5OZ\vnl1[1].exe 2016-06-22 12:48:29 8F3BD4E178839A1D1EDE413D514791F2 5113120 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\zfOAwUr403.exe 2016-06-22 12:48:25 1D29A3C8C50C05958A5254F9647C1A48 1198298 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\nse7718.tmp.exe 2016-06-22 12:48:24 9E6F2970735948AF753A3AB66192450C 72553 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\4nVw9gSIzW.exe 2016-06-20 20:47:15 E3EC81D634A09EAD6155E9F6F5ABFA18 7846992 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\OneDriveSetup.exe 2016-06-20 20:47:10 F4601CDFF7E3F1100BBB00B2FF76DB56 147632 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncConfig.exe 2016-06-20 20:44:04 38AA9248EC5F26278A6C3980082606F8 1161032 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe 2016-06-20 20:44:04 38AA9248EC5F26278A6C3980082606F8 1161032 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe 2016-06-18 06:55:27 C95EF70EE631E5D9782E34045F4A0DEE 2698328 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\51.0.2704.103\51.0.2704.103_51.0.2704.84_chrome_updater.exe 2016-06-16 19:18:29 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\4005E39A-23C2-43D9-8777-1E9F66930E31\DismHost.exe === C: other files == 2016-06-23 16:59:39 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-r- C:\Users\Charlotte\AppData\Local\Temp\_MEI64042\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2016-06-23 16:59:39 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-r- C:\Users\Charlotte\AppData\Local\Temp\_MEI64042\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2016-06-23 09:14:52 7E00F111D6D1135BCF5BC62A8D548336 4867 ----a-w- C:\Users\Charlotte\AppData\Local\Temp\xpi\tmp.zip 2016-06-22 12:48:38 DF6008E2073F0005C9AB6D1C9A510430 331007 ----a-w- C:\Users\Charlotte\AppData\Roaming\Profiles\tmpdefault\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi 2016-06-22 12:48:38 DF6008E2073F0005C9AB6D1C9A510430 331007 ----a-w- C:\Users\Charlotte\AppData\Roaming\Profiles\rswwv710.default\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi 2016-06-22 12:39:32 E2A54D7988146DA65B9410B1F8CE777C 24332 ----a-w- C:\Users\Charlotte\Downloads\subtitlesnl.com-419Minions 2015 HD TS XVID AC3 HQ Hive CM8.zip 2016-06-20 20:47:09 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\CollectOneDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-697365305-3729413489-3807942375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Dropbox Update"="C:\Users\Charlotte\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Spotify Web Helper"="C:\Users\Charlotte\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "OneDrive"="C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-697365305-3729413489-3807942375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Magic Desktop for HP notification"="C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Dropbox Update"="C:\Users\Charlotte\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Spotify Web Helper"="C:\Users\Charlotte\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "OneDrive"="C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpaceSoundPro"="C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv] "command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe" "hkey"="HKLM" "item"="hpsysdrv" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu] "command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background" "hkey"="HKLM" "item"="SmartMenu" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "hkey"="HKLM" "item"="SunJavaUpdateSched" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16-06-2016 21:11] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-697365305-3729413489-3807942375-1000Core.job --a-------- C:\Users\Charlotte\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19-06-2015 17:54] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-697365305-3729413489-3807942375-1000UA.job --a-------- C:\Users\Charlotte\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19-06-2015 17:54] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:26C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-08-2015 18:54] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1d06b873cfac649.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-08-2015 18:54] C:\WINDOWS\tasks\HPCeeScheduleForCharlotte.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [05-01-2010 12:53] C:\WINDOWS\tasks\HPCeeScheduleForMounier.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [05-01-2010 12:53] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Awaphhogecult Nodifier" ["C:\Program Files (x86)\Awaphhogecult\awpNdftes.exe"] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-697365305-3729413489-3807942375-1000Core" [C:\Users\Charlotte\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-697365305-3729413489-3807942375-1000UA" [C:\Users\Charlotte\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA1d06b873cfac649" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForCharlotte" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForMounier" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\WINDOWS\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-02-13 13:29:13 -------- d-----w- C:\PROGRA~3\USOShared 2016-02-13 13:34:23 -------- d-----w- C:\PROGRA~3\Microsoft OneDrive 2016-03-10 10:49:27 -------- d-----w- C:\PROGRA~3\boost_interprocess 2016-03-10 12:39:19 -------- d-----w- C:\PROGRA~3\UniqueId 2016-03-26 13:03:10 -------- d-----w- C:\PROGRA~3\Malwarebytes 2016-03-28 15:45:09 -------- d-sh--we C:\PROGRA~3\Application Data 2016-03-28 15:45:09 -------- d-sh--we C:\PROGRA~3\Bureaublad 2016-03-28 15:45:09 -------- d-sh--we C:\PROGRA~3\Documenten 2016-03-28 15:45:09 -------- d-sh--we C:\PROGRA~3\Favorieten 2016-03-28 15:45:09 -------- d-sh--we