Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Thierry on zo 04/05/2014 at 17:22:27,62.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Thierry\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

==== Possible Rootkit Infection ======================

C:\Windows\installer\{24886CD2-10F3-D5AA-A0AF-C677805446E9}\syshost.exe

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Comodo deleted successfully
C:\PROGRA~2\Gabest deleted successfully
C:\PROGRA~2\GUME91E.tmp deleted successfully
C:\PROGRA~2\Mozilla Firefox.bak deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\VS Revo Group deleted successfully
C:\Program Files\log deleted successfully
C:\Users\Thierry\AppData\Local\Comodo deleted successfully
C:\Users\Thierry\AppData\Local\Conduit deleted successfully
C:\Users\Thierry\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-958784132-981123827-108029691-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-958784132-981123827-108029691-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully
HKEY_USERS\S-1-5-21-958784132-981123827-108029691-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\a0bav93m.default

---- Lines CT2849859 removed from prefs.js ----
user_pref("CT2849859..clientLogIsEnabled", false);
user_pref("CT2849859..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2849859..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2849859.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2849859.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2849859.BrowserCompStateIsOpen_129642291941260919", true);
user_pref("CT2849859.BrowserCompStateIsOpen_130055929612942694", true);
user_pref("CT2849859.CT2849859", "CT2849859");
user_pref("CT2849859.ConfigurationLastCheckTime", "Mon Nov 18 2013 19:54:31 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.CurrentServerDate", "19-11-2013");
user_pref("CT2849859.DSInstall", true);
user_pref("CT2849859.DialogsAlignMode", "LTR");
user_pref("CT2849859.DialogsGetterLastCheckTime", "Sun Nov 17 2013 13:03:27 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.DownloadReferralCookieData", "");
user_pref("CT2849859.EMailNotifierPollDate", "Fri Mar 30 2012 15:35:58 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2849859.FeedLastCount129349798534969678", 501);
user_pref("CT2849859.FeedPollDate129313974171006416", "Fri Mar 30 2012 15:30:58 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313975698350231", "Fri Mar 30 2012 15:30:58 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313976370850190", "Fri Mar 30 2012 15:30:58 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313976648818968", "Fri Mar 30 2012 15:30:58 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313977444757117", "Fri Mar 30 2012 15:30:58 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313980389131455", "Fri Mar 30 2012 15:30:59 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313980655381977", "Fri Mar 30 2012 15:30:59 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313980886163259", "Fri Mar 30 2012 15:30:59 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313981234756535", "Fri Mar 30 2012 15:30:59 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313983226631720", "Fri Mar 30 2012 15:30:59 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedPollDate129313983607725691", "Fri Mar 30 2012 15:30:59 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.FeedTTL129313974171006416", 10);
user_pref("CT2849859.FeedTTL129313977444757117", 15);
user_pref("CT2849859.FeedTTL129313980655381977", 5);
user_pref("CT2849859.FeedTTL129313981234756535", 5);
user_pref("CT2849859.FirstServerDate", "26-2-2012");
user_pref("CT2849859.FirstTime", true);
user_pref("CT2849859.FirstTimeFF3", true);
user_pref("CT2849859.FixPageNotFoundErrors", false);
user_pref("CT2849859.GroupingServerCheckInterval", 1440);
user_pref("CT2849859.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2849859.HPInstall", false);
user_pref("CT2849859.HasUserGlobalKeys", true);
user_pref("CT2849859.HomePageProtectorEnabled", false);
user_pref("CT2849859.HomepageBeforeUnload", "http://www.facebook.com/|http://www.busseniershof.be/");
user_pref("CT2849859.Initialize", true);
user_pref("CT2849859.InitializeCommonPrefs", true);
user_pref("CT2849859.InstallationAndCookieDataSentCount", 3);
user_pref("CT2849859.InstallationType", "Unknown");
user_pref("CT2849859.InstalledDate", "Sun Feb 26 2012 17:56:39 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.IsAlertDBUpdated", true);
user_pref("CT2849859.IsGrouping", false);
user_pref("CT2849859.IsInitSetupIni", true);
user_pref("CT2849859.IsMulticommunity", false);
user_pref("CT2849859.IsOpenThankYouPage", true);
user_pref("CT2849859.IsOpenUninstallPage", true);
user_pref("CT2849859.IsProtectorsInit", true);
user_pref("CT2849859.LanguagePackLastCheckTime", "Mon Nov 18 2013 19:54:29 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2849859.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2849859.LastLogin_3.10.0.1", "Fri Mar 30 2012 15:31:02 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.LastLogin_3.12.0.7", "Mon Apr 23 2012 19:16:39 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.LastLogin_3.12.2.3", "Sun Jun 03 2012 17:52:33 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.LastLogin_3.13.0.6", "Mon Jul 16 2012 22:16:41 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.LastLogin_3.14.1.0", "Tue Aug 28 2012 20:03:32 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.LastLogin_3.15.1.0", "Thu Nov 08 2012 17:55:30 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.LastLogin_3.16.0.3", "Thu Mar 14 2013 17:49:17 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.LastLogin_3.18.0.7", "Thu Jul 18 2013 17:28:28 GMT+0200 (Romance (standaardtijd))");
user_pref("CT2849859.LastLogin_3.19.0.3", "Mon Sep 09 2013 17:56:42 GMT+0200 (Romance (standaardtijd))");
user_pref("CT2849859.LastLogin_3.20.0.4", "Tue Nov 19 2013 19:20:00 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.LastLogin_3.9.0.3", "Sat Mar 10 2012 09:01:09 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.LatestVersion", "3.20.0.4");
user_pref("CT2849859.Locale", "nl");
user_pref("CT2849859.MCDetectTooltipHeight", "83");
user_pref("CT2849859.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2849859.MCDetectTooltipWidth", "295");
user_pref("CT2849859.MyStuffEnabledAtInstallation", true);
user_pref("CT2849859.OriginalFirstVersion", "3.9.0.3");
user_pref("CT2849859.RestartDialogFirstTime", "false");
user_pref("CT2849859.RestartDialogShouldDisplay", "false");
user_pref("CT2849859.SearchAPILastCheckTime", "Mon Nov 18 2013 19:54:32 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.SearchCaption", "BittorrentBar_NL Customized Web Search");
user_pref("CT2849859.SearchEngineBeforeUnload", "BittorrentBar_NL Customized Web Search");
user_pref("CT2849859.SearchFromAddressBarIsInit", true);
user_pref("CT2849859.SearchInNewTabEnabled", true);
user_pref("CT2849859.SearchInNewTabIntervalMM", 1440);
user_pref("CT2849859.SearchInNewTabLastCheckTime", "Mon Sep 09 2013 19:48:30 GMT+0200 (Romance (standaardtijd))");
user_pref("CT2849859.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2849859.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?ctid=CT2849859&octid=CT2849859&SearchSource=15&CUI=SB_CUI&SSPV=EB_SS
user_pref("CT2849859.SearchProtectorEnabled", true);
user_pref("CT2849859.SearchProtectorToolbarDisabled", false);
user_pref("CT2849859.SendProtectorDataViaLogin", true);
user_pref("CT2849859.ServiceMapLastCheckTime", "Sun Nov 17 2013 13:03:27 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.SettingsLastCheckTime", "Sun Nov 17 2013 17:21:23 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.SettingsLastUpdate", "1384678563");
user_pref("CT2849859.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2849859&SearchSource=13");
user_pref("CT2849859.ThirdPartyComponentsInterval", 504);
user_pref("CT2849859.ThirdPartyComponentsLastCheck", "Tue Mar 20 2012 20:11:17 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.ThirdPartyComponentsLastUpdate", "1256026239");
user_pref("CT2849859.ToolbarShrinkedFromSetup", false);
user_pref("CT2849859.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityTool
user_pref("CT2849859.UserID", "UN27669899546928216");
user_pref("CT2849859.ValidationData_Search", 0);
user_pref("CT2849859.ValidationData_Toolbar", 0);
user_pref("CT2849859.WeatherNetwork", "");
user_pref("CT2849859.WeatherPollDate", "Fri Mar 30 2012 15:30:58 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.WeatherUnit", "C");
user_pref("CT2849859.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2849859.alertChannelId", "1241900");
user_pref("CT2849859.backendstorage.cbfirsttime", "53756E2046656220323620323031322031373A35363A343120474D542B303130302028526F6D616E636520287374616E646
user_pref("CT2849859.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
user_pref("CT2849859.browser.search.defaultthis.engineName", true);
user_pref("CT2849859.cbfirsttime.from_oldbar.enc", "U3VuIEZlYiAyNiAyMDEyIDE3OjU2OjQxIEdNVCswMTAwIChSb21hbmNlIChzdGFuZGFhcmR0aWpkKSk=");
user_pref("CT2849859.countryCode", "BE");
user_pref("CT2849859.enableAlerts", "always");
user_pref("CT2849859.firstTimeDialogOpened", true);
user_pref("CT2849859.fixPageNotFoundErrorByUser", "false");
user_pref("CT2849859.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2849859.fullUserID", "UN27669899546928216.UP.211601");
user_pref("CT2849859.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.
