Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Brian on wo 09-04-2014 at 20:07:25,32. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Brian\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 9-4-2014 20:10:18 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Brian\AppData\Roaming\Canon deleted successfully C:\Users\Default\AppData\Roaming\Macromedia deleted successfully C:\Users\UpdatusUser\AppData\Roaming\Macromedia deleted successfully C:\Users\Brian\AppData\Local\CutePDF Writer deleted successfully C:\Users\Brian\AppData\Local\Secunia PSI deleted successfully C:\Users\Brian\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files (x86)\BootRacer\BootRacerServ.exe C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamscheduler.exe G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe E:\Teamviewer\TeamViewer_Service.exe G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe E:\Winbar\WinBar.exe E:\Samsung Kies\Kies\Kies.exe E:\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe E:\Teamviewer\TeamViewer.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe E:\Teamviewer\tv_w32.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Users\Brian\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Brian\daemonprocess.txt deleted C:\Users\Brian\.android deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\MyFree Codec deleted C:\Users\Brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk deleted C:\Users\Brian\CD95F661A5C444F5A6AAECDD91C240DB.TMP deleted C:\PROGRA~3\Package Cache deleted C:\Users\Brian\AppData\Local\BearShare deleted C:\Users\Brian\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\Users\Brian\Documents\Mobogenie deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3960 MB CPU Info: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz CPU Speed: 3221,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce GT 630 | NVIDIA GeForce GT 630 | NVIDIA GeForce GT 630 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1152 X 864 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 2x (H: | M: | ) H: hp DVD RW AD-7251H5 | M: EZBSYS ISO CDVD DRIVE Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 119,1GB | D: 100,0MB | E: 410,7GB | F: 693,5GB | G: 293,0GB Hard Disks - Free: C: 83,0GB | D: 68,1MB | E: 408,1GB | F: 682,7GB | G: 291,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 01/05/12 | HPQOEM - 20120105 Time Zone: West-Europa (standaardtijd) Motherboard *: MSI 2A9C Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Norton Internet Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Norton Internet Security disabled Default Browser: Firefox 28.0 Internet Explorer Version: 11.0.9600.17041 Mozilla Firefox version: 27.0.1 (x86 nl) Google Chrome version: 34.0.1847.116 Adobe Reader version: 11.0.06.70 Sun Java version: 1.7.0_51 (32-bit) Sun Java version: 1.8.0 (64-bit) Flash Player version: 12.0.0.77 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-03-14 00:15:15 75FCC614C76DED9B38090CDF8DD29749 1860 ----a-w- C:\Windows\Sandboxie.ini ====== C:\Users\Brian\AppData\Local\Temp ==== 2014-04-02 15:23:18 8F184A8D2F93DC0F9FE8E5433631B0F4 7099072 ----a-w- C:\Users\Brian\AppData\Local\Temp\TeamViewer\Version9\update.exe 2014-03-29 00:01:21 92390D306B89B3D4EC3023F6B71D9546 34483024 ----a-w- C:\Users\Brian\AppData\Local\Temp\is1158881826\4715076_stp.EXE ====== Java Cache ===== 2014-03-12 22:44:27 54F82C35D963D96D763578EFD6463E0D 142384 ----a-w- C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\1a2bd418-1f755b21 2014-03-12 22:44:25 2519F0425B969341198EBB615ED54770 90 ----a-w- C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d71f1db-6.0.lap 2014-03-23 17:37:19 0E7377BBB0ECA2AC438B66988770B97A 76 ----a-w- C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\3243d5dc-6.0.lap 2014-03-23 17:37:19 85A3DC41D48DB126BE31EC5A3ABA1F06 145241 ----a-w- C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\fd02fb7-31b9db44 ====== C:\Windows\SysWOW64 ===== 2014-04-08 22:25:40 AA12D7A960DB78DD9690AB5B5DAE6586 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-04-08 22:25:39 CE6921D33682C6C3DB8A45853CC69402 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-04-08 22:25:35 A127D17C354B473B0F4C6265538F5A2C 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-08 22:25:32 EDACA6C44D9CE200F899B7DB0F201DFF 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-04-08 22:25:32 EBC35FE64056910A84485BEEB6DCCAC6 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-04-08 22:25:32 7E9FE7DB43BC204E44F159F843E35C15 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-04-08 22:25:32 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-04-08 22:25:31 82287FCFFA4A2D60FD744E3FEB3192C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-04-08 22:25:31 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-04-08 22:25:31 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-08 22:25:30 C9CA9803299EB6AFA34CB520BAAB083D 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-08 22:25:30 0FDC1A576A3F40420882C0F7C4A66EAD 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-04-08 22:25:28 BB185D4A9362AA17CBCEC0768CDBF249 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-04-08 22:25:28 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-08 22:25:28 0F4A295516781897FFB09B4CCF2E8798 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-04-08 22:25:25 E4E829EE073E046B0EB19B5FECB19B8C 1789440 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-04-08 22:25:25 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-04-08 22:25:25 05BD47136DE62FAFE9F95B40E4100144 2178048 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-04-08 22:25:24 C4A383FD50FBD7E274DD41CF571DF898 1967104 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-04-08 22:25:23 EA85144F35EDE6EE25C484D4242FF2C8 17387008 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-04-08 22:25:23 2AFBB91BBD2378933B26E6D68C140D1B 11745792 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-04-08 22:25:22 8C46360D6EF9D4C563FE834C4F287DA3 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-04-08 17:25:38 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-04-08 17:25:38 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-08 17:25:37 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2014-04-08 17:25:32 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-08 17:25:32 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-08 17:25:32 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2014-03-28 12:35:46 03F4527F7989F3C0A32CC8250353521E 599840 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-04-08 22:25:40 7446786E7092ABE122D372F95E6ED74B 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-04-08 22:25:39 FFF555C177D9F2B79B5C3146BED09FB1 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-04-08 22:25:35 6A8AA25D37F89E40B834F34950E3B89B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-08 22:25:34 D6067F7EE060C5D6D79008AD591B4E3B 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-04-08 22:25:34 964C89BC8A52A260D68C90FDDEB862E2 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-04-08 22:25:34 72116CC377FF4281B0132C397026D911 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-04-08 22:25:34 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-04-08 22:25:33 3F547245C78F4847B73EDDFD4A2F7E12 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-04-08 22:25:32 E7161E2C66FF9B1E87C30FC9D2497ABB 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-04-08 22:25:32 E0D95345D1EBB54F28E958782B9C0CE0 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-04-08 22:25:32 CFBA793F678EB3855052ECF99357A9A1 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-04-08 22:25:32 CB57E934280D346AE0A9B053DAA284C5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-04-08 22:25:31 A3F9A9E46BDDBB8B20B7CF3EEDB990F2 