Zoek.exe v5.0.0.0 Updated 22-05-2014 Tool run by julian on do 29-05-2014 at 1:18:52,07. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\julian\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 29-5-2014 1:19:42 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Gabest deleted successfully C:\PROGRA~2\Hi-Rez Studios deleted successfully C:\PROGRA~2\MediaBuzzV1 deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\RichMediaViewV1 deleted successfully C:\Program Files\Symantec deleted successfully C:\PROGRA~3\DAEMON Tools Lite deleted successfully C:\PROGRA~3\Hi-Rez Studios deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Realtek0 deleted successfully C:\Users\julian\AppData\Roaming\Awesomium deleted successfully C:\Users\julian\AppData\Roaming\Curse Advertising deleted successfully C:\Users\julian\AppData\Roaming\SampleView deleted successfully C:\Users\julian\AppData\Roaming\TP deleted successfully C:\Users\julian\AppData\Local\Unity deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\SearchScopes\{54AE5A80-FA26-48D2-87F1-6BAE25DA701C} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411901140} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{22C9E7CD-6489-4837-9E71-009D8DA42DB3} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{76C29512-D3E3-4DFC-8955-CE0BCB9F81B2} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411591160} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{8ff323af-75ad-4e96-95c2-6db1f023d58a} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{f93ae007-a107-4dc1-96f9-c1dc8307acaf} deleted successfully HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4de5ef3a-c3e3-493b-b892-5107cfdc9644} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{F04D2D30-776C-4d02-8627-8E4385ECA58D} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\RichMediaViewV1 not found C:\Users\julian\.android deleted C:\PROGRA~2\TorrentSearch deleted C:\Users\julian\Music\Qtrax Media Library deleted C:\PROGRA~3\SetApp deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\julian\AppData\Local\CRE deleted C:\Users\julian\AppData\Local\cache deleted C:\Users\julian\AppData\LocalLow\store-pp.jbs deleted C:\Users\julian\AppData\LocalLow\Cool Mirage Ltd deleted C:\Users\julian\AppData\LocalLow\boost_interprocess deleted C:\Users\julian\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\SysWow64\AI_RecycleBin deleted "C:\PROGRA~3\eab9cee92c7d5f4\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted "C:\PROGRA~3\eab9cee92c7d5f4\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted "C:\PROGRA~3\eab9cee92c7d5f4\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted "C:\PROGRA~3\eab9cee92c7d5f4\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted "C:\PROGRA~3\eab9cee92c7d5f4\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted "C:\PROGRA~3\eab9cee92c7d5f4\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted "C:\PROGRA~3\eab9cee92c7d5f4" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\julian\AppData\Local\Temp ==== 2014-05-22 09:45:42 868AFEFC3FE5CDEBD9F754137CD00379 126976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_libraryDesktop\x64\vc_LibraryDesktopX64.msi 2014-05-22 09:45:42 788A60E642DE5B0DD302C07208810C42 126976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_libraryDesktop\arm\vc_libraryDesktopARM.msi 2014-05-22 09:45:42 6D93E7D0C69588F081E32E249C9246B3 126976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_libraryDesktop\x86\vc_LibraryDesktopX86.msi 2014-05-22 09:45:42 1E80CF6CE93D3A9B62BF0A8274225897 40960 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vsgraphics_helper\amd64\vsgraphics_helperbits.msi 2014-05-22 09:45:41 E0CAEFA5C244DE0C642EF77FE2A0A561 3022848 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\professionalcore\Setup\vs_professionalcore.msi 2014-05-22 09:45:41 8C55DC079572791E2974BE3C5C19E254 6552288 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRedistD11\1033\vcredist_x86.exe 2014-05-22 09:45:41 14C4D00DC9DD39FF5B4C34BD02B9BEDB 7185000 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRedistD11\1033\vcredist_x64.exe 2014-05-22 09:45:40 E1B5480CD94077DD2E00D7AF74EEF75F 307200 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TFSStoryboardingLP\x86\TFSStoryboardingLP-x86_ENU.msi 2014-05-22 09:45:40 DEE93A826F98EE38D665F9282FCFA4D4 307200 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TFSObjectModelLP\x64\TFSObjectModelLP-x64_ENU.msi 2014-05-22 09:45:40 BE49415BDAA111C92279960A520D32DA 577536 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\netfx_451mtpack\enu\netfx_451mtpacklp.msi 2014-05-22 09:45:40 B64D14F20BE3264596ED55993FBD209F 143360 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VCDesigntime\x64\vc_designtime_x64.msi 2014-05-22 09:45:40 8FB7449FEE80E71CEFC5465CD57239E8 577536 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TFSObjectModel\x86\TFSObjectModel-x86.msi 2014-05-22 09:45:40 577E1D317F3EC48424996420433F2166 290816 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\netfx_451mtpackcore\enu\netfx_451mtpackcorelp.msi 2014-05-22 09:45:40 4B998198BDE31FFDF47FAFFEFB37BD29 307200 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TFSStoryboardingLP\x64\TFSStoryboardingLP-x64_ENU.msi 2014-05-22 09:45:40 49DA3944EB2A71A5F934A59D4615F9E3 307200 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TFSObjectModelLP\x86\TFSObjectModelLP-x86_ENU.msi 2014-05-22 09:45:39 C45174E3FD4AC6DFE3D5B489808A27CB 675840 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PortableLibrary\enu\PortableLibrary_DTPLP.msi 2014-05-22 09:45:39 9FA212CEFB6149083F6A921B96933B2E 622592 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TFSObjectModel\x64\TFSObjectModel-x64.msi 2014-05-22 09:45:39 9DE09A65C802DD86A1067B10AA173A2D 776192 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Silverlight\5.0_SDK\silverlight_sdk.msi 2014-05-22 09:45:39 8929ED5A6F936A06F5E125FF8DE5CEBA 118784 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PerfTools_CORE\amd64\PerfTools_CORE_amd64.msi 2014-05-22 09:45:39 88034BD2369F7179AC6368D27B037FA3 237568 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\XdeHost\MobileTools_XDEHost.msi 2014-05-22 09:45:39 86B42625F1CD62E163265E26A8B66476 319488 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\xdeconfigurator\XDEConfig.msi 2014-05-22 