C:\PROGRA~3\Menu Start 2016-03-28 15:45:09 -------- d-sh--we C:\PROGRA~3\Sjablonen 2016-03-28 15:51:26 -------- d-----w- C:\PROGRA~3\ATI ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\CHARLO~1\AppData\Roaming\Profiles\rswwv710.default user_pref("browser.startup.homepage", "http://www.trotux.com/?z=8bf5be7ff093a0eec88624ag3z1qaqbwctdt6mae8b&from=epf1&uid=ST31000528AS_5VP67VF8&type=hp"); user_pref("browser.newtab.url", "http://www.trotux.com/?z=8bf5be7ff093a0eec88624ag3z1qaqbwctdt6mae8b&from=epf1&uid=ST31000528AS_5VP67VF8&type=hp"); user_pref("browser.search.defaultenginename", "trotux"); user_pref("browser.search.selectedEngine", "trotux"); ProfilePath: C:\Users\CHARLO~1\AppData\Roaming\Profiles\tmpdefault user_pref("browser.startup.homepage", "http://www.trotux.com/?z=8bf5be7ff093a0eec88624ag3z1qaqbwctdt6mae8b&from=epf1&uid=ST31000528AS_5VP67VF8&type=hp"); user_pref("browser.newtab.url", "http://www.trotux.com/?z=8bf5be7ff093a0eec88624ag3z1qaqbwctdt6mae8b&from=epf1&uid=ST31000528AS_5VP67VF8&type=hp"); user_pref("browser.search.defaultenginename", "trotux"); user_pref("browser.search.selectedEngine", "trotux"); ProfilePath: C:\Users\Mounier\AppData\Roaming\Mozilla\Firefox\Profiles\4m0nx03j.default-1411753880827 user_pref("browser.search.selectedEngine", "Beveiligd zoeken"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [15-03-2016 15:29] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\CHARLO~1\AppData\Roaming\Profiles\rswwv710.default - GsearchFinder - %ProfilePath%\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi ProfilePath: C:\Users\CHARLO~1\AppData\Roaming\Profiles\tmpdefault - GsearchFinder - %ProfilePath%\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Charlotte\AppData\Roaming\Mozilla\Firefox\Profiles\3nqgqq6u.default 05F4E9B3912EA16B04C5928758E8AA75 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[13-06-2016 11:18] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Charlotte\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[27-09-2014 12:25] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Slides - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap SiteAdvisor - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Docs Offline - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Mounier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Mounier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.myway.com_0.localstorage deleted successfully C:\Users\Mounier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\Mounier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Mounier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{7F558494-F7B3-4B38-BF84-50A8732F799C} - http://nl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF HKLM\SearchScopes\{A8A89CAF-5B6B-4485-BE7D-BA21AD4FEC0D} - http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Charlotte\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Charlotte\Desktop\Canon eos 100d\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe C:\Users\Charlotte\Desktop\Canon eos 100d\EOS Utility.lnk - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe C:\Users\Charlotte\Desktop\Canon eos 100d\ImageBrowser EX.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe C:\Users\Charlotte\Desktop\Canon eos 100d\Picture Style Editor.lnk - C:\Program Files (x86)\Canon\Picture Style Editor\PSEditor.exe C:\Users\Mounier\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Mounier\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Back-ups.lnk - C:\CHARLOTTE\Back-ups C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Charlotte\AppData\Roaming\Spotify\spotify.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\WINDOWS\system32\eudcedit.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionele onderdelen.lnk - C:\Windows\System32\fodhelper.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk - C:\WINDOWS\system32\eudcedit.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk - C:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk - C:\Program Files\Hewlett-Packard\MusicStation\MusicStation.exe full C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk - C:\Program Files (x86)\Vuze\Azureus.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\SIGNINOPTIONS.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoffice2010_XAdES_XL.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoutlooksnc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio\Camstudio-Recorder.lnk - C:\Program Files (x86)\CamStudio 2.6b\Recorder.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio\Player.lnk - C:\Program Files (x86)\CamStudio 2.6b\Player.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio\PlayerPlus.lnk - C:\Program Files (x86)\CamStudio 2.6b\PlayerPlus.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio\SWF-Producer.lnk - C:\Program Files (x86)\CamStudio 2.6b\Producer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio\Uninstall CamStudio.lnk - C:\Program Files (x86)\CamStudio 2.6b\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP150\Verwijderen.lnk - C:\Windows\System32\CanonIJ Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Digital Photo Professional\Digital Photo Professional Uninstall.lnk - C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Digital Photo Professional\uninstall.xml" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Digital Photo Professional\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility Readme.lnk - C:\Program Files (x86)\Canon\EOS Utility\readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility Uninstall.lnk - C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\EOS Utility\uninstall.xml" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\EOS Utility.lnk - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\EOS Utility\WFTPairing.lnk - C:\Program Files (x86)\Canon\EOS Utility\WFTPairing\WFTPairing.