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-04-08 22:25:31 75AD355828187145A60E3DC7BAF7B0F3 628736 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-04-08 22:25:31 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-04-08 22:25:29 37D0FB9E5E8EDA40B66FC3FB3D660261 23549440 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-04-08 22:25:27 EBAD8A4D048ED257E4A45F6356541F86 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-04-08 22:25:27 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-04-08 22:25:27 915D8A9E112C97C90C654F792B6B28B9 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-04-08 22:25:27 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-04-08 22:25:25 F220BA78AB542C70211D73AE4729B2CD 2260480 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-04-08 22:25:25 1F8534A19A66275C863DE17645CB2A13 2767360 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-04-08 22:25:24 A14BB2F5F6457738AAA11367F5172A05 13551104 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-04-08 22:25:24 32417AE8280276968E5C551ED85D3525 1400832 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-04-08 22:25:24 1654093C8BD3342997D27B71684ACCE8 2043904 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-04-08 22:25:22 BF25489459C7A762DD7B3186C7E3984D 5784064 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-04-08 20:52:16 EDA94A7898252382DD71FC08D8B1382B 312728 ----a-w- C:\Windows\Sysnative\javaws.exe 2014-04-08 17:25:39 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-04-08 17:25:38 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2014-04-08 17:25:38 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2014-04-08 17:25:38 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2014-04-08 17:25:37 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-08 21:57:25 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-04-08 21:57:06 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-04-08 21:57:06 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-04-08 21:57:06 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-04-08 18:36:33 73BDD44A6088916964945886F9025409 108800 ----a-w- C:\Windows\Sysnative\drivers\ssudbus.sys 2014-04-08 18:36:33 5252D7BC56E5E0ED715AEA8FE173A455 206080 ----a-w- C:\Windows\Sysnative\drivers\ssudmdm.sys 2014-04-08 17:25:48 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2014-04-08 17:25:48 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-08 17:25:48 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-08 17:25:31 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2014-03-23 00:00:36 27452E46F34A8B3184AECDD806411C64 316312 ----a-w- C:\Windows\Sysnative\drivers\RapportKE64.sys 2014-03-20 22:02:56 757ACE4D4C9FF0571F86AA5D586B45E8 12708128 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys 2014-03-20 22:02:52 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys 2014-03-12 18:09:42 351533ACC2A069B94E80BBFC177E8FDF 35344 ----a-w- C:\Windows\Sysnative\drivers\npf.sys ====== C:\Windows\Tasks ====== 2014-03-28 23:57:45 97CE2D8B7D92FEFBB4FCF6F9C300DBBF 3130 ----a-w- C:\Windows\Sysnative\Tasks\{95420A79-DE85-4736-BD24-0275E87C60CA} 2014-03-19 19:17:48 03375080BF175AB5D75B12D92BCFD85F 3770 ----a-w- C:\Windows\Sysnative\Tasks\AutoRearm 2014-03-19 19:17:38 D7A982B416EDE87E0B41A1B5300665EC 3238 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMSCustom 2014-03-19 19:09:51 4B5840037CAC957C3A9B2FF5C2D90881 216 ----a-w- C:\Windows\Tasks\AutoKMSDaily.job 2014-03-19 19:09:51 2BDCD48BFE00AE1E06A11C12DDCCB6C7 2754 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMSDaily 2014-03-19 19:02:47 -------- d-----w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform 2014-03-14 21:15:19 D1FB5FC81BBC27E79CDAAC9D980888B6 3620 ----a-w- C:\Windows\Sysnative\Tasks\HPCustParticipation HP Photosmart 5520 series ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-03-28 19:28:55 -------- d-----w- C:\Program Files\trend micro 2014-03-24 20:35:51 -------- d-----w- C:\Program Files\Java 2014-03-14 21:15:00 -------- d-----w- C:\Program Files\HP ======= C:\PROGRA~2 ===== 2014-04-08 20:52:23 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-04-08 18:34:36 -------- d-----w- C:\PROGRA~2\MarkAny 2014-03-29 00:01:52 -------- d-----w- C:\PROGRA~2\DVDVideoSoft 2014-03-28 13:33:47 -------- d-----w- C:\PROGRA~2\BootRacer 2014-03-23 00:00:07 -------- d-----w- C:\PROGRA~2\Trusteer 2014-03-14 21:15:20 -------- d-----w- C:\PROGRA~2\HP Photo Creations 2014-03-12 19:17:06 -------- d-----w- C:\PROGRA~2\COMMON~1\DVDVideoSoft 2014-03-11 21:59:17 -------- d-----w- C:\PROGRA~2\Secunia ======= C: ===== ====== C:\Users\Brian\AppData\Roaming ====== 2014-04-09 18:19:12 -------- d-----w- C:\Users\Brian\AppData\Local\VirtualStore 2014-04-08 20:52:18 -------- d-----w- C:\Users\Brian\AppData\Locallow\Oracle 2014-04-05 20:13:04 -------- d-----w- C:\Users\Brian\AppData\Roaming\GitHub 2014-04-05 20:12:59 -------- d-----w- C:\Users\Brian\AppData\Local\GitHub 2014-04-05 20:12:53 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Apps 2014-04-05 20:12:53 -------- d-----w- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-04-05 20:11:37 -------- d-----w- C:\Users\Brian\AppData\Local\Deployment 2014-04-05 20:11:37 -------- d-----w- C:\Users\Brian\AppData\Local\Apps 2014-04-04 16:21:52 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Trusteer 2014-04-04 10:26:31 -------- d-----w- C:\Users\Brian\AppData\Roaming\Belastingdienst 2014-04-01 11:12:10 -------- d-----w- C:\Users\Brian\AppData\Local\ISL Online Cache 2014-03-29 00:28:16 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\CrashDumps 2014-03-28 13:33:47 -------- d-----w- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BootRacer 2014-03-28 12:46:53 -------- d-----w- C:\Users\Brian\AppData\Local\NVIDIA 2014-03-28 12:36:11 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\NVIDIA 2014-03-23 00:00:10 -------- d-----w- C:\Users\Brian\AppData\Local\Trusteer 2014-03-22 12:34:17 -------- d-----w- C:\Users\Brian\AppData\Roaming\BitComet 2014-03-19 18:59:42 -------- d-----w- C:\Users\Brian\AppData\Local\Microsoft Help 2014-03-15 19:15:29 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2014-03-15 19:15:29 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-03-15 19:15:29 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-03-15 19:15:29 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-03-14 21:15:20 -------- d-----w- C:\Users\Brian\AppData\Locallow\Hewlett-Packard 2014-03-14 21:15:08 -------- d-----w- C:\Users\Brian\AppData\Roaming\HpUpdate 2014-03-14 21:12:43 -------- d-----w- C:\Users\Brian\AppData\Local\HP 2014-03-12 22:29:13 -------- d-----w- C:\Users\Brian\AppData\Roaming\MusicNet 2014-03-12 19:17:06 -------- d-----w- C:\Users\Brian\AppData\Roaming\DVDVideoSoft 2014-03-12 18:10:10 -------- d-----w- C:\Users\Brian\AppData\Local\NETGEARGenie ====== C:\Users\Brian ====== 2014-04-04 10:26:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst 2014-03-28 12:47:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-03-24 23:07:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2014-03-23 00:00:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging 2014-03-22 23:59:32 -------- d-----w- C:\ProgramData\Trusteer 2014-03-19 19:17:12 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2014-03-19 18:59:39 -------- d-----w- C:\ProgramData\Microsoft Help 2014-03-15 19:15:29 -------- d-----w- C:\Users\Public\AppData 2014-03-14 21:15:20 -------- d-----w- C:\ProgramData\Visan 2014-03-14 21:15:20 -------- d-----w- C:\ProgramData\HP Photo Creations 2014-03-14 21:15:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-03-14 21:15:00 -------- d-----w- C:\ProgramData\HP 2014-03-14 21:14:56 29D92A9517DBA64F698CD6F9A2E53261 57 ----a-w- C:\ProgramData\Ament.ini 2014-03-14 00:15:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2014-03-12 