09:45:39 6B232B105D60664E17D24908BA819632 159744 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PerfTools_CORE\x86\PerfTools_CORE_x86.msi 2014-05-22 09:45:39 6452463644423C63899D3C1DD0E8BDC7 323584 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\wpsdkcore\wpsdk_en.msi 2014-05-22 09:45:39 10695EB26EF596E58BB34A7ACC680193 9337544 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Silverlight\5.0_DRT\Silverlight_Developer.exe 2014-05-22 09:45:33 E8946242631149B8003DC1EB04EC9740 65536 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\ProfilerMsis\MobileTools_ProfilerX86.msi 2014-05-22 09:45:33 C18815D51C8CDB86FBBA5942743DF197 737280 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\64bitPrereq\x64\VS_Prerequisites_x64_neutral.msi 2014-05-22 09:45:33 BBA64AF4896D539B000BAD8EC4CD9F21 684032 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_libraryselectablemfc\vc_libraryselectablemfc.msi 2014-05-22 09:45:33 AF862992B715D4C071951AFE862C2054 167936 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vs_devenv\vs_devenv.msi 2014-05-22 09:45:33 8ACCCBB4ECCC80911F3A05204CA74D73 483328 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\Finalizer\WPToolsFinalizer.msi 2014-05-22 09:45:33 7FDB3A721C7DA02B51FBC64F188AC039 233472 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\WPImages\MobileTools_WPImages_enu.msi 2014-05-22 09:45:33 4E125AAFC29DE3BA4281659D10260B98 1716224 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\AdSdk\WPAdSDK-enu.msi 2014-05-22 09:45:33 460B9F027DD61E33290F1F72F45FE64F 102400 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\ProfilerMsis\MobileTools_ProfilerARM.msi 2014-05-22 09:45:33 2CA86A16FD81689EF2EBF4EF2478F1B5 274432 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\AddIncoreres\MobileTools_AddInCoreres_enu.msi 2014-05-22 09:45:33 1E33F4CCF74A5B978691D3E9CCA89894 471040 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vs_minshellcore\vs_minshellcore.msi 2014-05-22 09:45:33 1D71BEA627164D2EFAE81BFAC5CBB3F0 212992 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vs_devenvLP\vs_devenvLP.msi 2014-05-22 09:45:33 1316CE71ABDD5941CD90BF7A1195BA31 143360 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\64bitPrereq\x64\VS_Prerequisites_x64_LP_enu.msi 2014-05-22 09:45:33 0F6E26DADDA4369823EF48328A422F7B 626688 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vs_minshellinterop\vs_minshellinterop.msi 2014-05-22 09:45:33 0B0C4FC7C7F18622E68DFFA852493AC9 184320 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\MobileTools\AddInCore\MobileTools_AddIncore.msi 2014-05-22 09:45:33 01BFCB1AE0CEB2610C41B4509E6485B8 135168 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vs_minshellres\vs_minshellres.msi 2014-05-22 09:45:32 FB078AE6517DDFBDB53362BE9ED142F2 122880 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\lightswitchcore\vs_lightswitchcore.msi 2014-05-22 09:45:32 FA29A9DB17F3D415E7ADF6456A642264 73728 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilercoreres_wp80\vc_CompilerCoreResWP80.msi 2014-05-22 09:45:32 F6B0A1CE78AE619D4B5C1AEA6D8E08E0 831488 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Windows_SDK\Windows Software Development Kit-x86_en-us.msi 2014-05-22 09:45:32 F1B9FA09DE61D72862EBE24DB7BE143F 69632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeDebug_amd64\vc_runtimeDebug_x64.msi 2014-05-22 09:45:32 F149DCF875887DAE39D10E64D353F6E4 73728 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerCoreResD11\vc_compilercoreres.msi 2014-05-22 09:45:32 ED3E535EA8078B2591302178189F7EF8 254976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\MicrosoftIdentityExtensions-64.msi 2014-05-22 09:45:32 E3E632C282F2B368BCA82AACB80ACEAF 143360 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi 2014-05-22 09:45:32 E341362489BC42FDC92BDEC822F9BD74 30928896 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sqllocaldb_x86\sqllocaldb.msi 2014-05-22 09:45:32 E1CA4C8C04DAD595134B26898F6C7039 258048 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerCore86D11\vc_compilercore86.msi 2014-05-22 09:45:32 DF56C57DED82DFC45107534E97667CA4 69632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeDebugD11_x86\vc_runtimeDebug_x86.msi 2014-05-22 09:45:32 DD4AF593C5FE6B204F21232396BE9479 1314816 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\professionallp\vs_professionalcoreres.msi 2014-05-22 09:45:32 DBBC19580EF1EA368545FEFEB0C0F9F7 552960 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\premiumlp\vs_premiumcoreres.msi 2014-05-22 09:45:32 D18FE0E34CE5F325089CA2BD5287FDAB 1085440 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WinLibJS_CORE\WinLibJS_CORE.msi 2014-05-22 09:45:32 D0A78FCAC0B92A149FE51C76371C989A 143360 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi 2014-05-22 09:45:32 CF4C1F0A2FB7526240C0FD25C2E97766 94208 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_libraryCoreD11\vc_librarycore.msi 2014-05-22 09:45:32 CC794C709356E391E6B1F7F0691B59A2 245760 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\fsharp\FSharpSDK.msi 2014-05-22 09:45:32 CACCB8DD6B8BEAB393B8126D8E91D4DD 1896448 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\SharePointClientComponents_x86.msi 2014-05-22 09:45:32 C916B2CC2E041E3BA822C490C66B5BF3 5083136 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sqlncli_amd64\sqlncli.msi 2014-05-22 09:45:32 C8A35631F9E5A011188B1BBF050E86D4 241664 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\lightswitchv4toolsres\vs_lightswitchv4toolsres.msi 2014-05-22 09:45:32 B9FA77B5CCE42FBD90ADB4C23ECFAF72 159744 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerCore86res\vc_compilerCore86res.msi 2014-05-22 09:45:32 B3978FD213BDF892B618815159F39654 421888 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\lightswitchv4publish\WindowsAzureTools.LightSwitch.vs120.msi 2014-05-22 09:45:32 B348681D021CB456F2E0BB3B91587A81 483328 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\XPSupport\Win_XPSupport.msi 2014-05-22 09:45:32 B31DFB900A54A065E98518560E88E4EF 151552 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\XPSupport\Win_XPSupport64.msi 2014-05-22 09:45:32 ADE44C5B59304A75264F7E4A3977F64D 249856 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sdk_tools35\sdk_tools35.msi 2014-05-22 09:45:32 A9A3306D05210CE35305AB56EF9F5046 557056 