user_pref("CT2849859.globalFirstTimeInfoLastCheckTime", "Tue Mar 20 2012 20:11:18 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.homepageProtectorEnableByLogin", true);
user_pref("CT2849859.homepageuserchanged", true);
user_pref("CT2849859.initDone", true);
user_pref("CT2849859.installType", "Unknown");
user_pref("CT2849859.isAppTrackingManagerOn", true);
user_pref("CT2849859.isCheckedStartAsHidden", true);
user_pref("CT2849859.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2849859.isFirstTimeToolbarLoading", "false");
user_pref("CT2849859.isPerformedSmartBarTransition", "true");
user_pref("CT2849859.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2849859.keyword", true);
user_pref("CT2849859.lastVersion", "10.29.0.520");
user_pref("CT2849859.missingMachineIdSent", "true");
user_pref("CT2849859.myStuffEnabled", true);
user_pref("CT2849859.myStuffPublihserMinWidth", 400);
user_pref("CT2849859.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT2849859.myStuffServiceIntervalMM", 1440);
user_pref("CT2849859.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2849859.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN
user_pref("CT2849859.oldAppsList", "129349798532782160,129349798533094661,1000234,129349798533250913,1000034,129423804550387821,129349798533563416,129
user_pref("CT2849859.originalHomepage", "http://www.facebook.com/|http://www.busseniershof.be/");
user_pref("CT2849859.originalSearchAddressUrl", "");
user_pref("CT2849859.originalSearchEngine", "Google");
user_pref("CT2849859.performedDomainChangesMigration", "true");
user_pref("CT2849859.revertSettingsEnabled", true);
user_pref("CT2849859.scriptsource.from_oldbar.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
user_pref("CT2849859.search.searchCount", 0);
user_pref("CT2849859.searchFromAddressBarEnabledByUser", "true");
user_pref("CT2849859.searchInNewTabEnabledByUser", "true");
user_pref("CT2849859.searchInNewTabEnabledInHidden", "true");
user_pref("CT2849859.searchProtectorDialogDelayInSec", 10);
user_pref("CT2849859.searchProtectorEnableByLogin", true);
user_pref("CT2849859.searchSuggestEnabledByUser", "true");
user_pref("CT2849859.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2849859.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2849859.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2849859.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2849859\"}");
user_pref("CT2849859.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://BittorrentBarNL.OurToolbar.c
user_pref("CT2849859.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BittorrentBar_NL \"}");
user_pref("CT2849859.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2849859.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2849859.serviceLayer_services_Configuration_lastUpdate", "1398705690944");
user_pref("CT2849859.serviceLayer_services_login_10.20.101.5_lastUpdate", "1386176516093");
user_pref("CT2849859.serviceLayer_services_login_10.22.3.518_lastUpdate", "1387630854696");
user_pref("CT2849859.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396803566708");
user_pref("CT2849859.serviceLayer_services_login_10.29.0.520_lastUpdate", "1398705690873");
user_pref("CT2849859.serviceLayer_services_searchAPI_lastUpdate", "1398705690921");
user_pref("CT2849859.serviceLayer_services_serviceMap_lastUpdate", "1398705690836");
user_pref("CT2849859.serviceLayer_services_toolbarSettings_lastUpdate", "1398705690824");
user_pref("CT2849859.serviceLayer_services_translation_lastUpdate", "1398705690708");
user_pref("CT2849859.settingsINI", true);
user_pref("CT2849859.showToolbarPermission", "false");
user_pref("CT2849859.smartbar.CTID", "CT2849859");
user_pref("CT2849859.smartbar.Uninstall", "0");
user_pref("CT2849859.smartbar.toolbarName", "BittorrentBar_NL ");
user_pref("CT2849859.testingCtid", "");
user_pref("CT2849859.toolbarAppMetaDataLastCheckTime", "Sun Nov 17 2013 13:03:27 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.toolbarBornServerTime", "26-2-2012");
user_pref("CT2849859.toolbarContextMenuLastCheckTime", "Thu Mar 29 2012 03:02:34 GMT+0200 (Romance (zomertijd))");
user_pref("CT2849859.toolbarCurrentServerTime", "28-4-2014");
user_pref("CT2849859.toolbarLoginClientTime", "Tue Nov 19 2013 19:54:06 GMT+0100 (Romance (standaardtijd))");
user_pref("CT2849859.upgradeFromOBVersion", true);
user_pref("CT2849859.usagesFlag", 2);
user_pref("CT2849859_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1398705689232,\"isWithState\":\"\",\"timeFromStar
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2849859/CT2849859", "\"9fcd104b0172dddbb20d91681d6643c83\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849859", "\"1361119362\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849859", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
user_pref("CommunityToolbar.ToolbarsList", "CT2849859");
user_pref("CommunityToolbar.ToolbarsList2", "CT2849859");
user_pref("CommunityToolbar.ToolbarsList4", "CT2849859");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849859");
user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=3&q={searchTerms}&CUI=UN276698995469
user_pref("Smartbar.TBSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=3&q={searchTerms}&CUI=UN27669899546928216
user_pref("Smartbar.keywordURLSelectedCTID", "CT2849859");
user_pref("smartbar.addressBarOwnerCTID", "CT2849859");
user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=2&q=,http://search.conduit.co
user_pref("smartbar.defaultSearchOwnerCTID", "CT2849859");
user_pref("smartbar.searchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=2&q=,http://search.conduit.com/Resul
user_pref("valueApps.CT2849859.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.CT2849859.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT2849859.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT2849859.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT2849859.mam_gk_userBornDate", "4E2F41");
user_pref("valueApps.CT2849859.mam_gk_userBornDate.storedInFile", false);
---- FireFox user.js and prefs.js backups ---- 

user_20140405_1728_.backup
prefs_20140405_1728_.backup

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\AdTrustMedia deleted
C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\a0bav93m.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted
C:\ProgramData\Adtrustmedia deleted
C:\PROGRA~2\GUT18AF.tmp deleted
C:\PROGRA~2\GUM18AE.tmp deleted
C:\PROGRA~2\MyPC Backup deleted
C:\PROGRA~2\Red Sky deleted
C:\PROGRA~2\Conduit deleted
C:\Users\Thierry\AppData\Roaming\simplitec deleted
C:\Users\Thierry\AppData\Roaming\Babylon deleted
C:\Users\Thierry\AppData\Local\DownTango deleted
C:\windows\SysNative\Tasks\DealPly deleted
C:\Users\Thierry\Downloads\avg_free_stb_all_2012_1873_cnet.exe deleted
C:\Users\Thierry\Downloads\avg_free_stb_all_2013_2805_cnet.exe deleted
C:\Users\Thierry\Downloads\avg_free_stb_all_2014_4577_cnet.exe deleted
C:\Users\Thierry\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\user.js deleted
C:\end deleted
C:\Windows\Syswow64\SearchProtect deleted
C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\a0bav93m.default\CT2849859 deleted