19:17:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-03-11 21:11:39 -------- d-----w- C:\ProgramData\Macrium ====== C: exe-files == 2014-04-08 22:41:22 ECBB3E1FFD65CE70FBF4708117C1607A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2293175794-3526264504-2682802372-1000\$IQC80NL.exe 2014-04-08 22:25:37 F972DDD19A10F53D74021DDEAC07CCA6 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-04-08 22:25:37 E0155A11B26C7D5347069AB7ACB62D02 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-04-08 22:25:37 C5C7E33308BAE18BD9F59F9A93E85D33 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-04-08 22:25:37 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-04-08 22:25:34 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-04-08 22:25:31 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-08 22:25:31 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-04-08 22:25:27 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-04-08 22:25:27 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-04-08 22:25:24 EA8386CA87165460D39A1D29FF11080B 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-04-08 22:25:24 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-04-08 22:19:29 33822F43B98E36F267321B929C25C4F0 272664 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2293175794-3526264504-2682802372-1000\$RQC80NL.exe 2014-04-08 21:49:05 9A210C572753950C14D63F8D0D337A34 1642072 ----a-w- C:\Users\Brian\AppData\Roaming\BitTorrent\BitTorrent.exe 2014-04-08 21:47:44 9A210C572753950C14D63F8D0D337A34 1642072 ----a-w- C:\Users\Brian\AppData\Roaming\BitTorrent\updates\7.9.1_30769.exe 2014-04-08 20:52:16 EDA94A7898252382DD71FC08D8B1382B 312728 ----a-w- C:\Windows\System32\javaws.exe 2014-04-08 20:52:04 897F2D59086CE6CC9A56DD69D1354C38 195992 ----a-w- C:\Program Files\Java\jre8\bin\unpack200.exe 2014-04-08 20:52:04 808531685AEC3F499ADF64B223F41604 16280 ----a-w- C:\Program Files\Java\jre8\bin\tnameserv.exe 2014-04-08 20:52:03 EDA94A7898252382DD71FC08D8B1382B 312728 ----a-w- C:\Program Files\Java\jre8\bin\javaws.exe 2014-04-08 20:52:03 DBB05DED44F0516F7BC91B037DE96D33 16280 ----a-w- C:\Program Files\Java\jre8\bin\orbd.exe 2014-04-08 20:52:03 C41B00AAB4AEAE4FC1FD5DEB6123B951 15768 ----a-w- C:\Program Files\Java\jre8\bin\kinit.exe 2014-04-08 20:52:03 C3708101EADF5AA53C5BDC9D8D84F18A 16280 ----a-w- C:\Program Files\Java\jre8\bin\policytool.exe 2014-04-08 20:52:03 C36EE4B605284CA18FE3F4C03D9297B9 16280 ----a-w- C:\Program Files\Java\jre8\bin\servertool.exe 2014-04-08 20:52:03 B8FC4258C2060E9AE50FE04AE6F51DF2 15768 ----a-w- C:\Program Files\Java\jre8\bin\klist.exe 2014-04-08 20:52:03 B79A378EE046EE68A87BE0AC409EC4AB 67480 ----a-w- C:\Program Files\Java\jre8\bin\jp2launcher.exe 2014-04-08 20:52:03 925F08B494C64FAE97BD67787CDF5E60 15768 ----a-w- C:\Program Files\Java\jre8\bin\ktab.exe 2014-04-08 20:52:03 87EEEB10641B7CE1D190FFC8E7F4CDBD 15768 ----a-w- C:\Program Files\Java\jre8\bin\pack200.exe 2014-04-08 20:52:03 6B8A950F520E5F7A5CE5228F8F3136F2 15768 ----a-w- C:\Program Files\Java\jre8\bin\rmiregistry.exe 2014-04-08 20:52:03 60CD5DE0EEEF1D64B176D365DD5D96A9 15768 ----a-w- C:\Program Files\Java\jre8\bin\keytool.exe 2014-04-08 20:52:03 3FF11BDE0A9FE54EF36629B78FB8D56B 64408 ----a-w- C:\Program Files\Java\jre8\bin\ssvagent.exe 2014-04-08 20:52:03 044623A6DC02498EEF954543B9DC94B1 191384 ----a-w- C:\Program Files\Java\jre8\bin\javaw.exe 2014-04-08 20:52:03 0383960A7891B4F470D7F01E8BD234DE 15768 ----a-w- C:\Program Files\Java\jre8\bin\jjs.exe 2014-04-08 20:52:03 01B4729E3185C34E444A9764A7002367 15768 ----a-w- C:\Program Files\Java\jre8\bin\rmid.exe 2014-04-08 20:52:02 F96A49B3721545AC7F055E26B910D7B7 190872 ----a-w- C:\Program Files\Java\jre8\bin\java.exe 2014-04-08 20:52:02 C239DFD0E4F82D5988F529535A828A32 15768 ----a-w- C:\Program Files\Java\jre8\bin\java-rmi.exe 2014-04-08 20:52:02 A2C3D5D4DC1EB954F4D7217B3B3A1B93 34200 ----a-w- C:\Program Files\Java\jre8\bin\jabswitch.exe 2014-04-08 20:52:02 33E6EFCC8CC47A6F029E998D874DAAB3 76184 ----a-w- C:\Program Files\Java\jre8\bin\javacpl.exe 2014-04-08 20:26:41 8FAE9109245E4B4FF42704ECFB86F1B6 8704216 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.154_chrome_updater.exe 2014-04-08 18:35:23 F7668F85EC75C0016E7D8362A0B907EC 8638664 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe 2014-04-08 18:35:00 5D2844770B902B21A627E4E2A98A2843 61440 ----a-w- C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe 2014-04-08 18:35:00 52B8B60BF634BF9E01E527856E8E371F 65536 ----a-w- C:\Program Files (x86)\MarkAny\ContentSafer\MAWebControl.exe 2014-04-08 18:35:00 25E98D8886D5BB198302FC30D67DC61E 32768 ----a-w- C:\Program Files (x86)\MarkAny\ContentSafer\MaCSMgr.exe 2014-04-08 18:34:59 97E9DC457B407CC3E9FB68FD0A17D295 401056 ----a-w- C:\Program Files (x86)\MarkAny\ContentSafer\MPXBox.exe 2014-04-08 18:34:57 FCDE60F22FF7B5BEB55770208565B199 845168 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe 2014-04-08 18:34:57 8957D11B279893C627D869DDABE62B27 61840 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AdminDelegator.exe 2014-04-08 18:34:56 2476DAB05A59A4D7605AC17C5230B1A0 89488 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe 2014-04-08 18:34:55 DE6896E5C98AF913710AFA64EA4EB880 78216 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe 2014-04-08 18:34:51 CD8B1D24A8934F6876A68F9FE37B4455 623984 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Updater\Kies.Update.exe 2014-04-08 18:34:50 6407D56278190B304212464DFDCD0B8B 311152 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe 2014-04-08 18:34:49 86051D41CFA4F60DB2F95C450C1830E2 559984 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesAgent.exe 2014-04-08 18:34:49 8260505D351A516B976EB02DB2CB9876 277872 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe 2014-04-08 18:34:48 DF552350CDC2AA39C01CE40612DF82A8 1564528 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe 2014-04-08 18:34:46 D58AB0F8FCE9F370F3231238093F589E 3835088 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe 2014-04-08 18:34:36 EF64B1FFC855EFFF6E2473E622D5343B 20480 ----a-w- C:\Program Files (x86)\MarkAny\ContentSafer\UpdateClient\MAUpdate.exe 2014-04-08 18:34:36 7B027B4CA7EB847EC3F6C745DC0A46DA 126976 ----a-w- C:\Program Files (x86)\MarkAny\ContentSafer\UpdateClient\MaUpdateClient.exe 2014-04-08 18:34:36 5BBB89A68FEBBCD4AC8C4730FD7EF765 57344 ----a-w- C:\Program Files (x86)\MarkAny\ContentSafer\UpdateClient\MAUpdateBoot.exe 2014-04-08 18:34:36 222A73292EE99D4D3E7237BB4CE0DE15 173568 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe 2014-04-08 18:34:34 B91AC5E9CCDACAE27DC2E41ADA91EB26 67952 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe 2014-04-08 18:34:34 8FA785BB7E8D9C4F30ED95EB8CAAAF51 693760 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe 2014-04-08 18:34:32 F937848E0B6173E2607E7021E6F4DC57 351232 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe 2014-04-08 18:34:32 94D6A04EB4EE64BE9C988DC5B42A980E 65904 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\RegisterCOM.exe 2014-04-08 18:34:15 CD8B1D24A8934F6876A68F9FE37B4455 623984 ----a-w- C:\Users\Brian\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe 2014-04-08 17:25:38 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-08 17:25:32 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-08 17:25:32 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-05 20:13:20 FED067CA7942B8C0BE49C4139EBA6D72 10240 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ps.exe 2014-04-05 20:13:20 F7BA9227C68F6445977050D890E2E062 10752 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\tclsh85.exe 2014-04-05 20:13:20 F7BA9227C68F6445977050D890E2E062 10752 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\tclsh.exe 2014-04-05 20:13:20 E95F0EA60D38624136BF5B91EB9DF45E 43008 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\scp.exe 2014-04-05 20:13:20 E6FB032AB643814818CAFE896AC26EB7 