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\ultimatelp\vs_ultimatecoreres.msi 2014-05-22 09:45:32 A641CEE622AE4C525A4C36D1EDCDDE2F 36458496 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sqllocaldb_amd64\sqllocaldb.msi 2014-05-22 09:45:32 9A043FF5A7C96531EA9372195BC86217 39080 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\enablewif.exe 2014-05-22 09:45:32 99239B90E5F6B8B91C0B8ED447C5E01E 491520 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsVSIXInstaller\sptools_VSIXInstaller.msi 2014-05-22 09:45:32 97B571E20B65B4486F63FAB93F455751 496640 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\WorkflowManagerClient_x64.msi 2014-05-22 09:45:32 92C5FEDF4CAA281B4F0A5F21099A828C 53248 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\cpp_mobile\vc_cppmobile.msi 2014-05-22 09:45:32 905641A937F2941FC61E0C42DFD15559 417792 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sdk_tools451\sdk_tools451.msi 2014-05-22 09:45:32 8B19160A4FE4801E017BA69CB1CDFF4A 299008 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_librarycore86\vc_librarycore86.msi 2014-05-22 09:45:32 87C07A4EB20AFB50BCBCEB00F103553F 81920 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_librarycore\vc_librarycore.msi 2014-05-22 09:45:32 84CCEEFBFACE2589A70360E8F6406279 532480 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Windows_SDK\Windows Software Development Kit for Metro style Apps-x86_en-us.msi 2014-05-22 09:45:32 84C7ED43779706AEABB796DAC345A25C 290816 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\netfx_451mtpackcore\netfx_451mtpackcore.msi 2014-05-22 09:45:32 80CDCBF40C7E86139EDB96B55941443F 303104 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_libraryCore86D11\vc_librarycore86.msi 2014-05-22 09:45:32 7D5A6C87AE536D2A880D97E602E0AE35 254976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\MicrosoftIdentityExtensions-32.msi 2014-05-22 09:45:32 7ACA21FF216537AC47C63CB4F2580938 151552 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilercoreres\vc_compilercoreres.msi 2014-05-22 09:45:32 7937A1F4C6DCAF88A9FE6BA90926AF7A 69632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeDebugD11_amd64\vc_runtimeDebug_x64.msi 2014-05-22 09:45:32 763470ABF40B5F59643DECE5AE6E7B2C 131072 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerx64natres\vc_compilerx64natres.msi 2014-05-22 09:45:32 718E2384F967867F40F5B3A6907F3EBA 253952 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\lightswitchv4tools\vs_lightswitchv4tools.msi 2014-05-22 09:45:32 6DC9B26E10641A0D15DCC60A26B38906 143360 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi 2014-05-22 09:45:32 6AA1953642FBD0F13D5851410E51D014 2437120 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sqlcmdlnutils_amd64\SqlCmdLnUtils.msi 2014-05-22 09:45:32 6A3910A9490E7C6EB00CC7005CF53EC2 2150400 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sqlcmdlnutils_x86\SqlCmdLnUtils.msi 2014-05-22 09:45:32 68157FADD321F509E5D2D394488F1E58 126976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerx64arm\vc_compilerx64arm.msi 2014-05-22 09:45:32 6740E7F38CB2CD193C91B49E6A786C5D 327680 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerCore86\vc_compilerCore86.msi 2014-05-22 09:45:32 66A2EC850B7A3FD777EED1D1CB20690A 118784 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\lightswitchcoreres\vs_lightswitchcoreres.msi 2014-05-22 09:45:32 660EB3570B5BEFDC25BE58005525BCE8 499712 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Windows_SDK\MsiVal2-x86_en-us.msi 2014-05-22 09:45:32 65F921ABE1614757B98D6EF1C47079B6 81920 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerCore86ResD11\vc_compilercore86res.msi 2014-05-22 09:45:32 64B253149BF17D419B6E214E7BC58042 499712 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Windows_SDK\Orca-x86_en-us.msi 2014-05-22 09:45:32 5DA0E0F8F831CFECCFB2A6B7520D3EE2 2725376 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\WorkflowManagerTools_x64.msi 2014-05-22 09:45:32 5CCDE5708C2EB87B8C529D3829E73E07 135168 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerx64nat\vc_compilerx64nat.msi 2014-05-22 09:45:32 5ADF5C05557BF2ACC9C5569124DCA644 122880 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerx64x86res\vc_compilerx64x86res.msi 2014-05-22 09:45:32 5A059C0DDA757B48DA9205CDFED7F7A3 69632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeDebug_x86\vc_runtimeDebug_x86.msi 2014-05-22 09:45:32 59662F6C079308A82624EED6320D9C67 98304 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_libraryextended\vc_libraryextended.msi 2014-05-22 09:45:32 58455D299325FCCD5345B8DEBE89C328 593920 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\netfx_451mtpack\netfx_451mtpack.msi 2014-05-22 09:45:32 540883C1FBBEA76E51FD6ABB0D004038 409600 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\lightswitchv4sdk\lightswitchv4sdk.msi 2014-05-22 09:45:32 52442E77BBAFD47E69263A22095FC589 294912 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Windows_SDK\Windows Software Development Kit DirectX x64 Remote-x64_en-us.msi 2014-05-22 09:45:32 4F270D8621C55F0CEEC0AD641AD75B49 53248 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\cpp_rest\vc_cpprest.msi 2014-05-22 09:45:32 45AE90EC21BF6DF75658D1A764141704 503808 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_librarycore_wp80\vc_LibraryCoreWP80.msi 2014-05-22 09:45:32 42A99837282608E37C8852312208E040 155648 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilercore\vc_compilercore.msi 2014-05-22 09:45:32 3FC277F71B2D95A9FD8A9CB237A51B13 2600960 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\OpenXMLSDKV25.msi 2014-05-22 09:45:32 3C0FCDCE63149F708CDC1A52CC60332D 278528 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\fsharp\FSharpVS.msi 2014-05-22 09:45:32 3929AD2FC849FAA5AFE34C4F9058A612 122880 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerx64armres\vc_compilerx64armres.msi 2014-05-22 09:45:32 35428F328D7EDE42FBEAB590EB6FB668 126976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerx64x86\vc_compilerx64x86.msi 2014-05-22 09:45:32 2B1A8CF0E61E1B1A2B76F60B07A9C18E 548864 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptools\sptools_x86.msi 2014-05-22 09:45:32 2ADE2CDED00ED0CF1A62BDD600FD51B7 81920 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilercore_wp80\vc_CompilerCoreWP80.msi 2014-05-22 