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ImageBrowser EX\ImageBrowser EX Uninstall.lnk - C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\ImageBrowser EX\uninstall.xml" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ImageBrowser EX\ImageBrowser EX.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\ImageBrowserEX.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ImageBrowser EX\Readme\EOS Video Snapshot Task Readme.lnk - C:\Program Files (x86)\Canon\EOS Video Snapshot Task\Readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ImageBrowser EX\Readme\ImageBrowser EX Readme.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\Readme(ImageBrowser EX).rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\ImageBrowser EX\Readme\MovieEdit Task Readme.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\ReadMeMET.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator 2.0\Leesmij-bestand bij MP Navigator.lnk - C:\Program Files (x86)\Canon\MP Navigator 2.0\Readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator 2.0\MP Navigator 2.0.lnk - C:\Program Files (x86)\Canon\MP Navigator 2.0\mpn20.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator 2.0\Uninstall van MP Navigator.lnk - C:\Program Files (x86)\Canon\MP Navigator 2.0\Maint.exe /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator 2.0\uninst.ini C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PhotoStitch\PhotoStitch Readme.lnk - C:\Program Files (x86)\Canon\PhotoStitch\Readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PhotoStitch\PhotoStitch Uninstall.lnk - C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\PhotoStitch\uninstall.xml" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\PhotoStitch\PhotoStitch.lnk - C:\Program Files (x86)\Canon\PhotoStitch\STLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Picture Style Editor\Picture Style Editor UnInstall.lnk - C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\Picture Style Editor\uninstall.xml" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Picture Style Editor\Picture Style Editor.lnk - C:\Program Files (x86)\Canon\Picture Style Editor\PSEditor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\Try Free CutePDF Editor.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\PDF Writer\Readme.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk - C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk - C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk - C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk - C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk - C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Habbo Hotel.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikershandleidingen\Aan de slag.lnk - C:\hp\documentation\gsg_nl-NL.xps C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikershandleidingen\Bedrijfsspecificaties.lnk - C:\hp\documentation\opspecs_WW.xps C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikershandleidingen\Handleiding Upgrade en Service.lnk - C:\hp\documentation\usgvn2_WW.xps C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikershandleidingen\Handleiding voor veiligheid en comfort.lnk - C:\hp\documentation\SCG_nl-NL.xps C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikershandleidingen\HP Garantie.lnk - C:\hp\documentation\Warranty.xps C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikershandleidingen\Overheids- en veiligheidsinformatie.lnk - C:\hp\documentation\safetyreg_nl-NL.xps C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk - C:\Program Files (x86)\Hp\HP Software Update\hpwucli.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\AdvisorVideo.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\AdvisorVideo\Doc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HP Setup.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe DESKTOP C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCAlerts.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=STANDARD,SYSTRAY pillar=PC_ACTION_CENTER TOUCHPOINT=STARTMENU C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDashboard.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=STANDARD,SYSTRAY pillar=PC_HEALTH_SECURITY TOUCHPOINT=STARTMENU C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDiscovery.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=STANDARD,SYSTRAY pillar=ECENTER TOUCHPOINT=STARTMENU C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDock.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart DVD.lnk - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Music.lnk - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe /MS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Photo.lnk - C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Video.lnk - C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Getting Started.lnk - C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe 1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LabelPrint.lnk - C:\Program Files (x86)\Cyberlink\LabelPrint\LabelPrint.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Control Panel.lnk - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LightScribe Website.lnk - C:\Program Files (x86)\Common Files\LightScribe\shortcuts\LightScribe Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\Quick Demo.lnk - C:\Program Files (x86)\Common Files\LightScribe\shortcuts\Quick Demo.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee AntiVirus Plus.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Verwijderen.lnk - C:\Program Files (x86)\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.39\AMV Player.lnk - C:\Windows\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_82BCAEC1034D713BEB5908.