28160 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\pdfinfo.exe 2014-04-05 20:13:20 E505F021CB7C689793E8E879833FE60B 353280 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\openssl.exe 2014-04-05 20:13:20 E420C1CC690AC0D77794CC1A32C858B9 69632 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ssh-agent.exe 2014-04-05 20:13:20 DF22DF18348000CBD4DE6FDB2BC46823 23552 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\split.exe 2014-04-05 20:13:20 DE0FB6A9DCB63E62F924CA28050FBE42 7168 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\perl.exe 2014-04-05 20:13:20 CE46C5C70BD834DD1BFB7D960A4C80F9 12800 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\wish85.exe 2014-04-05 20:13:20 CE46C5C70BD834DD1BFB7D960A4C80F9 12800 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\wish.exe 2014-04-05 20:13:20 C65553CDA2F1C1AC135597CBBF7B187F 81408 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\mv.exe 2014-04-05 20:13:20 BC990EB648B617FD1E867EB180229401 35840 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\tail.exe 2014-04-05 20:13:20 B3864C5DCBF74E854B8ADC0DCE7E9D9E 303616 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\rebase.exe 2014-04-05 20:13:20 B1DCAC31819EC90B945B815FD82211C0 27648 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\md5sum.exe 2014-04-05 20:13:20 AEB9D0E6B7A46F655CD7D34E2D62E3FC 22528 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\rmdir.exe 2014-04-05 20:13:20 A8AD03B677BC3D9A350F4ABD03192E4A 596992 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\sh.exe 2014-04-05 20:13:20 9B186D078C3338B46A5CC2097D61FC6A 28672 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\mkdir.exe 2014-04-05 20:13:20 9933D220FA394EA2CCACA50D86B2416E 29184 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\pdftotext.exe 2014-04-05 20:13:20 953F347ABB55459BA4B3B4C03C0F33AE 62464 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\rm.exe 2014-04-05 20:13:20 8D4485EA63C776B0A3A3F5CE007D7609 108544 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\msmtp.exe 2014-04-05 20:13:20 8D3B835A52D35509AB245123BCB3E89E 33280 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\tr.exe 2014-04-05 20:13:20 8AAD86DC9CD12E3C9141A610A649761B 39936 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\sort.exe 2014-04-05 20:13:20 885FE519BF3BBE38EBFF4272408E731E 81920 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ssh-add.exe 2014-04-05 20:13:20 8818316090C7B85CD7B9A1458ED48186 256000 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ssh.exe 2014-04-05 20:13:20 763E276B8556BCCC12DC5EFEEF837614 19456 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\tee.exe 2014-04-05 20:13:20 6DA19D79E410A643D2EC5F5F625F5386 144384 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ssh-keyscan.exe 2014-04-05 20:13:20 696AF394BF7F840DDFF3571D5E0CE727 24576 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\uniq.exe 2014-04-05 20:13:20 633359D04CB8B58B8C413CB8E90BE62F 1353728 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\tar.exe 2014-04-05 20:13:20 6037202134F5FD41D5A488BEF6F0B00A 18944 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\uname.exe 2014-04-05 20:13:20 59CC307BE2543457223A8DCC05984BD7 109056 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ssh-keygen.exe 2014-04-05 20:13:20 3D826B39B9D365CB6F0E84B46CBD02CE 12288 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\true.exe 2014-04-05 20:13:20 393B91BC9CA84A769EB9562077933696 18432 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\sleep.exe 2014-04-05 20:13:20 3104B7014F8601EF658C3EAC1BC19DEA 12288 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\xargs.exe 2014-04-05 20:13:20 22986812015B113EEBF6C32D13261B92 102400 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\rxvt.exe 2014-04-05 20:13:20 1D05FC7CCFC9F3CFD95524FA91F110BB 32256 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\wc.exe 2014-04-05 20:13:20 161D1A8ECB28334568406F23F3C6C4F6 1855488 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\share\vim\vim73\vim.exe 2014-04-05 20:13:20 0FEA3750E5D0E2AE6B79918401C453B5 38400 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\touch.exe 2014-04-05 20:13:20 06F75DC81EC1840EE4BEDBFD59EC46D4 159232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\unzip.exe 2014-04-05 20:13:20 05CCC69BF01AF3AA8A16EB7DD5EE36F1 57344 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\patch.exe 2014-04-05 20:13:20 00E1D39DC6499E4EAA7BCA07165C7DBB 200192 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\m4.exe 2014-04-05 20:13:19 FD19C8CC0EC2DF71F57BA0A58D9B1779 223232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\share\git-tfs\git-tfs.exe 2014-04-05 20:13:19 FD19C8CC0EC2DF71F57BA0A58D9B1779 223232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\git-tfs.exe 2014-04-05 20:13:19 FC113465E02BA77894939081A35EA9E2 178176 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gpgsplit.exe 2014-04-05 20:13:19 F97052CBCF77DCAC114CE9230B302A24 10240 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\kill.exe 2014-04-05 20:13:19 F2034B3D840BA11B8584F7C2BF8D49FA 69632 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ls.exe 2014-04-05 20:13:19 D01314B3AC6535A7BE04D19051B7C269 763904 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\git-upload-pack.exe 2014-04-05 20:13:19 CB83CE85FA786841BF722C96FB25559B 112128 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\less.exe 2014-04-05 20:13:19 B1DA72DEB5862DDA0EB5F8BCB2A38007 1236480 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gpg.exe 2014-04-05 20:13:19 B0CB9BC9D04F38E2CBD94B9B86B55521 50688 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\iconv.exe 2014-04-05 20:13:19 97FCD8591255F5F3F03117F673DE3A63 39424 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gpgkeys_curl.exe 2014-04-05 20:13:19 7805314635AD1F897A3EA20E1036DE46 8704 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\cmd\git.exe 2014-04-05 20:13:19 7227AFF7B416157A7941AEDFEB45119F 26624 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\head.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-write-tree.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-whatchanged.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-verify-tag.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-verify-pack.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-var.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-upload-archive.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-update-server-info.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-update-ref.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-update-index.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-unpack-objects.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-unpack-file.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-tar-tree.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-tag.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-symbolic-ref.