09:45:32 256F6AB3BD919C3683C75B140F3977AB 421888 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sdk_tools4\sdk_tools4.msi 2014-05-22 09:45:32 1A091130DB3073AA8548847A5CC6F0DE 2724352 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\WorkflowManagerTools_x86.msi 2014-05-22 09:45:32 18BCD51D4CC5A37E2AC53E0E2890F760 1028096 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\EwsManagedApi32.msi 2014-05-22 09:45:32 12B0D5FC4480D4C9DC596501F32173EA 81920 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vc_compilerCoreD11\vc_compilercore.msi 2014-05-22 09:45:32 1073E477A42F29A8BC7A6B39750D96DE 496640 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\WorkflowManagerClient_x86.msi 2014-05-22 09:45:32 09E6E2DB3B26396AE71952AFB3A39D5B 2285568 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\SharePointClientComponents_x64.msi 2014-05-22 09:45:32 05595D3B63B1C4D5201DA29CA40C53C3 294912 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Windows_SDK\Windows Software Development Kit DirectX x86 Remote-x86_en-us.msi 2014-05-22 09:45:32 03FF53F29935C047D7630297E17B96E1 143360 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi 2014-05-22 09:45:32 0396E2EED6FC6F3BF9FD2F24B37505C0 3133440 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sqlncli_x86\sqlncli.msi 2014-05-22 09:45:31 FF8B645421F67E7963BDCA643FE4B20F 2638632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SSCE40\SSCERuntime_x64-enu.exe 2014-05-22 09:45:31 FC298821C9BF7F1C6F4039695744A237 7019520 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SSDT\SSDT.msi 2014-05-22 09:45:31 FA774FD9783193F0362CDB90AB216E1B 176640 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\NetFxDTP\NetFx_DTP.msi 2014-05-22 09:45:31 F91F0B7FFA929E79CCB0D05836E2EB0F 135168 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PerformanceCollectionTools\PerformanceCollectionTools_x86_enu_LanguagePack.msi 2014-05-22 09:45:31 F8178BBB966F25A31C43BE2BA5178CF3 1540096 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BlendSDKForWindowsPhone80\BlendPhoneSDK.msi 2014-05-22 09:45:31 F7BF6D37163E81B5CB8D7A78E2760DFA 2195456 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SQLSysClrTypes_x86\SQLSysClrTypes.msi 2014-05-22 09:45:31 F7160DC876BF377D78B774688CA8A0A8 11541952 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\Standalone Profiler\Profiler_Setup_x86.exe 2014-05-22 09:45:31 ECBB638F15FAC2DA5316E3D2E6BD8FB5 1957888 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\AdsSDK10\MSAdvertisingServiceExtension.msi 2014-05-22 09:45:31 EBBC8AB2463A82B4E30A7FB482DBB1E0 30859264 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\webtoolsextensionsvs2013.msi 2014-05-22 09:45:31 EACD61A8D448F0AF6C6D4A490FDEBC45 1093632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\CT\AzureMobileServicesSdk.msi 2014-05-22 09:45:31 E71EC483986AC687300BF7AE5001CBB2 2397488 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SSCE40\SSCERuntime_x86-ENU.exe 2014-05-22 09:45:31 E63478B7E6E4AAEAF62C96B212903A57 3469312 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SQLSysClrTypes10_x86\SQLSysClrTypes.msi 2014-05-22 09:45:31 E3418E98C6C52307A20A020FF268712A 120000 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VS_Clean\VS_PostClean_vs.exe 2014-05-22 09:45:31 E22FAEFE1DA9BFEB4D56EE6403937C7C 6131712 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WebDeploy\WebDeploy_x64.msi 2014-05-22 09:45:31 E13C76580324383BF12C284E6E411A00 17459576 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\Standalone Profiler\Profiler_Setup_x64.exe 2014-05-22 09:45:31 E0960B3BA88E51158BEB822E218899B3 299008 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\EspCD11\LocalESPC-x86_en-us.msi 2014-05-22 09:45:31 DF63414CA0EC63208EFF74B8A6274B48 765952 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BehaviorsXamlSDK\BehaviorsXamlSDK.msi 2014-05-22 09:45:31 DD789128124D186AC2012B79D8A9B34D 454656 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows App Certification Kit x64-x86_en-us.msi 2014-05-22 09:45:31 DC73F812C95290F6A40D2AED264D9CA9 385024 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PerformanceCollectionTools\PerformanceCollectionTools_x86.msi 2014-05-22 09:45:31 DBCC29EA35D2184ACC087FA390A656E8 385024 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows App Certification Kit Native Components-x86_en-us.msi 2014-05-22 09:45:31 DB86D5E48BC1228903A0563AE482F415 2523136 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SQLSysClrTypes_amd64\SQLSysClrTypes.msi 2014-05-22 09:45:31 DA32E0AEA85A57236F2D55A93B839D94 172032 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\CT\CommonAzureTools.msi 2014-05-22 09:45:31 D9927377A36B3B44ABE57F6076B59FE2 176128 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\professional_finalizer.msi 2014-05-22 09:45:31 D593C99605756E0AAC06E3C5A1858E82 229376 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Dotfuscator\DotfuscatorCE.msi 2014-05-22 09:45:31 D3F2F2AFE5A991EAC7E71DFBB7C66741 14624 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\enableaspnet.exe 2014-05-22 09:45:31 D262360C8B939C070BDC85B04727C899 294912 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows Runtime Intellisense Content - en-us-x86_en-us.msi 2014-05-22 09:45:31 D1E37D1DCD812C68B72AF768DC699474 8536064 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BlendWPF45SDK\BlendWPFSDK.msi 2014-05-22 09:45:31 C75207B953926225E4D610FABE586AED 442368 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PreEmptive\PreEmptive.Analytics.VisualStudio.msi 2014-05-22 09:45:31 C71CFB32219205D2CF00799C924A9913 983040 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\EFTools\EFTools.msi 2014-05-22 09:45:31 C5C3A88621DC0783AD7FE90F4A59F14B 253952 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BuildTools_MSBuildResMsi_amd64\BuildTools_MSBuildResMsi.msi 2014-05-22 09:45:31 C590CE2E49C942087EE00EDB0C5DA555 1912832 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Blend_Core\Blend_Core.msi 2014-05-22 09:45:31 C4C913AF1A79CB258A392A5EC6319B1C 299008 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\EspC\LocalESPC Dev12-x86_en-us.msi 2014-05-22 09:45:31 C429345C9FCEB19EE416D5F7096524D2 299008 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows Software Development Kit for Windows Store Apps DirectX x64 