BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Explorer.exe shuts down after Windows startup
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Explorer.exe shuts down after Windows startup  
Forum Quick Jump
 
New Topic Post reply to : Explorer.exe shuts down after Windows startup Printable version of : Explorer.exe shuts down after Windows startup
[ << Previous Thread | Next Thread >> ]

Robin085
New Member


Date Joined May 2013
Total Posts : 7
 
   Posted 5/30/2013 1:49 AM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
Hey guys,

It seems my Windows 7 PC has somehow been infected with malware of some sort. While searching for a particular piece of software online I've had AVG giving a virus warning, on which I had it blocked.

Moments later, explorer.exe just seemed to shut down. I only had a blank desktop image, no Windows toolbar whatsoever. I wasn't able to open taskmanager to restart explorer.exe manually so I rebooted.

After the reboot, explorer.exe similarly would shut down as soon as Windows had fully started. I rebooted in safe mode, which worked fine, and had my PC scanned with AVG, which removed 2 virusses, and Hitman Pro, which didn't find anything.

After that, still the same trouble so I did a system restore (backup from 4 days earlier), which seems to work for now. Nevertheless I'm not sure whether any infected files in the registry have actually been replaced in the restore, or there's malware of some sort still lurking around somewhere.

A few hours of searching online didn't result in any useful advice as the only topics I found on this particular issue weren't much helpful. Does it sound familiar to anyone and any suggestions how to get rid of it, if I haven't already?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/30/2013 11:26 AM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
Welcome   Robin085                       smile



 
 
I will assist you with the your issue.
  • For x32 (x86) bit systems download:
  •  http://download.bleepingcomputer.com/farbar/FRST.exe
  • and save it to a flash drive.
    For x64 bit systems download:
  •  http://download.bleepingcomputer.com/farbar/FRST.exe
  •  and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Robin085
New Member


Date Joined May 2013
Total Posts : 7
 
   Posted 5/30/2013 11:41 AM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
Hi, thanks for the quick and clear reply. I'll do so. Just wondering, would I not be able to just run FRST in safe mode?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/30/2013 11:43 AM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
"just run FRST in safe mode?"
 
 
 
 
 
It´s worth a try                  ;-)


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

Robin085
New Member


Date Joined May 2013
Total Posts : 7
 
   Posted 5/30/2013 2:16 PM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
Okay, as I said, since the system restore, it all seems to work fine. I did the FRST scan anyway, in normal Windows mode. Here's the results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013
Ran by Robin (administrator) on 30-05-2013 13:11:15
Running from C:\Users\Robin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG10\avgrsa.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(KPN) C:\Program Files\KPN Back-up Online\BackupSC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(KPN) C:\Program Files\KPN Back-up Online\BackupFP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
(Spotify Ltd) C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Farbar) C:\Users\Robin\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-06] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6160928 2010-01-30] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-13] (Realtek Semiconductor Corp.)
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-06] (Spotify Ltd)
MountPoints2: G - G:\LaunchU3.exe -a
MountPoints2: H - H:\LaunchU3.exe -a
MountPoints2: {1b3dc415-eea6-11e1-b8df-c80aa9dec962} - G:\AutoRun.exe
MountPoints2: {2b95a1da-e12c-11e0-bb3b-c80aa9dec962} - H:\AutoRun.exe
MountPoints2: {2b95a1dd-e12c-11e0-bb3b-c80aa9dec962} - G:\AutoRun.exe
MountPoints2: {2b95a20b-e12c-11e0-bb3b-c80aa9dec962} - G:\LaunchU3.exe -a
MountPoints2: {42892036-e1e8-11e0-8d3f-c80aa9dec962} - G:\AutoRun.exe
MountPoints2: {42892094-e1e8-11e0-8d3f-c80aa9dec962} - G:\AutoRun.exe
MountPoints2: {4289209f-e1e8-11e0-8d3f-c80aa9dec962} - H:\AutoRun.exe
MountPoints2: {57eea60d-e12b-11e0-9bfb-c80aa9dec962} - H:\AutoRun.exe
MountPoints2: {6e147d1b-eea0-11e1-b853-c80aa9dec962} - G:\AutoRun.exe
MountPoints2: {946d5d0b-ede8-11e1-9b39-c80aa9dec962} - G:\AutoRun.exe
MountPoints2: {946d5d18-ede8-11e1-9b39-c80aa9dec962} - G:\AutoRun.exe
MountPoints2: {c9684ccb-d566-11df-b07c-c80aa9dec962} - I:\LaunchU3.exe -a
MountPoints2: {ee539afb-20fc-11e2-b84a-c80aa9dec962} - G:\SETUP.EXE -autorun
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
BootExecute: autocheck autochk * bootdeleteC:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
HKLM SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM-x32 SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
HKCU SearchScopes: DefaultScope {2CF7FF10-32B1-4D34-9371-D3A29CCC50BF} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {00AFB5EE-A3E4-4E48-9F8B-0950B37B5F9B} URL = http://search.avg.com/?d=4dbd90dc&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {2CF7FF10-32B1-4D34-9371-D3A29CCC50BF} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {4A2F05AE-7550-483E-8F1A-74D4597E2148} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=815A0F13-CA74-48DD-9E23-022EA62EA7EB&apn_sauid=90ED71C1-CEFA-42B4-AEE4-77DCD313E8F1
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No File
BHO-x32: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: continuetosave - {F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} - C:\ProgramData\continuetosave\512786279cfbf.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default
FF Homepage: hxxp://www.hotmail.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: 503b6c9f609fa - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\Extensions\503b6c9f609fa@503b6c9f60a33.info.xpi