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\git.exe 2014-04-05 20:13:19 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\git-upload-archive.exe 2014-04-05 20:13:19 6FF6D74AB53FF766C61558B57CB01AEC 96768 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gpgkeys_finger.exe 2014-04-05 20:13:19 64677ADC5707035D58F5FBC1CB9805E0 763904 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-upload-pack.exe 2014-04-05 20:13:19 628BAEE6085B4DD8FA8BF4B40667828B 72704 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\ln.exe 2014-04-05 20:13:19 59C0FD45507C878B15B90C25E1F63535 21504 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\id.exe 2014-04-05 20:13:19 4FB6317C459FA778340A993CADCE3940 50688 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gzip.exe 2014-04-05 20:13:19 4FB6317C459FA778340A993CADCE3940 50688 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gunzip.exe 2014-04-05 20:13:19 3282888B20ADFAD1A605B6A82E7791F8 56832 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gpgkeys_ldap.exe 2014-04-05 20:13:19 30ACF7CF785DD651F18C0539C6C54C81 44544 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gpgkeys_hkp.exe 2014-04-05 20:13:19 2E39155ED6DFA6C1C26DA3B0EBC2CC0E 81408 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\grep.exe 2014-04-05 20:13:19 165988DAF85CD48E29A35A6B580E857C 535552 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gpgv.exe 2014-04-05 20:13:18 E76E3792033B8FB5C3D8293137953764 744448 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-sh-i18n--envsubst.exe 2014-04-05 20:13:18 CB2722763A8718DE656CFA2253D7A97D 743424 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-show-index.exe 2014-04-05 20:13:18 72533AF5A4FEC1E9A93B7D508C326FFC 784384 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote-https.exe 2014-04-05 20:13:18 72533AF5A4FEC1E9A93B7D508C326FFC 784384 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote-http.exe 2014-04-05 20:13:18 72533AF5A4FEC1E9A93B7D508C326FFC 784384 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote-ftps.exe 2014-04-05 20:13:18 72533AF5A4FEC1E9A93B7D508C326FFC 784384 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote-ftp.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-stripspace.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-status.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-stage.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-show.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-show-ref.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-show-branch.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-send-pack.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-rm.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-revert.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-rev-parse.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-rev-list.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-reset.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-rerere.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-repo-config.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-replace.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote-fd.exe 2014-04-05 20:13:18 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote-ext.exe 2014-04-05 20:13:18 5BB5D4CE0B50CDA9F59B76CB16251A85 793600 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-remote-testsvn.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-receive-pack.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-read-tree.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-push.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-prune.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-prune-packed.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-peek-remote.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-patch-id.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-pack-refs.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-pack-redundant.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-pack-objects.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-notes.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-name-rev.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-mv.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-mktree.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-mktag.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge-tree.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge-subtree.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge-recursive.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge-ours.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge-index.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge-file.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-merge-base.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-mailsplit.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-mailinfo.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-ls-tree.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-ls-remote.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-ls-files.exe 2014-04-05 20:13:17 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\git-receive-pack.exe 2014-04-05 20:13:16 FC17D5F3F31A3811A82EF9C132D3572E 752128 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-http-backend.exe 2014-04-05 20:13:16 F9AE2CB74F4DCF3A71FCCE319F7C4BD6 24064 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\cut.exe 2014-04-05 20:13:16 F91FBBD3B577BDB4F277D0CC4F6FF1C4 760832 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-daemon.exe 2014-04-05 20:13:16 F3D2C3AB30B5FA1D79F3D1859FAF325E 777728 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-fast-import.exe 2014-04-05 20:13:16 F2A30AE567B03FEBE9DAA387E9E3C74A 11264 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\cmp.exe 2014-04-05 20:13:16 ECAA03BDF3B14A1A36CD93063ADF090D 18432 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\basename.exe 2014-04-05 20:13:16 E606BE5AC02961EA6A0241F2F782C514 52224 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\connect.exe 2014-04-05 20:13:16 E01F95985A37123BC08747F73841D11E 49152 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\expr.exe 2014-04-05 20:13:16 D8E864E382B7DD2AD2267E26701E75CE 1299968 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\bison.exe 2014-04-05 20:13:16 B1D1E798C7445AA895A20C9ABAF54B3B 15872 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\dos2unix.exe 2014-04-05 20:13:16 AB6A068B8BDF72B6D60F9BF04CBB70D0 68608 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\diff.exe 2014-04-05 20:13:16 73CE9F80350AD63C13BC0CFE453E3C10 74240 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\cp.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-init.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-init-db.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-index-pack.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-help.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-hash-object.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-grep.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-get-tar-commit-id.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-gc.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-fsck.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-fsck-objects.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-format-patch.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-for-each-ref.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-fmt-merge-msg.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-fetch.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-fetch-pack.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-fast-export.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-diff.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-diff-tree.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-diff-index.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-diff-files.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-describe.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-credential.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-count-objects.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-config.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-commit.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-commit-tree.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-column.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-clone.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-clean.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-cherry.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-cherry-pick.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-checkout.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-checkout-index.