Remote-x64_en-us.msi 2014-05-22 09:45:31 BDA900235AA2CDAE4D5EC594FEBAEAFF 589824 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VSTODT_x86\vstodt40_x86.msi 2014-05-22 09:45:31 BC5F703DC3B9A1925529B74C562BECA1 299008 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\EspC\LocalESPCui for en-us Dev12-x86_en-us.msi 2014-05-22 09:45:31 BA99B0AA471AEDA51493F919B4E38769 569344 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SpToolsLP\SpTools_x86_enu.msi 2014-05-22 09:45:31 B6DAEF56927BB06FFC7F3573CAD58C68 4860416 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BlendWPF4SDK\BlendWPFSDK_en.msi 2014-05-22 09:45:31 B4A52EDC1375649E4CEB3E7FB76A5445 143360 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Verification\VerificationTools_Full.msi 2014-05-22 09:45:31 B3A18D3829579E51A632B88D33A1559C 18046976 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Reporting Services\RVAddon.msi 2014-05-22 09:45:31 B19EA47021D28E9165447E7CC6462BF7 57344 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PythonTools\PythonToolsTemplate_enu.msi 2014-05-22 09:45:31 A5F0BED1404E446419F02EDB5D6A41AD 2539520 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SqlDom_amd64\SqlDom.msi 2014-05-22 09:45:31 A540EC8F84327081699236AC4EA278C9 335872 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TeamExplorerCore\TeamExplorerCore.msi 2014-05-22 09:45:31 9B6920312012A37F326C2A40C73008DD 3589632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SQLSysClrTypes10_amd64\SQLSysClrTypes.msi 2014-05-22 09:45:31 98E737D578DE67894194A0AB7D230A6D 245760 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Bliss_Core\Bliss_Core_net.msi 2014-05-22 09:45:31 94A8675DC93D33877CD9943ECC07B26F 1125320 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\vs_professional.exe 2014-05-22 09:45:31 88B1EFCF59B562E97B581D3A66971353 561152 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\aspnetmvc4.msi 2014-05-22 09:45:31 8773A0BD587AEFCA7923F930ACBE9811 430080 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BuildTools_MSBuild_amd64\BuildTools_MSBuild.msi 2014-05-22 09:45:31 86F52B00595E26D61A45A2143A16EA88 108712 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Preparation.exe 2014-05-22 09:45:31 80900F4ECD64CF6283AE71122926FDCD 135168 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\CT\AzureServices.msi 2014-05-22 09:45:31 7AA770BBB546FCE11F2C82C05740C14D 1609728 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\AdsSDK10\Win8_1AdSDK.msi 2014-05-22 09:45:31 742B0A4A59CA726233CF29A27A17BC36 2990080 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SSDT\SSDTDBSvcExternals.msi 2014-05-22 09:45:31 6E1C9B0CBE87C047AABA25D3BE5A3A00 2916352 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TSqlLanguageService\TSqlLanguageService.msi 2014-05-22 09:45:31 6D34BA98648E26C694BE13DA75701A1D 307200 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Help\help3_vs_net.msi 2014-05-22 09:45:31 68B0201F8A7CDA4F5B7D360554FE71B9 1442304 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SSDT\SSDTBuildUtilities.msi 2014-05-22 09:45:31 64C8F5B3A6C05E5CCB9664631189C5CE 450560 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\aspnetwebpages2vs2013tools_enu.msi 2014-05-22 09:45:31 64C06F29AD0BC80E713C4DFFB2D04FCA 221184 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WcfDataServices\WcfDataServices.msi 2014-05-22 09:45:31 640B5F482F4356E191D3CBB4662838EF 733184 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\aspnetmvc4vs2013tools_enu.msi 2014-05-22 09:45:31 6342E591C5173B569E883E72D0E492D7 2334720 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SqlDom_x86\SqlDom.msi 2014-05-22 09:45:31 62761BD416EF7757F53787892B54ADD7 299008 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\EspCD11\LocalESPCui for en-us-x86_en-us.msi 2014-05-22 09:45:31 61BA3A155D495A2702E94C67ADC20EE5 151552 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win8DevTools\Win8_DevTools.msi 2014-05-22 09:45:31 5EC2F07843E5A56882C9C23D7A44BB59 253952 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BuildTools_MSBuildResMsi_x86\BuildTools_MSBuildResMsi.msi 2014-05-22 09:45:31 5DA49A7B05E2500013336439EDB68E37 454656 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows App Certification Kit x86-x86_en-us.msi 2014-05-22 09:45:31 5B0F6EA39BCD86F9E49BC50D06E3F878 405504 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BuildTools_MSBuild_x86\BuildTools_MSBuild.msi 2014-05-22 09:45:31 577CE893B2CFC4CA5FA946E95AEE0135 851968 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows Software Development Kit-x86_en-us.msi 2014-05-22 09:45:31 51BD5CA2C9096EB3A5D475AEDE46D50A 294912 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows Software Development Kit DirectX x86 Remote-x86_en-us.msi 2014-05-22 09:45:31 4888C624BF70D5DD81611CC0AE97448A 598016 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VSTODT_x64\vstodt40_x64.msi 2014-05-22 09:45:31 4838FE3C39C56F5065D4413A869DF71E 8388608 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\BlendSL5SDK\BlendSLSDK.msi 2014-05-22 09:45:31 45A8F7023329DE998389CB5CC279184E 835584 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\aspnetwebpages2.msi 2014-05-22 09:45:31 43607C947240A6F79B0D6107A6EFCAFE 147456 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WcfDataServices\WcfDataServicesDev12Tools.msi 2014-05-22 09:45:31 3F0AE0423DE6427890A24132F587CC17 544768 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows Software Development Kit for Windows Store Apps-x86_en-us.msi 2014-05-22 09:45:31 3BE2B8AFB0D77029D213A4FEDCF7B116 294912 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows Software Development Kit DirectX x64 Remote-x64_en-us.msi 2014-05-22 09:45:31 3559E32A7CF3E5689709E2D5E282BA85 397312 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PerformanceCollectionTools\PerformanceCollectionTools_amd64.msi 2014-05-22 09:45:31 313782490BF848C3D14A14B141A05D41 7729152 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SharedManagementObjects_amd64\SharedManagementObjects.msi 2014-05-22 09:45:31 2FE08F13267F167220E32D5D37B08E8A 696320 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\PortableLibrary\PortableLibrary_DTP.msi 2014-05-22 09:45:31 292E59671CC44F93E6E7ADFE46BB943C 4603904 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\IISExpress\iisexpress_x86_en-US.msi 