C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\a0bav93m.default\conduitCommon deleted
C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\a0bav93m.default\smartbar deleted
"C:\Users\Thierry\AppData\Local\{584F7E4C-AB29-49C2-A143-2C5EB0785E65}" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Thierry\AppData\Local\Temp ====
2014-05-04 11:52:39	C4CF03B998D4D758B89CD07F22D7A7F9	645168	----a-w-	C:\Users\Thierry\AppData\Local\Temp\MSS\3.8.141.11\McUICnt.exe
2014-05-04 11:52:39	902161C776E46F0C51DB0BB0562E3356	153760	----a-w-	C:\Users\Thierry\AppData\Local\Temp\MSS\3.8.141.11\McInstallerRes_LD.dll
2014-05-04 11:52:39	65D16902A627714BE66C5F781E84C1DF	769736	----a-w-	C:\Users\Thierry\AppData\Local\Temp\MSS\3.8.141.11\McInstallerStartup.dll
2014-05-04 11:52:39	657820BF42579019F3AED6121FD5635C	264488	----a-w-	C:\Users\Thierry\AppData\Local\Temp\MSS\3.8.141.11\McInstallerRes.dll
2014-05-04 11:52:39	2FBB1819B94F57AA7519F4F1959C99E9	565328	----a-w-	C:\Users\Thierry\AppData\Local\Temp\MSS\3.8.141.11\mcbrwsr2.dll
2014-05-04 09:34:36	B2568BB12C5F428D917A4BE8635DA86E	166192	----a-w-	C:\Users\Thierry\AppData\Local\Temp\McTemp\15636\InstProg.dll
2014-05-04 09:30:25	4BC95898765D9A494AD5CEA58FAD370A	802672	----a-w-	C:\Users\Thierry\AppData\Local\Temp\McInstrumentationTemp\McItInfo.exe
2014-05-04 09:30:25	4725778796EEC4B0E04A2187D0F9AD9F	332480	----a-w-	C:\Users\Thierry\AppData\Local\Temp\McInstrumentationTemp\McUtil.dll
2014-05-04 09:30:25	1AB85DD212ADD895A22BB298990A85C0	211488	----a-w-	C:\Users\Thierry\AppData\Local\Temp\McInstrumentationTemp\McIIHlp.dll
====== Java Cache =====
2014-04-27 15:48:46	3A3F7C0CB8915613F55BE65659F5DC58	10177	----a-w-	C:\Users\Thierry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6f658e20-3090d091
2014-04-27 15:50:53	3A3F7C0CB8915613F55BE65659F5DC58	10177	----a-w-	C:\Users\Thierry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\2d53d6e5-54ecd989
2014-05-04 12:05:08	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Thierry\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-72b73f5a
====== C:\Windows\SysWOW64 =====
2014-05-04 11:10:54	90B81156CF76103D107B60A7D02739C1	96168	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-29 18:00:41	D0AAAE16BA162DD89D646887F1539855	1700352	----a-w-	C:\Windows\SysWOW64\gdiplus.dll
2014-04-29 17:57:56	E6BB9F8C97B2CCF676227226700800AF	48392	----a-w-	C:\Windows\SysWOW64\certsentry.dll
2014-04-29 15:50:49	A8F358336FE7CDAB55D6D986083329EF	17931952	----a-w-	C:\Windows\SysWOW64\FlashPlayerInstaller.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-05-04 12:58:20	C007347E699A465BF65FD6047D7199D8	59	----a-w-	C:\Windows\Sysnative\SupportTool.exe.bat
2014-04-29 17:57:56	9CDB22EAB44FC064EAE9B30D1AF1ABB2	57096	----a-w-	C:\Windows\Sysnative\certsentry.dll
====== C:\Windows\Sysnative\drivers =====
2014-05-04 11:24:09	6140163BFE9D8F2DFDBA088ED5521C13	119512	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-05-04 11:23:44	FD5465B876D55534117963FAAA4B9DFC	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2014-05-04 11:23:44	C49915271600CFC2305FAA4271D0002F	63192	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2014-05-04 11:23:44	4A1356200B82B852E137B687F03E8054	88280	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-05-04 09:52:51	12F0F8D3F84FAB8F31D073286FE131CB	2641	----a-w-	C:\Windows\Sysnative\drivers\mfencrk.inf
2014-05-04 09:52:46	691EF5966CE866B766CE00BECFCFA589	5442	----a-w-	C:\Windows\Sysnative\drivers\mfencbdc.inf
2014-04-30 18:31:00	5545FB5B49268C903F311849DB1942ED	423240	----a-w-	C:\Windows\Sysnative\drivers\hldxzzpp.sys
2014-04-30 18:15:59	5545FB5B49268C903F311849DB1942ED	423240	----a-w-	C:\Windows\Sysnative\drivers\xjhilqbt.sys
2014-04-30 18:15:38	5545FB5B49268C903F311849DB1942ED	423240	----a-w-	C:\Windows\Sysnative\drivers\gregevwk.sys
====== C:\Windows\Tasks ======
2014-05-04 13:36:06	65A55378F28407591A48260D2506C844	3280	----a-w-	C:\Windows\Sysnative\Tasks\{9BDEC381-FF43-4911-ACD6-ADB3D3AC5EF2}
2014-05-04 12:59:01	D95B03F0B285A1F03E2ED65FED924763	3276	----a-w-	C:\Windows\Sysnative\Tasks\Titanium BTC
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-05-04 12:57:43	--------	d-----w-	C:\Program Files\Trend Micro
2014-04-29 17:59:04	--------	d-----w-	C:\Program Files\AdTrustMedia
2014-04-29 17:58:28	--------	d-----w-	C:\Program Files\COMODO
======= C:\PROGRA~2 =====
2014-05-04 13:58:27	--------	d-----w-	C:\PROGRA~2\trend micro
2014-05-04 11:11:59	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
2014-05-04 11:11:59	--------	d-----r-	C:\PROGRA~2\Skype
2014-05-04 11:11:15	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
======= C: =====
2014-05-04 11:52:46	69FA2D12E0B5252F5C90EA6F500CFCDD	424	----a-w-	C:\AVScanner.ini
====== C:\Users\Thierry\AppData\Roaming ======
2014-05-04 13:07:41	--------	d-----w-	C:\Users\Thierry\AppData\Local\Trend Micro
2014-05-04 12:57:12	8372795B7B8CE95C758480B28E1C6E50	36	----a-w-	C:\Users\Thierry\AppData\Local\housecall.guid.cache
2014-05-04 11:12:25	--------	d-----w-	C:\Users\Thierry\AppData\Local\Skype
2014-04-29 18:01:51	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Comodo
2014-04-29 18:01:50	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Locallow\COMODO
2014-04-29 18:01:28	--------	d-----w-	C:\Users\Thierry\AppData\Locallow\COMODO
2014-04-29 18:00:00	--------	d-----w-	C:\Users\Thierry\AppData\Local\AdTrustMedia
2014-04-29 17:59:02	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\COMODO
2014-04-29 17:36:21	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013
2014-04-29 17:36:17	--------	d-----w-	C:\Users\Thierry\AppData\Local\Avg2013
2014-04-29 17:22:55	--------	d-----w-	C:\Users\Thierry\AppData\Roaming\AVG2014
2014-04-29 16:17:47	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014
2014-04-29 16:17:37	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014
2014-04-29 16:17:06	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014
2014-04-29 16:14:45	--------	d-----w-	C:\Users\Thierry\AppData\Local\Avg2014
====== C:\Users\Thierry ======
2014-05-04 13:57:52	69CA82A7482A00D8EE063D2B97FC4338	781383	----a-w-	C:\Users\Thierry\Downloads\RSIT.exe
2014-05-04 12:58:20	02C1EE40968BAA67C3A785CDA9807125	262	--sha-r-	C:\ProgramData\ntuser.pol
2014-05-04 12:57:53	--------	d-----w-	C:\ProgramData\Trend Micro
2014-05-04 12:54:42	F868C23CDBF8E48CE69EA70C08E47D6D	116265448	----a-w-	C:\Users\Public\Desktop\Trend_Micro.exe
2014-05-04 12:54:36	--------	d-----w-	C:\ProgramData\Trend Micro Installer
2014-05-04 11:11:59	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-04 11:10:54	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-04 09:29:18	063F03E392A66AF10AD125F7A4A38C37	5143104	----a-w-	C:\Users\Thierry\Downloads\Setup_serial_cBF3wDSNGC5eaZRfiO_ViA2_key.exe
2014-04-30 18:15:07	18D3A804CB97BB62DBC5AC7C957CD3E7	88882192	----a-w-	C:\Users\Thierry\Downloads\avast_free_antivirus_setup.exe
2014-04-29 17:58:05	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-04-29 17:57:18	--------	d-----w-	C:\ProgramData\Comodo
2014-04-29 17:45:16	DA09AF2982A2800FD068AF857EAD480B	10619688	----a-w-	C:\Users\Thierry\Downloads\RevoUninProSetup.exe