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-check-ref-format.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-check-mailmap.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-check-ignore.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-check-attr.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-cat-file.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-bundle.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-branch.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-blame.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-bisect--helper.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-archive.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-apply.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-annotate.exe 2014-04-05 20:13:16 712DD3946A3347064E044DC31F85C6EA 1439232 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-add.exe 2014-04-05 20:13:16 6F18EE3179ED808A03C70CA32EA2F452 769024 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-http-fetch.exe 2014-04-05 20:13:16 62137C1A7608FECDD99B98727E07A742 17920 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\dirname.exe 2014-04-05 20:13:16 604A9CA30B06CF2073F8EEFA9DC2E525 18944 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\env.exe 2014-04-05 20:13:16 5D786D2ABDDC17BA23CE0876B90CA7B5 149504 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\gawk.exe 2014-04-05 20:13:16 5B2E257B317CE6FDBBF1A1C5E3D18BC3 750080 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-credential-store.exe 2014-04-05 20:13:16 517E2DEAC42275B734AC81B0F9645C1A 1330176 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\flex.exe 2014-04-05 20:13:16 4F68C102E4012A89B1F153E2DE565620 22528 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\cat.exe 2014-04-05 20:13:16 4D767577A7C32816354D22C208B72BF1 52224 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\find.exe 2014-04-05 20:13:16 405FF99D5C6061111454930B9B658469 75264 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\bzip2.exe 2014-04-05 20:13:16 386F137A5595D6EF8877B8FF0CB77E13 65536 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\du.exe 2014-04-05 20:13:16 2B9398CCAE792E0D50593EFF6FD334EA 47616 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\date.exe 2014-04-05 20:13:16 243E2F61D31A88C755C325D506893C5E 12288 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\false.exe 2014-04-05 20:13:16 2272401D894EEBC35A4583D14A53A33F 28160 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\chmod.exe 2014-04-05 20:13:16 1D7668D8012DF399CF26ADCE60CE2B8C 758272 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\libexec\git-core\git-imap-send.exe 2014-04-05 20:13:16 182B0EFE6A16C746CA4F165B9E772316 596992 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\bash.exe 2014-04-05 20:13:16 0F072AA6CC7FD7B4FA57479D95DAB68A 5632 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\getcp.exe 2014-04-05 20:13:16 02653D5C097CF21101A057C87D710505 215040 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\antiword.exe 2014-04-05 20:13:16 016B846D9C77F32B7FAF11B30579860B 493568 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\bin\curl.exe 2014-04-05 12:07:14 ECDBCC2C4ED76EED8EEBB628AF0E61CA 998312 ----a-w- C:\Users\Brian\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe 2014-04-05 12:07:13 C0FE26369B03AB32B5862AE97FB601BF 10848 ----a-w- C:\Users\Brian\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe 2014-04-05 12:07:13 7EEDFE2601BD68899BA19192F638D627 17504 ----a-w- C:\Users\Brian\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe 2014-04-05 12:07:12 ECDBCC2C4ED76EED8EEBB628AF0E61CA 998312 ----a-w- C:\Users\Brian\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1396699632_1880_5568_1843241681\ISL_Light_Client_3_5_5.exe 2014-04-04 10:33:04 6463A4FA57AEE1597C26EC75DFD911D2 2836400 ----a-w- C:\Users\Brian\Desktop\Belasting aangiften Programma's\ib2013_win_setup.exe 2014-04-04 10:31:15 680E65246E7BB601926F2A2532574C78 2825952 ----a-w- C:\Users\Brian\Desktop\Belasting aangiften Programma's\ib2012_win_setup.exe 2014-04-04 10:30:07 7F7B7B91D8BD9A01B8A32BCFB8E77841 2806528 ----a-w- C:\Users\Brian\Desktop\Belasting aangiften Programma's\ib2011_win_setup.exe 2014-04-04 10:27:31 D0E39BE537A8F2ECC038875587F0B424 2762376 ----a-w- C:\Users\Brian\Desktop\Belasting aangiften Programma's\ib2010_win_setup.exe 2014-04-04 10:25:52 AF11BF837C7156500E230239B2F08979 2847136 ----a-w- C:\Users\Brian\Desktop\Belasting aangiften Programma's\ib2009_win_setup.exe === C: other files == 2014-04-08 21:57:25 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-08 21:57:06 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-04-08 21:57:06 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-08 21:57:06 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-08 20:52:04 296235286CF42B7F5F757E852F67A089 14050 ----a-w- C:\Program Files\Java\jre8\lib\deploy\ffjcext.zip 2014-04-08 18:36:33 73BDD44A6088916964945886F9025409 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2014-04-08 18:36:33 5252D7BC56E5E0ED715AEA8FE173A455 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2014-04-08 17:25:48 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-04-08 17:25:48 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-04-08 17:25:48 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-04-08 17:25:31 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2014-04-05 20:13:13 07EBA5FB821A2BD60442E05A3CE627F9 708 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\Git Bash.vbs 2014-04-05 20:13:10 608144500B8AEAD1875AEA0D8454A5D5 542 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\git-cmd.bat 2014-04-05 20:13:10 08970E14B6586A6565421535EE5D45D1 5956 ----a-w- C:\Users\Brian\AppData\Local\GitHub\PortableGit_054f2e797ebafd44a30203088cd3d58663c627ef\git-bash.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2293175794-3526264504-2682802372-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "WinBar (x86)"="E:\Winbar\WinBar.exe" "SandboxieControl"="G:\Sandbox\SbieCtrl.exe" "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN3AH513C60602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" "KiesPreload"="E:\Samsung Kies\Kies\Kies.exe /preload" [HKEY_USERS\S-1-5-21-2293175794-3526264504-2682802372-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2293175794-3526264504-2682802372-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LWS"="E:\Logitech\LWS\Webcam Software\LWS.exe -hide" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "WinBar (x86)"="E:\Winbar\WinBar.exe" "SandboxieControl"="G:\Sandbox\SbieCtrl.exe" "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN3AH513C60602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" "KiesPreload"="E:\Samsung Kies\Kies\Kies.exe /preload" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BootRacer"="C:\Program Files (x86)\BootRacer\Bootrace.exe /2" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BootRacer"="C:\Program Files (x86)\BootRacer\Bootrace.exe /2" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BitTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Brian\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenu" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Driver Whiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Driver Whiz" "hkey"="HKCU" "command"="G:\\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="E:\\Samsung Kies\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="E:\\Samsung Kies\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mobilegeni daemon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Mobogenie\\DaemonProcess.