2014-05-22 09:45:31 24C63227595841AF9C6D307B2B591FE7 8607232 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\RIA\RiaServices.msi 2014-05-22 09:45:31 2473BB5146E3317A616011C636549DB6 6635520 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\IISExpress\iisexpress_x64_en-US.msi 2014-05-22 09:45:31 1E6B9C8DCF4B264225C2E194B45C94EC 339968 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Blend_LP\Blend_LP.msi 2014-05-22 09:45:31 169CC15A9295DC5668453E9A01F15A49 155648 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\UnitTest\VS2012UnitTestsdk.msi 2014-05-22 09:45:31 165CDC90D6C0114D3B25C2A5755E9CE2 6623232 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SharedManagementObjects_x86\SharedManagementObjects.msi 2014-05-22 09:45:31 1560CF35AB787E0FB75807FB7F210E82 385024 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows App Certification Kit Native Components-x64_en-us.msi 2014-05-22 09:45:31 14C9C7082F979FF7146A4175C81B8A44 2407000 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VSTO\vstor40_x86.exe 2014-05-22 09:45:31 1350C89AEB10007580DCB95DA50A4F11 151552 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Bliss_LP\Bliss_LP_net.msi 2014-05-22 09:45:31 1248D4BDD13C3C865464D6BBEACF6476 225280 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VSTODTLP_x86\vstodtlp_x86_enu.msi 2014-05-22 09:45:31 116542377FF3BBFE2AEEA487D9C14FE4 122880 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\CT\AzureTools.Notifications.msi 2014-05-22 09:45:31 0F1CC807E7ACF1941EC444749FF30A6C 49152 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\NuGetVS2013.msi 2014-05-22 09:45:31 0B877BCAED82B63AB223F875214266A0 119992 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VS_Clean\VS_PreClean_vs.exe 2014-05-22 09:45:31 0B6D11A7005E32E95044B7E9612A5538 245760 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\TeamExplorerLP\vs_teamExplorerCoreRes.msi 2014-05-22 09:45:31 090855CD4FCD6652C738996923314A11 299008 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Win81_SDK\Windows Software Development Kit for Windows Store Apps DirectX x86 Remote-x86_en-us.msi 2014-05-22 09:45:31 082665D23B642C1CBCB1EA3E55EEC97B 274432 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\NetFxDTP\NetFx45_DTP.msi 2014-05-22 09:45:31 055DF38A2A62CBFC301380FD131C8C50 2694240 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VSTO\vstor40_x64.exe 2014-05-22 09:45:31 00EFA4B9E1A80C42A91C308B19E4B937 6045696 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WebDeploy\WebDeploy_x86.msi ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-05-28 17:07:00 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-05-28 16:51:25 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-05-28 16:50:41 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-05-28 16:50:41 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-05-28 16:50:41 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-05-14 20:21:17 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2014-05-14 20:21:17 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-28 17:10:53 -------- d-----w- C:\Program Files\trend micro 2014-05-22 09:52:04 -------- d-----w- C:\Program Files\SharePoint Client Components 2014-05-22 09:52:03 -------- d-----w- C:\Program Files\Microsoft Identity Extensions 2014-05-22 09:51:52 -------- d-----w- C:\Program Files\Windows Identity Foundation 2014-05-22 09:51:28 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2014-05-22 09:51:07 -------- d-----w- C:\Program Files\Application Verifier 2014-05-22 09:49:59 -------- d-----w- C:\Program Files\IIS Express 2014-05-22 09:49:51 -------- d-----w- C:\Program Files\IIS 2014-05-22 09:48:17 -------- d-----w- C:\Program Files\Microsoft SQL Server 2014-05-22 09:47:30 -------- d-----w- C:\Program Files\Microsoft Visual Studio 12.0 ======= C:\PROGRA~2 ===== 2014-05-22 09:52:07 -------- d-----w- C:\PROGRA~2\Workflow Manager Tools 2014-05-22 09:52:04 -------- d-----w- C:\PROGRA~2\Open XML SDK 2014-05-22 09:52:03 -------- d-----w- C:\PROGRA~2\Microsoft 2014-05-22 09:51:52 -------- d-----w- C:\PROGRA~2\Windows Identity Foundation 2014-05-22 09:51:07 -------- d-----w- C:\PROGRA~2\Application Verifier 2014-05-22 09:50:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Microsoft 2014-05-22 09:50:30 -------- d-----w- C:\PROGRA~2\Microsoft Visual Studio 12.0 2014-05-22 09:50:18 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET 2014-05-22 09:50:09 -------- d-----w- C:\PROGRA~2\Microsoft Web Tools 2014-05-22 09:49:59 -------- d-----w- C:\PROGRA~2\IIS Express 2014-05-22 09:49:53 -------- d-----w- C:\PROGRA~2\NuGet 2014-05-22 09:49:52 -------- d-----w- C:\PROGRA~2\Microsoft WCF Data Services 2014-05-22 09:49:51 -------- d-----w- C:\PROGRA~2\IIS 2014-05-22 09:49:23 -------- d-----w- C:\PROGRA~2\Windows Kits 2014-05-22 09:48:37 -------- d-----w- C:\PROGRA~2\HTML Help Workshop 2014-05-22 09:48:35 -------- d-----w- C:\PROGRA~2\Microsoft Help Viewer 2014-05-22 09:48:17 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server 2014-05-22 09:47:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Merge Modules 2014-05-22 09:47:30 -------- d-----w- C:\PROGRA~2\Microsoft SDKs 2014-05-14 21:07:40 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2014-05-12 18:05:27 -------- d-----w- C:\PROGRA~2\SDGi Europe ======= C: ===== ====== C:\Users\julian\AppData\Roaming ====== 2014-05-22 09:56:28 -------- d-----w- C:\Users\julian\AppData\Roaming\NuGet 2014-05-20 15:25:28 -------- d-----w- C:\Users\julian\AppData\Local\Razer_Inc 2014-05-12 18:05:37 -------- d-----w- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe ====== C:\Users\julian ====== 2014-05-28 17:10:13 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\julian\Downloads\RSITx64.exe 2014-05-28 17:06:16 9EC73884D7D7BFEC9EED7EAF3122A0BE 1327971 ----a-w- C:\Users\julian\Downloads\adwcleaner_3.211.exe 2014-05-28 16:50:12 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\julian\Downloads\mbam-setup-2.0.0.1000.exe 2014-05-25 19:24:42 1A277C2B5AE6706A6A5AC117F984B0A6 55273402 ----a-w- C:\Users\julian\Downloads\F1FA14.exe 2014-05-22 09:52:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK 2014-05-22 09:51:05 -------- d-----w- C:\ProgramData\Windows App Certification Kit 2014-05-22 09:50:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2014-05-22 