2014-04-29 17:45:07	4F99CAE27FFD46712E65C21444AACDFC	2623656	----a-w-	C:\Users\Thierry\Downloads\revosetup(1).exe
2014-04-29 17:44:42	4F99CAE27FFD46712E65C21444AACDFC	2623656	----a-w-	C:\Users\Thierry\Downloads\revosetup.exe
2014-04-29 16:15:22	--------	d-----w-	C:\ProgramData\AVG2014

====== C: exe-files ==
2014-05-04 13:58:27	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files (x86)\trend micro\Thierry.exe
2014-05-04 13:57:52	69CA82A7482A00D8EE063D2B97FC4338	781383	----a-w-	C:\Users\Thierry\Downloads\RSIT.exe
2014-05-04 13:24:25	E1D8F96772F6BBE990B435580CA9C33B	305760	----a-w-	C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
2014-05-04 13:17:56	5C82BE7AD1775B67916EE19C15B99331	2723264	----a-w-	C:\Users\Thierry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1WC2PGK\vcredist_x86.exe
2014-05-04 13:07:06	FA719EBA31716098BC79FFDB68B4D5EF	415464	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Vizor64\TiPreAU.exe
2014-05-04 13:07:06	A9C324BADB72EAAFE3A307DF668DED0D	230600	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Vizor64\InstallSettingMigrate.exe
2014-05-04 13:07:06	A189A061977FB87855CD3F52B1150539	371192	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Vizor64\TmSetACL.exe
2014-05-04 13:07:06	68B31D0E58C1F0DB2EEB968CD13C4892	327920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Vizor64\WSCTool.exe
2014-05-04 13:07:06	216ED007AB2216825B11599B2C42C8EA	722952	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Vizor64\InstallUCWrapper.exe
2014-05-04 13:07:05	ED4797AAD9F69771504045D210D98B4B	2139232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\setup.exe
2014-05-04 13:07:03	4C6E7BE1DFA0752E93EC43E337EB9EAB	2529072	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Vizor32\TisEzIns.exe
2014-05-04 13:06:52	FA719EBA31716098BC79FFDB68B4D5EF	415464	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\TiPreAU.exe
2014-05-04 13:06:52	F62DC021AEDA73E46A7ED6AE705A0A0D	170872	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL64\TMAS_OLSentry.exe
2014-05-04 13:06:52	E8536B70DDB3F5213CDA6862D577EB97	44152	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\WLM\TMAS_WLMMon.exe
2014-05-04 13:06:52	D9B2312D6C4050048FFC00D6D87BD107	163920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\OEMConsole.exe
2014-05-04 13:06:52	D6C42EF299C0CB8447332D943A000DD3	239352	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\TiMiniService.exe
2014-05-04 13:06:52	D16AC3B033FDCA713AC5102094B557DA	1156040	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OE64\TMAS_OE.exe
2014-05-04 13:06:52	D139DAC7F146E431C895E652F387F731	254296	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL\TMAS_OLImp.exe
2014-05-04 13:06:52	C57C2BB0FA5F293ABE4FF705052ED041	290864	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c11t1104v0.0.0l1p5889r1o1\WSCStatusController.exe
2014-05-04 13:06:52	C5369005F6EB5CCAC1FAEE782487B78F	1112232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL64\TMAS_OL.exe
2014-05-04 13:06:52	B38A152FFC86D84010FA3559B7CEE059	517952	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\WLM\TMAS_WLM.exe
2014-05-04 13:06:52	B1EFC52DF82E70FED7EBF0B8295D6D07	4529856	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\RescueHelper.exe
2014-05-04 13:06:52	AF535420C1F86B20C4F7BA364FC1FB5A	81256	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\PackageRemover.exe
2014-05-04 13:06:52	A6E31400F4B7590C91233986CFEC895C	221584	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiWatchDog.exe
2014-05-04 13:06:52	8C2118C5D852B8F6C47D99E573A3F912	409320	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\ShorcutLauncher.exe
2014-05-04 13:06:52	7B81173175C091A493E9FE899068E0A4	693576	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\WSCHandler.exe
2014-05-04 13:06:52	721BA58E72197B26C8D3850C2BA21A48	538288	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiUpdateTray.exe
2014-05-04 13:06:52	6E53EC81700D47CA5FB7E3722B4C0173	641064	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL64\TMAS_OLImp.exe
2014-05-04 13:06:52	6B2F4AE92F05D46D6BF565C1F0B84B23	506104	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL\TMAS_OL.exe
2014-05-04 13:06:52	68B31D0E58C1F0DB2EEB968CD13C4892	327920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\WSCTool.exe
2014-05-04 13:06:52	55872DA244F664BD75FFC0237E983466	2084600	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1785v0.0.0l1p5889r1o1\TMDC\TMDC.exe
2014-05-04 13:06:52	404B874A0159AFBB8884E220830EDF66	213608	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OE64\TMAS_OEMon.exe
2014-05-04 13:06:52	213B73A1F09D649FEFEC6A8B7C0156AE	325872	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1784v0.0.0l1p5889r1o1\plugin\Win8Cpnt\TmToastNotificationCaller.exe
2014-05-04 13:06:52	1B30243568B1BD2C10C923E857BF226E	1270136	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiSeAgnt.exe
2014-05-04 13:06:52	170946A0B63022338D0C090BC530A60A	36960	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL\TMAS_OLSentry.exe
2014-05-04 13:06:52	166992EC0830624ED1856FBB6E8795D8	619440	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OE64\TMAS_OEImp.exe
2014-05-04 13:06:52	115B1135315755A121637FCA41171FEE	334112	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\TiResumeSrv.exe
2014-05-04 13:06:52	0B72072A84DF9B8AE84DBE06FCA34561	1510896	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1725v0.0.0l1p1r1o1\uiWinMgr.exe
2014-05-04 13:06:52	049224D484370B673F827BEB799BB5A0	1055160	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\Remove.exe
2014-05-04 13:06:44	92FBC704533FB14257E0EF7FB57F6005	4749240	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\SupportTool.exe
2014-05-04 13:06:44	68B31D0E58C1F0DB2EEB968CD13C4892	327920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\WSCTool.exe
2014-05-04 13:06:44	0A57147485285173093C7A50AAC2221F	256856	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\TMSToolEx.exe
2014-05-04 13:06:37	E1D8F96772F6BBE990B435580CA9C33B	305760	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\coreServiceShell.exe
2014-05-04 13:06:37	AC4BF5D916C4CAB6760CCF8BF574E472	222232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\TmExtIns32.exe
2014-05-04 13:06:37	AC4BF5D916C4CAB6760CCF8BF574E472	222232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959569l1p5889r1o1\6.8.1118\TmExtIns32.exe
2014-05-04 13:06:37	A640306D84D986E40256ADCBA9A9F5A2	54296	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\TmopHookMgrHelper32.exe
2014-05-04 13:06:37	9DFBE6B08CDF74D16518879F5A9E2560	139800	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t679493632l1p5889r1o1\6.8.1072\tdiins.exe
2014-05-04 13:06:37	9CBB60256F66291E8199660F4CEFD7D9	226328	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\TmopExtIns32.exe
2014-05-04 13:06:37	8CD3409C2859002C0711C2A7E64BDD55	14872	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959865l1p5889r1o1\2.0.1080\CheckUI.exe
2014-05-04 13:06:37	852DCECDB0520CB7E19B235A4F85E41F	54296	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\TmopHookMgrHelper32.exe
2014-05-04 13:06:37	5AC2BE65E30BD8E709FC06974C6197A4	26648	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959572l-1p5889r-1o-1\1.7.1008\DREBoot64.exe