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"E:\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="E:\\Super Anti Spyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk] "path"="C:\\Users\\Brian\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\EvernoteClipper.lnk" "backup"="C:\\Windows\\pss\\EvernoteClipper.lnk.Startup" "backupExtension"=".Startup" "command"="E:\\Evernote\\EVERNO~2.EXE " "item"="EvernoteClipper" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\!SASCORE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BITCOMET_HELPER_SERVICE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-03-2014 22:30] C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19-01-2014 21:48] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19-01-2014 21:48] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AutoKMSCustom" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\SysNative\tasks\AutoKMSDaily" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\SysNative\tasks\AutoRearm" [C:\Windows\AutoRearm\AutoRearm.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["E:\Ccleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe"] "C:\Windows\SysNative\tasks\Norton Family\Norton Error Analyzer" [C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Family\Norton Error Processor" [C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}"="C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.29\coFFFw" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" [12-03-2014 21:17] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\6b9t2bgx.default-1395843081005 - Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff - Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn - Simple Youtube Converter - %ProfilePath%\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack.xpi - Turn Off the Lights - %ProfilePath%\extensions\stefanvandamme@stefanvd.net.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\6b9t2bgx.default-1395843081005 95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash 0CA4180B21C6B728578F3B0433BB740E - E:\Vlc Player\VLC\npvlc.dll - VLC Web Plugin B33B016B77560C7832BF4D311EA23328 - C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx[11-03-2014 22:44] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[04-03-2014 17:58] BeGone Guerra Online - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcchnfnladlkddlceegencfccjcfnjp Google Docs - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf TV - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh YouTube - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Facebook - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm Sniper OMOH - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbgpnekbennkmggdcahbdjnbckcbakpg Pool - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb Last updated at time on date - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Pyramid Jewels Challenge - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpolicdanocdhepamfhapnbgahgebbi Rush Team - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb 3D Table Tennis - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceoimpjbncjmhghmhfpmbkkkgkkchen AdBlock - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom New York Taxi License - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lllhlpegibamimlkpnhjpohppfcckcfb Google Maps - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh Park the car on this shopping mall parking as quick as you can. - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjfoehokglnmbbnncflhhgapdfkhahle Norton Identity Protection - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Teletekst - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\noblnklnhglbnfomoipgcidnbpdjfbom Background Tab - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic 3D Bomb Destroyer - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom Gmail - Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjfoehokglnmbbnncflhhgapdfkhahle deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{28884516-3D8E-4622-88DE-ED1516351C58}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {28884516-3D8E-4622-88DE-ED1516351C58} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2293175794-3526264504-2682802372-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-2293175794-3526264504-2682802372-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Whiz deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - E:\Evernote\EvernoteIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll O4 - HKLM\..\Run: [LWS] E:\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WinBar (x86)] E:\Winbar\WinBar.exe O4 - HKCU\..\Run: [SandboxieControl] "G:\Sandbox\SbieCtrl.exe" O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AH513C60602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [KiesPreload] E:\Samsung Kies\Kies\Kies.exe /preload O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 O4 - HKUS\S-1-5-21-2293175794-3526264504-2682802372-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2293175794-3526264504-2682802372-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: Afbeelding knippen - E:\Evernote\\EvernoteIERes\Clip.html?clipAction=4 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O8 - Extra context menu item: Kopieer selectie - E:\Evernote\\EvernoteIERes\Clip.html?clipAction=3 O8 - Extra context menu item: Kopieer URL - E:\Evernote\\EvernoteIERes\Clip.html?clipAction=0 O8 - Extra context menu item: Nieuwe notitie - E:\Evernote\\EvernoteIERes\NewNote.html O8 - Extra context menu item: Pagina opemen - E:\Evernote\\EvernoteIERes\Clip.html?clipAction=1 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra button: @E:\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\Evernote\\EvernoteIERes\AddNote.html O9 - Extra 'Tools' menuitem: @E:\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\Evernote\\EvernoteIERes\AddNote.html O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files (x86)\BootRacer\BootRacerServ.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - G:\Sandbox\SbieSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - E:\Teamviewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] WinBar (x86) = E:\Winbar\WinBar.exe [The WinBar Team] SandboxieControl = "G:\Sandbox\SbieCtrl.exe" [Sandboxie Holdings, LLC] HP Photosmart 5520 series (NET) = "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AH513C60602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 [Hewlett-Packard Co.] KiesPreload = E:\Samsung Kies\Kies\Kies.exe /preload [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} BootRacer = "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 [Greatis Software] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} LWS = E:\Logitech\LWS\Webcam Software\LWS.exe -hide [Logitech Inc.] HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [Hewlett-Packard] (Default) = (empty string) [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll [Symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll [Symantec Corporation] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre8\bin\ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre8\bin\jp2ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] {FFCB3198-32F3-4E8B-9539-4324694ED664}\(Default) = (no title provided) -> {HKLM...CLSID} = Adblock Plus for IE Browser Helper Object \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [Adblock Plus] -> {HKLM...Wow...CLSID} = Adblock Plus for IE Browser Helper Object \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [Adblock Plus] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll [Symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll [Symantec Corporation] {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Norton Vulnerability Protection -> {HKLM...Wow...CLSID} = Norton Vulnerability Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL [Symantec Corporation] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre8\bin\ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {92EF2EAD-A7CE-4424-B0DB-499CF856608E}\(Default) = (no title provided) -> {HKLM...CLSID} = Evernote