09:50:43 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2014-05-22 09:49:53 -------- d-----w- C:\ProgramData\NuGet 2014-05-22 09:49:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2014-05-22 09:48:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013 2014-05-22 09:46:38 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft 2014-05-20 15:22:11 5A2FDBBA45430375188D4B16935AA0EC 41954352 ----a-w- C:\Users\julian\Downloads\RazerGameBoosterSetup_4.2.45.0.exe 2014-05-12 20:28:55 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches 2014-05-12 17:44:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon 2014-05-12 17:44:09 -------- d-----w- C:\ProgramData\NexonUS ====== C: exe-files == 2014-05-28 17:10:54 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\julian.exe 2014-05-28 17:10:13 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\julian\Downloads\RSITx64.exe 2014-05-28 17:06:16 9EC73884D7D7BFEC9EED7EAF3122A0BE 1327971 ----a-w- C:\Users\julian\Downloads\adwcleaner_3.211.exe 2014-05-28 16:50:12 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\julian\Downloads\mbam-setup-2.0.0.1000.exe 2014-05-25 19:24:42 1A277C2B5AE6706A6A5AC117F984B0A6 55273402 ----a-w- C:\Users\julian\Downloads\F1FA14.exe 2014-05-25 12:38:48 3AF5806AAB54D86CDA7AAA034FD2C35E 38382160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.114\35.0.1916.114_chrome_installer.exe 2014-05-22 09:51:51 DFC3095A2149E457B509E9E139A1CDC9 15768 ----a-w- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe 2014-05-22 09:45:41 8C55DC079572791E2974BE3C5C19E254 6552288 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRedistD11\1033\vcredist_x86.exe 2014-05-22 09:45:41 14C4D00DC9DD39FF5B4C34BD02B9BEDB 7185000 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\vcRedistD11\1033\vcredist_x64.exe 2014-05-22 09:45:39 10695EB26EF596E58BB34A7ACC680193 9337544 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Silverlight\5.0_DRT\Silverlight_Developer.exe 2014-05-22 09:45:32 9A043FF5A7C96531EA9372195BC86217 39080 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\sptoolsDependencies\enablewif.exe 2014-05-22 09:45:31 FF8B645421F67E7963BDCA643FE4B20F 2638632 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SSCE40\SSCERuntime_x64-enu.exe 2014-05-22 09:45:31 F7160DC876BF377D78B774688CA8A0A8 11541952 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\Standalone Profiler\Profiler_Setup_x86.exe 2014-05-22 09:45:31 E71EC483986AC687300BF7AE5001CBB2 2397488 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\SSCE40\SSCERuntime_x86-ENU.exe 2014-05-22 09:45:31 E3418E98C6C52307A20A020FF268712A 120000 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VS_Clean\VS_PostClean_vs.exe 2014-05-22 09:45:31 E13C76580324383BF12C284E6E411A00 17459576 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\Standalone Profiler\Profiler_Setup_x64.exe 2014-05-22 09:45:31 D3F2F2AFE5A991EAC7E71DFBB7C66741 14624 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\WPT\enableaspnet.exe 2014-05-22 09:45:31 94A8675DC93D33877CD9943ECC07B26F 1125320 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\vs_professional.exe 2014-05-22 09:45:31 86F52B00595E26D61A45A2143A16EA88 108712 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\Preparation.exe 2014-05-22 09:45:31 14C9C7082F979FF7146A4175C81B8A44 2407000 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VSTO\vstor40_x86.exe 2014-05-22 09:45:31 0B877BCAED82B63AB223F875214266A0 119992 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VS_Clean\VS_PreClean_vs.exe 2014-05-22 09:45:31 055DF38A2A62CBFC301380FD131C8C50 2694240 ----a-w- C:\Users\julian\AppData\Local\Temp\Rar$EXa0.563\packages\VSTO\vstor40_x64.exe === C: other files == 2014-05-28 16:51:25 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-05-28 16:50:41 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-05-28 16:50:41 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-05-28 16:50:41 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-05-25 07:30:52 F718A57D946EAC76EFCB351D74E269F4 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\srtsp64.sys 2014-05-25 07:30:52 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\srtspx64.sys 2014-05-25 07:30:52 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\symefa64.sys 2014-05-25 07:30:52 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symds64.sys 2014-05-25 07:30:52 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1503000.00C\symnets.sys 2014-05-25 07:30:52 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ironx64.sys 2014-05-25 07:30:52 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\symelam.sys 2014-05-25 07:30:52 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1503000.00C\ccsetx64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1649581024-2079683328-5313355-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Steam"="D:\dead island\Steam.exe -silent" "Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "Overwolf"="C:\Program Files (x86)\Overwolf\Overwolf.exe -silent" "Spotify"="C:\Users\julian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "AllShareAgent"="C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe" "Logitech G930"="C:\Program Files (x86)\Logitech\G930\G930.exe" "Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "RazerGameBooster"="C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="%WINDIR%\SMINST\VistaLauncher.