2014-05-04 13:06:37	54D096408A64DE8C9C8373563C20577D	324632	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\TmopExtIns.exe
2014-05-04 13:06:37	30F504048227E43B97DA2F05A89AB7DD	235992	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\utilRollback.exe
2014-05-04 13:06:37	127B98B61414E8F2216097AF29C003CB	323096	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\TmExtIns.exe
2014-05-04 12:56:48	FA719EBA31716098BC79FFDB68B4D5EF	415464	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Vizor64\TiPreAU.exe
2014-05-04 12:56:48	A9C324BADB72EAAFE3A307DF668DED0D	230600	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Vizor64\InstallSettingMigrate.exe
2014-05-04 12:56:48	A189A061977FB87855CD3F52B1150539	371192	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Vizor64\TmSetACL.exe
2014-05-04 12:56:48	68B31D0E58C1F0DB2EEB968CD13C4892	327920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Vizor64\WSCTool.exe
2014-05-04 12:56:48	216ED007AB2216825B11599B2C42C8EA	722952	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Vizor64\InstallUCWrapper.exe
2014-05-04 12:56:47	ED4797AAD9F69771504045D210D98B4B	2139232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\setup.exe
2014-05-04 12:56:43	4C6E7BE1DFA0752E93EC43E337EB9EAB	2529072	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Vizor32\TisEzIns.exe
2014-05-04 12:56:14	C57C2BB0FA5F293ABE4FF705052ED041	290864	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c11t1104v0.0.0l1p5889r1o1\WSCStatusController.exe
2014-05-04 12:56:14	A6E31400F4B7590C91233986CFEC895C	221584	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiWatchDog.exe
2014-05-04 12:56:14	7B81173175C091A493E9FE899068E0A4	693576	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\WSCHandler.exe
2014-05-04 12:56:14	68B31D0E58C1F0DB2EEB968CD13C4892	327920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\WSCTool.exe
2014-05-04 12:56:14	0B72072A84DF9B8AE84DBE06FCA34561	1510896	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1725v0.0.0l1p1r1o1\uiWinMgr.exe
2014-05-04 12:56:13	FA719EBA31716098BC79FFDB68B4D5EF	415464	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\TiPreAU.exe
2014-05-04 12:56:13	F62DC021AEDA73E46A7ED6AE705A0A0D	170872	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL64\TMAS_OLSentry.exe
2014-05-04 12:56:13	E8536B70DDB3F5213CDA6862D577EB97	44152	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\WLM\TMAS_WLMMon.exe
2014-05-04 12:56:13	D9B2312D6C4050048FFC00D6D87BD107	163920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\OEMConsole.exe
2014-05-04 12:56:13	D6C42EF299C0CB8447332D943A000DD3	239352	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\TiMiniService.exe
2014-05-04 12:56:13	D16AC3B033FDCA713AC5102094B557DA	1156040	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OE64\TMAS_OE.exe
2014-05-04 12:56:13	D139DAC7F146E431C895E652F387F731	254296	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL\TMAS_OLImp.exe
2014-05-04 12:56:13	C5369005F6EB5CCAC1FAEE782487B78F	1112232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL64\TMAS_OL.exe
2014-05-04 12:56:13	B38A152FFC86D84010FA3559B7CEE059	517952	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\WLM\TMAS_WLM.exe
2014-05-04 12:56:13	B1EFC52DF82E70FED7EBF0B8295D6D07	4529856	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\RescueHelper.exe
2014-05-04 12:56:13	AF535420C1F86B20C4F7BA364FC1FB5A	81256	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\PackageRemover.exe
2014-05-04 12:56:13	8C2118C5D852B8F6C47D99E573A3F912	409320	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\ShorcutLauncher.exe
2014-05-04 12:56:13	721BA58E72197B26C8D3850C2BA21A48	538288	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiUpdateTray.exe
2014-05-04 12:56:13	6E53EC81700D47CA5FB7E3722B4C0173	641064	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL64\TMAS_OLImp.exe
2014-05-04 12:56:13	6B2F4AE92F05D46D6BF565C1F0B84B23	506104	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL\TMAS_OL.exe
2014-05-04 12:56:13	55872DA244F664BD75FFC0237E983466	2084600	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1785v0.0.0l1p5889r1o1\TMDC\TMDC.exe
2014-05-04 12:56:13	404B874A0159AFBB8884E220830EDF66	213608	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OE64\TMAS_OEMon.exe
2014-05-04 12:56:13	213B73A1F09D649FEFEC6A8B7C0156AE	325872	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1784v0.0.0l1p5889r1o1\plugin\Win8Cpnt\TmToastNotificationCaller.exe
2014-05-04 12:56:13	1B30243568B1BD2C10C923E857BF226E	1270136	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c11t1104v0.0.0l1p5889r1o1\uiSeAgnt.exe
2014-05-04 12:56:13	170946A0B63022338D0C090BC530A60A	36960	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OL\TMAS_OLSentry.exe
2014-05-04 12:56:13	166992EC0830624ED1856FBB6E8795D8	619440	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1718v0.0.0l1p5889r1o1\OE64\TMAS_OEImp.exe
2014-05-04 12:56:13	115B1135315755A121637FCA41171FEE	334112	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\TiResumeSrv.exe
2014-05-04 12:56:13	049224D484370B673F827BEB799BB5A0	1055160	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\Remove.exe
2014-05-04 12:55:51	92FBC704533FB14257E0EF7FB57F6005	4749240	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\SupportTool.exe
2014-05-04 12:55:51	68B31D0E58C1F0DB2EEB968CD13C4892	327920	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\WSCTool.exe
2014-05-04 12:55:51	0A57147485285173093C7A50AAC2221F	256856	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\TMSToolEx.exe
2014-05-04 12:55:41	E1D8F96772F6BBE990B435580CA9C33B	305760	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\coreServiceShell.exe
2014-05-04 12:55:41	AC4BF5D916C4CAB6760CCF8BF574E472	222232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\TmExtIns32.exe
2014-05-04 12:55:41	AC4BF5D916C4CAB6760CCF8BF574E472	222232	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959569l1p5889r1o1\6.8.1118\TmExtIns32.exe
2014-05-04 12:55:41	A640306D84D986E40256ADCBA9A9F5A2	54296	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\TmopHookMgrHelper32.exe
2014-05-04 12:55:41	9DFBE6B08CDF74D16518879F5A9E2560	139800	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t679493632l1p5889r1o1\6.8.1072\tdiins.exe
2014-05-04 12:55:41	9CBB60256F66291E8199660F4CEFD7D9	226328	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\TmopExtIns32.exe
2014-05-04 12:55:41	8CD3409C2859002C0711C2A7E64BDD55	14872	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959865l1p5889r1o1\2.0.1080\CheckUI.exe
2014-05-04 12:55:41	852DCECDB0520CB7E19B235A4F85E41F	54296	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\TmopHookMgrHelper32.exe
2014-05-04 12:55:41	5AC2BE65E30BD8E709FC06974C6197A4	26648	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959572l-1p5889r-1o-1\1.7.1008\DREBoot64.exe
2014-05-04 12:55:41	54D096408A64DE8C9C8373563C20577D	324632	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\TmopExtIns.exe
2014-05-04 12:55:41	30F504048227E43B97DA2F05A89AB7DD	235992	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\utilRollback.exe