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.39\AMV&AVI Video Converter.lnk - C:\Windows\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_BED6D02F1C40014C7817EE.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.39\Media Manager.lnk - C:\Windows\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_9B7B85D2D7C8BF18142EEB.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.39\Media Player Upgrade Tool.lnk - C:\Windows\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_C32F8461099F0BCDFD6494.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Utilities 4.39\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe MODE=GETONLINE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk - C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\HP support information.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Information\HPSysInfo.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\HP Vision Diagnostics Disc Creation.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Vision Hardware Diagnostics\DiscCreation\disccreation.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic\PDF Split And Merge Basic.lnk - C:\Program Files (x86)\PDF Split And Merge Basic\pdfsam-starter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic\Readme.lnk - C:\Program Files (x86)\PDF Split And Merge Basic\doc\readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic\Tutorial.lnk - C:\Program Files (x86)\PDF Split And Merge Basic\doc\pdfsam-1.1.0-tutorial.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic\Uninstall.lnk - C:\Windows\System32\msiexec.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picto-Selector\Picto Selector.lnk - C:\Program Files (x86)\Picto Selector\PictoSelector.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk - C:\Program Files (x86)\QuickTime\PictureViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Updater.lnk - C:\Program Files (x86)\QuickTime\QuickTimeUpdater.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\ReadMe.lnk - C:\Program Files (x86)\QuickTime\readme.wri C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk - C:\Windows\unvise32qt.exe C:\Windows\system32\QUICKT~1\UNINST~1.LOG C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ImageBrowser EX Agent.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\l glp license.lnk - C:\Program Files (x86)\VSO\ConvertX\4\lgpl-2.1.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\Verwijder ConvertXToDVD.lnk - C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 4\ Drivers\ Remover Driver (Modo de Compatibilidade).lnk - C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe /remove /removeatip " Kompatibilitätsmodus wird eingerichtet... Bitte anschließend neu starten" ==== shortcuts in Quick Launch ====================== C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE /recycle C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picto Selector.lnk - C:\Program Files (x86)\Picto Selector\PictoSelector.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk - C:\Program Files (x86)\Vuze\Azureus.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\WINDOWS\system32\control.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\WINDOWS\system32\calc.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MP Navigator 2.0.lnk - C:\Program Files (x86)\Canon\MP Navigator 2.0\mpn20.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk - C:\Users\Charlotte\AppData\Roaming\Spotify\spotify.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE /recycle C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\WINDOWS\system32\calc.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\WINDOWS\system32\mspaint.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe "http://safebrowsing.biz/?ssid=1466599677&a=1024132&src=sh&uuid=e7e4b6b4-de02-4135-a985-8f02befa1d3b" C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Mounier\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Charlotte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Mounier\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit= O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Charlotte\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Charlotte\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Charlotte\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{0349578f-0331-46a2-848a-c59e55b44d2b}: NameServer = 94.242.222.66,8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{3383178c-c401-4a7d-806f-1c1c5083815f}: NameServer = 94.242.222.66,8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{74ab470e-7830-4a49-9ed8-e40c203a19ad}: NameServer = 94.242.222.66,8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{0349578f-0331-46a2-848a-c59e55b44d2b}: NameServer = 94.242.222.66,8.8.8.8 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Charlotte\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mounier\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Charlotte\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Mounier\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Charlotte\AppData\Local\Mozilla\Firefox\Profiles\3nqgqq6u.default\cache2 emptied successfully C:\Users\Mounier\AppData\Local\Mozilla\Firefox\Profiles\4m0nx03j.default-1411753880827\cache2 emptied successfully C:\Users\Mounier\AppData\Local\Mozilla\Firefox\Profiles\ur1dpi4u.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Mounier\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1050 folders=544 198503614 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\CHARLO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\SpaceSoundPro" not found ==== EOF on do 23-06-2016 at 19:35:28,91 ======================