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Steam"="D:\dead island\Steam.exe -silent" "Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "Overwolf"="C:\Program Files (x86)\Overwolf\Overwolf.exe -silent" "Spotify"="C:\Users\julian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" ==== Startup Folders ====================== 2014-04-26 09:39:12 1053 ----a-w- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-05-2014 18:53] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-12-2012 14:45] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-12-2012 14:45] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe"] "C:\Windows\SysNative\tasks\{029673D1-7AD4-4F1E-A4B9-EF9ACE288557}" [C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\LaunchPad.exe] "C:\Windows\SysNative\tasks\{13B3863B-1477-432C-99A3-BB6F0FFA0DAA}" [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] "C:\Windows\SysNative\tasks\{1C415C97-203F-4C70-8D38-644F068AEAF4}" [C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\LaunchPad.exe] "C:\Windows\SysNative\tasks\{1D2062FB-8D38-457C-B545-7C757BCDF582}" [C:\Users\julian\Desktop\games2\Grand Theft Auto IV full game PC + Multiplayer ^^nosTEAM^^\Grand Theft Auto IV\LaunchGTAIV.exe] "C:\Windows\SysNative\tasks\{345D33D5-54F7-4050-8CD6-1898FDAB318B}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{5D4E1B59-06CF-4374-8EFE-7D5FC482D592}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{7FE1AA34-0B4A-4EEE-9921-8D8F7D4966E5}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{83A96BC4-1DE2-4C38-9E48-C4243152416B}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{91E752DC-09F4-43F2-A5A6-D03654C4CB12}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{A07D3C39-8B6E-4907-8145-1E5DA38F0D1D}" [C:\Users\julian\Desktop\games2\I Am Alive PC full game single-player ^^nosTEAM^^\I Am Alive\play-I-AM-Alive.exe] "C:\Windows\SysNative\tasks\{A0CAF408-DF20-410F-B641-76B0FED8F827}" [C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\LaunchPad.exe] "C:\Windows\SysNative\tasks\{B0293800-DF23-472A-A108-6EC4906342CE}" [C:\Riot Games\League of Legends\lol.launcher.exe] "C:\Windows\SysNative\tasks\{E860B412-B717-42E4-8FB9-B68659EA4878}" [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] "C:\Windows\SysNative\tasks\{FDC3DEA1-A692-4560-874F-B8EE5E01C7AB}" [C:\Users\julian\Desktop\games2\I Am Alive PC full game single-player ^^nosTEAM^^\I Am Alive\play-I-AM-Alive.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF" [04-12-2013 15:33] ==== Firefox Extensions ====================== ProfilePath: C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\lo8rxuqr.default-1392750794102 - Undetermined - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha861\ff - Undetermined - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2771\ff - Undetermined - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release588\ff AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjcdhgbejpndhnnmilemaddcnfhahjne - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha861\ch\MediaViewV1alpha861.crx[] mgglmngjjpbkbgfmehacncabhfloeall - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2771\ch\MediaBuzzV1mode2771.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx[28-04-2014 14:52] nedgmnohepmdapmlngpeilbbepcbohhg - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release588\ch\RichMediaViewV1release588.crx[] nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\Exts\Chrome.crx[31-05-2013 03:49] wweBsave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi Photo Enlarge - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi wweBsave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi wweBsave - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi Photo Enlarge - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi wweBsave - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi wweBsave - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi Photo Enlarge - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi wweBsave - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi wweBsave - julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi Battlefield Heroes - julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh AdBlock - julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Photo Enlarge - julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi wweBsave - julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh YTBookMark - julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb YoutubeAdblocker - julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp Photo Enlarge - julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo SNT - julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi ==== Chrome Fix ====================== C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchinweb.info_0.localstorage deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchinweb.info_0.localstorage-journal deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dmiocciglbjmldfaohgochgdgebhlldb deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eapgkklfcglomdhhjbfclkfmhfbeelnp_0.localstorage deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eapgkklfcglomdhhjbfclkfmhfbeelnp_0.localstorage-journal deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eapgkklfcglomdhhjbfclkfmhfbeelnp deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aihbmdcbpclhigbkbdfjfaadbmmhiffh_0.localstorage deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aihbmdcbpclhigbkbdfjfaadbmmhiffh_0.localstorage-journal deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aihbmdcbpclhigbkbdfjfaadbmmhiffh deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hompjdfbfmmmgflfjdlnkohcplmboaeo_0.localstorage deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hompjdfbfmmmgflfjdlnkohcplmboaeo_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\julian\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_legcnmokooconajlhhlcfgfhmjdakboi_0.localstorage deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_legcnmokooconajlhhlcfgfhmjdakboi_0.localstorage-journal deleted successfully C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\legcnmokooconajlhhlcfgfhmjdakboi deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.gophoto.it/?pl=2&ch=v1noadmin_1402" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8A31D733-A561-401A-E054-52050D39495C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjcdhgbejpndhnnmilemaddcnfhahjne deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mgglmngjjpbkbgfmehacncabhfloeall deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nedgmnohepmdapmlngpeilbbepcbohhg deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2AF26F0-6DCC-410c-A24D-ED093DDE1638} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\julian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\julian\AppData\Local\Mozilla\Firefox\Profiles\lo8rxuqr.default-1392750794102\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=848 folders=651 1510536671 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\julian\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\julian\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 29-05-2014 at 1:35:30,46 ======================