2014-05-04 12:55:41	127B98B61414E8F2216097AF29C003CB	323096	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\TmExtIns.exe
2014-05-04 12:54:42	F868C23CDBF8E48CE69EA70C08E47D6D	116265448	----a-w-	C:\Users\Public\Desktop\Trend_Micro.exe
2014-05-04 11:52:39	C4CF03B998D4D758B89CD07F22D7A7F9	645168	----a-w-	C:\Users\Thierry\AppData\Local\Temp\MSS\3.8.141.11\McUICnt.exe
2014-05-04 11:10:50	E53D6E485A0302A9C7D5E0D4D3E3C8B0	145832	----a-w-	C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-05-04 11:10:50	5EBBDE8E4FA26B4DC2477EEFC580BBEC	16808	----a-w-	C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-05-04 11:10:49	F82ACDE93EC413733A4BE85BB34BEC14	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-05-04 11:10:49	F4DED4130A0104B6A4ED9844208F180F	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-05-04 11:10:49	EB80B1148FF046F466D1C671AF75D559	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-05-04 11:10:49	DA6CB7FCDE22F46C2A792F67033AF20D	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-05-04 11:10:49	A88ABFD096E23B5560667BDC05917566	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-05-04 11:10:49	9E7CB10B1373D7172AE87D597AC58C24	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-05-04 11:10:49	971C6733A1AF11192C378CC736F85DCC	49576	----a-w-	C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-05-04 11:10:49	7EAB131EBF08F0E9E64C96285BD7D493	264616	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-05-04 11:10:49	76C9EFEA16CF2FAD41F6D6A37707A28B	68008	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-05-04 11:10:49	6544D757CC478157D0B1A7752E51FE3B	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-05-04 11:10:49	60050CE9D89F59C0FE53C74BC78E6655	48040	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-05-04 11:10:49	479099423E3058D55F1682F3330F9AA8	175016	----a-w-	C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-05-04 11:10:49	45A663489E1A24FE3696F689178C1041	182696	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-05-04 11:10:49	2AAB5E6938B562D4A78C8DB5F8923142	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-05-04 11:10:49	29869351791BADAC5BF5647F2E3FCA2E	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-05-04 11:10:49	26A414A2B7FC8AA5475CADB1189F1D02	175528	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-05-04 11:10:49	1D512E4C00DDFC9D0D236E818991EF1B	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-05-04 11:10:49	11065E949C9640B42D0DE37CCF55F31C	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-05-04 11:10:49	068C8B4DD85CA47817BECD77F07110EC	52648	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-05-04 10:40:45	70D09276FE2AAA808813399245A2F493	1542696	----a-w-	C:\Windows\Temp\contentDATs.exe
2014-05-04 09:30:25	4BC95898765D9A494AD5CEA58FAD370A	802672	----a-w-	C:\Users\Thierry\AppData\Local\Temp\McInstrumentationTemp\McItInfo.exe
2014-05-04 09:29:18	063F03E392A66AF10AD125F7A4A38C37	5143104	----a-w-	C:\Users\Thierry\Downloads\Setup_serial_cBF3wDSNGC5eaZRfiO_ViA2_key.exe
2014-04-30 18:15:07	18D3A804CB97BB62DBC5AC7C957CD3E7	88882192	----a-w-	C:\Users\Thierry\Downloads\avast_free_antivirus_setup.exe
2014-04-29 18:00:00	9271AB44AF5CDBC398104548DE491840	21708168	----a-w-	C:\Users\Thierry\AppData\Local\AdTrustMedia\PrivDog\PrivDog_ie_setup.exe
2014-04-29 17:53:08	5A6381E0AFB4E0B9FD318C1C76EFE9DC	5030744	----a-w-	C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe
2014-04-29 17:45:16	DA09AF2982A2800FD068AF857EAD480B	10619688	----a-w-	C:\Users\Thierry\Downloads\RevoUninProSetup.exe
2014-04-29 17:45:07	4F99CAE27FFD46712E65C21444AACDFC	2623656	----a-w-	C:\Users\Thierry\Downloads\revosetup(1).exe
2014-04-29 17:44:42	4F99CAE27FFD46712E65C21444AACDFC	2623656	----a-w-	C:\Users\Thierry\Downloads\revosetup.exe
2014-04-29 17:21:32	BBFAF2B2092FDF0CBA48D1656E061A29	3514168	----a-w-	C:\Users\Thierry\AppData\Local\NVIDIA\NvBackend\Packages\00005a7e\DAO.18382836.exe
2014-04-29 15:50:49	A8F358336FE7CDAB55D6D986083329EF	17931952	----a-w-	C:\Windows\SysWOW64\FlashPlayerInstaller.exe
=== C: other files ==
2014-05-04 13:23:56	7A72063F6419D8D64BD53502190EEF5D	1390	----a-w-	C:\Windows\Temp\TrendMicro AntiThreat Toolkit\Output\2014.05.04-1523.56_2048182D-009D-002D-00EA-008E3F9EC324_1626.zip
2014-05-04 13:23:56	45FC922C8505E72DFC3C4D4C5C382832	288840	----a-w-	C:\Windows\Temp\TrendMicro AntiThreat Toolkit\HC_ATTK\tmcomm.sys
2014-05-04 13:06:51	A250838A4FB04698F397D80E09D58B23	79	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_processes_list.bat
2014-05-04 13:06:51	93AEADE1C41822B8171419822C466978	3487	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\AMSPForceRemove.bat
2014-05-04 13:06:51	804EFB9D45EE29E8429B767D9DC824BF	177	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_systeminfo.bat
2014-05-04 13:06:51	4D032D7AE1BF541DE6291D523E4DD661	70	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_registry.bat
2014-05-04 13:06:51	30F85507993D81F4D5144CD3D3493702	196	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_copy_config.bat
2014-05-04 13:06:51	1E6C1B2E400B83F6B93480C9757651D4	36	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_ipconfig.bat
2014-05-04 13:06:51	177F0C8C1ED5DA0D30D7D3476ACB7908	51	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_folder_tree.bat
2014-05-04 13:06:51	0CD79E398FCCA25546554D37EE04F4EC	3770	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\ForceRemove.bat
2014-05-04 13:06:51	0852D10B59DA00A42D0DE0CE88332857	120	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\mk_debug_dir.bat
2014-05-04 13:06:42	A250838A4FB04698F397D80E09D58B23	79	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\tool\AMSP_processes_list.bat
2014-05-04 13:06:42	804EFB9D45EE29E8429B767D9DC824BF	177	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\tool\AMSP_systeminfo.bat
2014-05-04 13:06:42	4D032D7AE1BF541DE6291D523E4DD661	70	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\tool\AMSP_registry.bat
2014-05-04 13:06:42	0CD79E398FCCA25546554D37EE04F4EC	3770	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\ForceRemove.bat
2014-05-04 13:06:42	0852D10B59DA00A42D0DE0CE88332857	120	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\tool\mk_debug_dir.bat
2014-05-04 13:06:40	EE80A6D966630DF258A0E4179FA05F10	151308	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\ChromeExtension\tmNSCchromeExt.crx
2014-05-04 13:06:40	93AEADE1C41822B8171419822C466978	3487	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\AMSPForceRemove.bat
2014-05-04 13:06:40	68EDBD19489DF3C0A19663AFE1F5FF6E	151666	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\chromeextension\TmOspreychromeExt.crx
2014-05-04 13:06:40	30F85507993D81F4D5144CD3D3493702	196	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\tool\AMSP_copy_config.bat
2014-05-04 13:06:40	1E6C1B2E400B83F6B93480C9757651D4	36	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\tool\AMSP_ipconfig.bat
2014-05-04 13:06:40	177F0C8C1ED5DA0D30D7D3476ACB7908	51	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\SupportTool\64bit\tool\AMSP_folder_tree.bat
2014-05-04 13:06:39	C91EB6CEC1A7FE02BB54760ABF79FBA6	303392	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959585l1p5889r1o1\2.0.1065\tmnciesc.sys