extension \InProcServer32\(Default) = E:\Evernote\EvernoteIEx64.dll [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063] -> {HKLM...Wow...CLSID} = Evernote extension \InProcServer32\(Default) = E:\Evernote\EvernoteIE.dll [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre8\bin\jp2ssv.dll [Oracle Corporation] -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] {FFCB3198-32F3-4E8B-9539-4324694ED664}\(Default) = (no title provided) -> {HKLM...CLSID} = Adblock Plus for IE Browser Helper Object \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [Adblock Plus] -> {HKLM...Wow...CLSID} = Adblock Plus for IE Browser Helper Object \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [Adblock Plus] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider -> {HKLM...Wow...CLSID} = Icaros Thumbnail Provider \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosThumbnailProvider.dll [Tabibito Technology] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <> {1984DD45-52CF-49cd-AB77-18F378FEA264} = FencesShellExt -> {HKLM...CLSID} = FencesShlExt Class \InProcServer32\(Default) = E:\Fences\Stardock\Fences\FencesMenu64.dll [Stardock] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ FencesShellExt\(Default) = {1984DD45-52CF-49cd-AB77-18F378FEA264} -> {HKLM...CLSID} = FencesShlExt Class \InProcServer32\(Default) = E:\Fences\Stardock\Fences\FencesMenu64.dll [Stardock] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\NavShExt.dll" [Symantec Corporation] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = E:\Super Anti Spyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ FencesShellExt\(Default) = {1984DD45-52CF-49cd-AB77-18F378FEA264} -> {HKLM...CLSID} = FencesShlExt Class \InProcServer32\(Default) = E:\Fences\Stardock\Fences\FencesMenu64.dll [Stardock] UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099} -> {HKLM...CLSID} = UIContextMenu Class \InProcServer32\(Default) = E:\Ultra Iso\UltraISO\isoshl64.dll [EZB Systems, Inc.] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = E:\Super Anti Spyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ FencesShellExt\(Default) = {1984DD45-52CF-49cd-AB77-18F378FEA264} -> {HKLM...CLSID} = FencesShlExt Class \InProcServer32\(Default) = E:\Fences\Stardock\Fences\FencesMenu64.dll [Stardock] igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ FencesShellExt\(Default) = {1984DD45-52CF-49cd-AB77-18F378FEA264} -> {HKLM...CLSID} = FencesShlExt Class \InProcServer32\(Default) = E:\Fences\Stardock\Fences\FencesMenu64.dll [Stardock] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\NavShExt.dll" [Symantec Corporation] UltraISO\(Default) = {AD392E40-428C-459F-961E-9B147782D099} -> {HKLM...CLSID} = UIContextMenu Class \InProcServer32\(Default) = E:\Ultra Iso\UltraISO\isoshl64.dll [EZB Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = E:\Winrar\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = E:\Winrar\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "E:\Vlc Player\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "E:\Vlc Player\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "E:\Vlc Player\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "E:\Vlc Player\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "E:\Vlc Player\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "E:\Vlc Player\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "E:\Vlc Player\VLC\vlc.exe" %1 [VideoLAN] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Brian\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget" "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCPU.Gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] AutoKMSCustom -> launches: C:\Windows\AutoKMS\AutoKMS.exe [file not found] AutoKMSDaily -> launches: C:\Windows\AutoKMS\AutoKMS.exe [file not found] AutoRearm -> launches: C:\Windows\AutoRearm\AutoRearm.exe [null data] CCleanerSkipUAC -> launches: "E:\Ccleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] HPCustParticipation HP Photosmart 5520 series -> launches: "C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe" /UA 11.0 /DDV 0x0a00 [Hewlett-Packard Co.] Norton WSC Integration -> (HIDDEN!) launches: "C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe" /taskschd [Symantec Corporation] {6965B8A1-55B2-4CF6-A036-1B69EC3CE8D1} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Brian\Desktop\Cute Pdf\converter.exe" -d "C:\Users\Brian\Desktop\Cute Pdf" [MS] {95420A79-DE85-4736-BD24-0275E87C60CA} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Norton Family Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe /analyze [file not found] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Family\Engine\2.9.5.29\SymErr.exe /submit [file not found] C:\Windows\System32\Tasks\Norton Internet Security Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe /analyze [Symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe /submit [Symantec Corporation] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2293175794-3526264504-2682802372-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -> {HKLM...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll [Symantec Corporation] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll [Symantec Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...Wow...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll [Symantec Corporation] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {22CC3EBD-C286-43AA-B8E6-06B115F74162}\ ButtonText = HP Smart Print MenuText = HP Smart Print Exec = C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe [Hewlett-Packard] {A95FE080-8F5D-11D2-A20B-00AA003C157A}\ ButtonText = @E:\Evernote\Resource.dll,-101 MenuText = @E:\Evernote\Resource.dll,-101 Script = E:\Evernote\\EvernoteIERes\AddNote.html [null data] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BootRacerServ, BootRacerServ, "C:\Program Files (x86)\BootRacer\BootRacerServ.exe" [Greatis Software, LLC] HP Support Solutions Framework Service, HPSupportSolutionsFrameworkService, "C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe" [null data] MBAMScheduler, MBAMScheduler, "G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "G:\Malwarebytes Anti-Exploit\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] Norton Internet Security, NIS, "C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\diMaster.dll" /prefetch:1 [Symantec Corporation] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] NVIDIA Update Service Daemon, nvUpdatusService, "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [NVIDIA Corporation] Rapport Management Service, RapportMgmtService, "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [Trusteer Ltd.] Sandboxie Service, SbieSvc, "G:\Sandbox\SbieSvc.exe" [Sandboxie Holdings, LLC] TeamViewer 9, TeamViewer9, "E:\Teamviewer\TeamViewer_Service.exe" [TeamViewer GmbH] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> !SASCORE, <> CleanHlp, Driver <> CleanHlp.sys, Driver <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> !SASCORE, <> CleanHlp, Driver <> CleanHlp.sys, Driver <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MP210 series\Driver = CNMLM8S.DLL [CANON INC.] CutePDF Writer Monitor\Driver = cpwmon64.dll [null data] HP B111 Status Monitor\Driver = hpinkstsB111LM.dll [Hewlett-Packard Co.] HP Discovery Port Monitor (HP Photosmart 5520 series)\Driver = HPDiscoPMB111.dll [Hewlett-Packard Co.] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Brian\AppData\Local\Mozilla\Firefox\Profiles\6b9t2bgx.default-1395843081005\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=494 folders=109 79947878 bytes) ==== Empty Temp Folders ====================== C:\Users\Brian\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Brian\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 09-04-2014 at 20:38:46,01 ======================