2014-05-04 13:06:39	99591D7E6D321C01EFA5A8BD89015377	37904	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959816l1p5889r1o1\1.5.1021\tmel.sys
2014-05-04 13:06:39	48951FBFFFCAE52FADFCDFB76ED19749	105744	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t679493632l1p5889r1o1\6.8.1072\tmtdi.sys
2014-05-04 13:06:39	487F9EC22D6735C05D6FCBDAAD0BD8FF	303258	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959553l1p1r1o1\8.0.1095\chrome_tmbep.crx
2014-05-04 13:06:39	46FED8414F695D08A8CD3DECDD9580C6	116264	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t570425600l1p5889r1o1\6.0.1058\tmactmon.sys
2014-05-04 13:06:39	459ADC6D65E16EEF6F9DF42726D72131	85424	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t570425600l1p5889r1o1\6.0.1058\tmevtmgr.sys
2014-05-04 13:06:39	4068D01A407C5F3B9AD3DF523E6BCEF6	50976	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959844l1p5889r1o1\1.5.1017\TMEBC64.sys
2014-05-04 13:06:39	3A10F5BDF66013B13AAB032B549E934D	100640	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959620l1p5889r1o1\1.5.1137\tmeevw.sys
2014-05-04 13:06:39	375E18C016F67B8507FCBC57377AADDB	106272	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959680l1p5889r1o1\1.5.1137\tmeext.sys
2014-05-04 13:06:39	2346B5B9BF9EC8E2B8E634F45F3F8B76	281600	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t570425600l1p5889r1o1\6.0.1058\tmcomm.sys
2014-05-04 13:06:39	04F5630CF5C604B51D75AF6695BB8C12	103712	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\update\engine\c2t1207959832l1p5889r1o1\1.6.1082\tmusa.sys
2014-05-04 13:06:37	E8213D15469B2457C4178CBE9F8AF38A	170	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\debug\script\AMSP_copy_config.bat
2014-05-04 13:06:37	D94DA6C34EB7385F346FCA15EC85F212	245	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\debug\script\AMSP_registry.bat
2014-05-04 13:06:37	B113F6999C5139FEA922611AB5940529	20	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\debug\script\AMSP_ipconfig.bat
2014-05-04 13:06:37	83729C698248980FA0A016DE7E0D5CE2	91	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\debug\script\CollectICRCPerfmon.bat
2014-05-04 13:06:37	592F188323683FC4F2497C9BCDB31E04	60	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\debug\script\AMSP_processes_list.bat
2014-05-04 13:06:37	0FAA7EB13610A9BAA9C643019694FF12	159	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208792\Setup64\AMSP\debug\script\AMSP_systeminfo.bat
2014-05-04 12:59:53	E8213D15469B2457C4178CBE9F8AF38A	170	----a-w-	C:\Windows\Temp\AMSP_Debug\script\AMSP_copy_config.bat
2014-05-04 12:59:53	D94DA6C34EB7385F346FCA15EC85F212	245	----a-w-	C:\Windows\Temp\AMSP_Debug\script\AMSP_registry.bat
2014-05-04 12:59:53	B113F6999C5139FEA922611AB5940529	20	----a-w-	C:\Windows\Temp\AMSP_Debug\script\AMSP_ipconfig.bat
2014-05-04 12:59:53	83729C698248980FA0A016DE7E0D5CE2	91	----a-w-	C:\Windows\Temp\AMSP_Debug\script\CollectICRCPerfmon.bat
2014-05-04 12:59:53	592F188323683FC4F2497C9BCDB31E04	60	----a-w-	C:\Windows\Temp\AMSP_Debug\script\AMSP_processes_list.bat
2014-05-04 12:59:53	0FAA7EB13610A9BAA9C643019694FF12	159	----a-w-	C:\Windows\Temp\AMSP_Debug\script\AMSP_systeminfo.bat
2014-05-04 12:58:20	C007347E699A465BF65FD6047D7199D8	59	----a-w-	C:\Windows\System32\SupportTool.exe.bat
2014-05-04 12:56:07	A250838A4FB04698F397D80E09D58B23	79	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_processes_list.bat
2014-05-04 12:56:07	93AEADE1C41822B8171419822C466978	3487	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\AMSPForceRemove.bat
2014-05-04 12:56:07	804EFB9D45EE29E8429B767D9DC824BF	177	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_systeminfo.bat
2014-05-04 12:56:07	4D032D7AE1BF541DE6291D523E4DD661	70	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_registry.bat
2014-05-04 12:56:07	30F85507993D81F4D5144CD3D3493702	196	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_copy_config.bat
2014-05-04 12:56:07	1E6C1B2E400B83F6B93480C9757651D4	36	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_ipconfig.bat
2014-05-04 12:56:07	177F0C8C1ED5DA0D30D7D3476ACB7908	51	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\AMSP_folder_tree.bat
2014-05-04 12:56:07	0CD79E398FCCA25546554D37EE04F4EC	3770	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\ForceRemove.bat
2014-05-04 12:56:07	0852D10B59DA00A42D0DE0CE88332857	120	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\UCPlugin\c17t1706v0.0.0l1p5889r1o1\tool\mk_debug_dir.bat
2014-05-04 12:55:51	A250838A4FB04698F397D80E09D58B23	79	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\tool\AMSP_processes_list.bat
2014-05-04 12:55:51	804EFB9D45EE29E8429B767D9DC824BF	177	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\tool\AMSP_systeminfo.bat
2014-05-04 12:55:51	4D032D7AE1BF541DE6291D523E4DD661	70	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\tool\AMSP_registry.bat
2014-05-04 12:55:51	0CD79E398FCCA25546554D37EE04F4EC	3770	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\ForceRemove.bat
2014-05-04 12:55:51	0852D10B59DA00A42D0DE0CE88332857	120	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\tool\mk_debug_dir.bat
2014-05-04 12:55:50	93AEADE1C41822B8171419822C466978	3487	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\AMSPForceRemove.bat
2014-05-04 12:55:50	30F85507993D81F4D5144CD3D3493702	196	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\tool\AMSP_copy_config.bat
2014-05-04 12:55:50	1E6C1B2E400B83F6B93480C9757651D4	36	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\tool\AMSP_ipconfig.bat
2014-05-04 12:55:50	177F0C8C1ED5DA0D30D7D3476ACB7908	51	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\SupportTool\64bit\tool\AMSP_folder_tree.bat
2014-05-04 12:55:49	EE80A6D966630DF258A0E4179FA05F10	151308	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t679739392l1p5889r1o1\6.8.1118\ChromeExtension\tmNSCchromeExt.crx
2014-05-04 12:55:49	68EDBD19489DF3C0A19663AFE1F5FF6E	151666	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959830l1p5889r1o1\1.6.1083\chromeextension\TmOspreychromeExt.crx
2014-05-04 12:55:49	487F9EC22D6735C05D6FCBDAAD0BD8FF	303258	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959553l1p1r1o1\8.0.1095\chrome_tmbep.crx
2014-05-04 12:55:45	C91EB6CEC1A7FE02BB54760ABF79FBA6	303392	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959585l1p5889r1o1\2.0.1065\tmnciesc.sys
2014-05-04 12:55:45	99591D7E6D321C01EFA5A8BD89015377	37904	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959816l1p5889r1o1\1.5.1021\tmel.sys
2014-05-04 12:55:45	48951FBFFFCAE52FADFCDFB76ED19749	105744	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t679493632l1p5889r1o1\6.8.1072\tmtdi.sys
2014-05-04 12:55:45	46FED8414F695D08A8CD3DECDD9580C6	116264	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t570425600l1p5889r1o1\6.0.1058\tmactmon.sys
2014-05-04 12:55:45	459ADC6D65E16EEF6F9DF42726D72131	85424	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t570425600l1p5889r1o1\6.0.1058\tmevtmgr.sys
2014-05-04 12:55:45	4068D01A407C5F3B9AD3DF523E6BCEF6	50976	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959844l1p5889r1o1\1.5.1017\TMEBC64.sys
2014-05-04 12:55:45	3A10F5BDF66013B13AAB032B549E934D	100640	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959620l1p5889r1o1\1.5.1137\tmeevw.sys
2014-05-04 12:55:45	375E18C016F67B8507FCBC57377AADDB	106272	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959680l1p5889r1o1\1.5.1137\tmeext.sys
2014-05-04 12:55:45	2346B5B9BF9EC8E2B8E634F45F3F8B76	281600	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t570425600l1p5889r1o1\6.0.1058\tmcomm.sys
2014-05-04 12:55:45	04F5630CF5C604B51D75AF6695BB8C12	103712	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\update\engine\c2t1207959832l1p5889r1o1\1.6.1082\tmusa.sys
2014-05-04 12:55:38	E8213D15469B2457C4178CBE9F8AF38A	170	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\debug\script\AMSP_copy_config.bat
2014-05-04 12:55:38	D94DA6C34EB7385F346FCA15EC85F212	245	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\debug\script\AMSP_registry.bat
2014-05-04 12:55:38	B113F6999C5139FEA922611AB5940529	20	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\debug\script\AMSP_ipconfig.bat
2014-05-04 12:55:38	83729C698248980FA0A016DE7E0D5CE2	91	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\debug\script\CollectICRCPerfmon.bat
2014-05-04 12:55:38	592F188323683FC4F2497C9BCDB31E04	60	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\debug\script\AMSP_processes_list.bat
2014-05-04 12:55:38	0FAA7EB13610A9BAA9C643019694FF12	159	----a-w-	C:\ProgramData\Trend Micro Installer\Trend_Micro_1399208124\Setup64\AMSP\debug\script\AMSP_systeminfo.bat
2014-05-04 11:24:09	6140163BFE9D8F2DFDBA088ED5521C13	119512	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-04 11:23:44	FD5465B876D55534117963FAAA4B9DFC	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-05-04 11:23:44	C49915271600CFC2305FAA4271D0002F	63192	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-05-04 11:23:44	4A1356200B82B852E137B687F03E8054	88280	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-04 11:10:50	D89A382292CB7F22CD29D6E5D9A41CBF	18714	----a-w-	C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
2014-04-30 18:31:00	5545FB5B49268C903F311849DB1942ED	423240	----a-w-	C:\Windows\System32\drivers\hldxzzpp.sys
2014-04-30 18:15:59	5545FB5B49268C903F311849DB1942ED	423240	----a-w-	C:\Windows\System32\drivers\xjhilqbt.sys
2014-04-30 18:15:38	5545FB5B49268C903F311849DB1942ED	423240	----a-w-	C:\Windows\System32\drivers\gregevwk.sys
2014-04-30 15:59:06	4D0F7A48B33B46D1B5FD2D76C319F4AD	12047	----a-w-	C:\Users\Thierry\Documents\CisReport_x64_v7.0.317799.4142_20140430-175901.zip
2014-04-29 18:08:12	15370FC5101A81376B8F56D67DE68959	10869	----a-w-	C:\Users\Thierry\Documents\CisReport_x64_v7.0.317799.4142_20140429-200808.zip
2014-04-29 18:00:41	8F060FD64C2FDCA5AF733DFEFC79A234	478719	----a-w-	C:\Users\Thierry\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx
2014-04-29 16:16:11	61A7E0B02F82CFF3DB2445BBE50B3589	24144	----a-w-	C:\Program Files (x86)\AVG\AVG2014\Drivers\avgidsfilterx.sys
2014-04-29 16:16:11	0F293406F64B48D5D2F0D3A1117F3A83	29776	----a-w-	C:\Program Files (x86)\AVG\AVG2014\Drivers\avgidsfiltera.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-958784132-981123827-108029691-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"NBAgent"="C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe /WinStart"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="E:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"beid"="\"C:\\Program Files (x86)\\Belgium Identity Card\\beid35gui.exe\" /startup"


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Energenie Power Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Energenie Power Manager"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Energenie\\Power Manager\\pm.exe\" -winstartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PPort12reminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPort12reminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Nuance\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\ScanSoft\\PaperPort\\12\\Config\\Ereg\\Ereg.ini\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Clone EX.LNK]
"item"="PC Clone EX"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PC Clone EX.LNK"
"backup"="C:\\Windows\\pss\\PC Clone EX.LNK.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PCCLON~1\\PCCLON~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
"item"="Start GeekBuddy"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Start GeekBuddy.lnk"
"backup"="C:\\Windows\\pss\\Start GeekBuddy.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\COMODO\\GEEKBU~1\\launcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Thierry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
"item"="MyPC Backup"
"path"="C:\\Users\\Thierry\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk"
"backup"="C:\\Windows\\pss\\MyPC Backup.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MYPCBA~1\\MYPCBA~1.EXE"


==== Startup Folders ======================

2012-11-04 09:39:19	2743	----a-w-	C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
2011-12-19 16:16:42	2301	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [29/04/2014 17:51]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/01/2012 11:02]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/01/2012 11:02]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Titanium BTC" [C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\a0bav93m.default
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Thierry\AppData\Roaming\Mozilla\Firefox\Profiles\a0bav93m.default
9FD6A1990289B9290563CA069CB74EF9	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll -	Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Thierry\AppData\Local\Temp\crxB649.tmp[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cmaiofennmphjldldcpphcechfnnohja - C:\Users\Thierry\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx[29/04/2014 20:00]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://isearch.avg.com/tab?cid={DBF60405-3FFE-4EF1-9A44-7AD304F715EB}&mid=906267cc08c847d18f4ee92931ab861c-64cfbd518c0adf75635b38fe92c98c219f6cab49&lang=nl&ds=AVG&pr=fr&d=2011-11-24 17:28:05&v=9.0.0.22&sap=nt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://isearch.avg.com/tab?cid={DBF60405-3FFE-4EF1-9A44-7AD304F715EB}&mid=906267cc08c847d18f4ee92931ab861c-64cfbd518c0adf75635b38fe92c98c219f6cab49&lang=nl&ds=AVG&pr=fr&d=2011-11-24 17:28:05&v=9.0.0.22&sap=nt"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com/"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Thierry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Thierry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86XPTC4C will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Thierry\AppData\Local\Mozilla\Firefox\Profiles\a0bav93m.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=636 folders=121 72055079 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Thierry\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Thierry\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Thierry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\86XPTC4C" not found

==== EOF on zo 04/05/2014 at 17:48:02,72 ======================