Chrome:
=======
CHR Extension: (continuetosave) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blcjdfdbfabojnoihfadacglilhjlojb\1
CHR Extension: (continuetosave) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpjhchhgecknaeieeemgnfhkmnmmnap\1

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-26] (Akamai Technologies, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 KPN Back-up Online SC; C:\Program Files\KPN Back-up Online\BackupSC.exe [523064 2013-01-30] (KPN)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-28] (DT Soft Ltd)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-08-29 15:22 - 2030-08-29 15:22 - 00143872 ____N (Intel Corporation) C:\Windows\SysWOW64\iacenc.dll
2030-08-29 15:22 - 2030-08-29 15:22 - 00056832 ____N C:\Windows\SysWOW64\iyvu9_32.dll
2013-05-30 13:11 - 2013-05-30 13:11 - 00000000 ____D C:\FRST
2013-05-30 13:10 - 2013-05-30 13:10 - 01915774 ____A (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2013-05-29 12:45 - 2013-05-29 16:06 - 95023320 ___AT C:\ProgramData\qgrmj.pad
2013-05-29 12:45 - 2013-05-29 16:06 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-29 12:44 - 2013-05-29 12:45 - 95023320 ___AT C:\ProgramData\rheo.pad
2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\oehr.dat
2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\jmrgq.dat
2013-05-27 22:03 - 2013-05-27 22:39 - 00000000 ____D C:\Users\Robin\Downloads\Chocolat (2000)
2013-05-27 10:01 - 2013-05-27 10:01 - 00000000 ____D C:\Users\Robin\AppData\Local\{C1A388B3-BABA-4480-8693-388271925238}
2013-05-25 17:07 - 2013-05-25 17:07 - 01394590 ____A C:\Users\Robin\Desktop\visuals.psd
2013-05-25 15:14 - 2013-05-25 15:14 - 00277040 ____A C:\Windows\Minidump\052513-43602-01.dmp
2013-05-23 14:16 - 2013-05-23 14:16 - 00000000 ____D C:\Users\Robin\AppData\Local\{D338AD4D-1069-4B70-A27C-0954EEFFA2F5}
2013-05-22 11:17 - 2013-05-22 11:18 - 00000000 ____D C:\Users\Robin\AppData\Local\{55588D7E-1613-418F-A4FC-525AD34F5762}
2013-05-21 23:43 - 2013-05-21 23:43 - 00276984 ____A C:\Windows\Minidump\052113-42915-01.dmp
2013-05-18 20:24 - 2013-05-18 20:24 - 00277040 ____A C:\Windows\Minidump\051813-45302-01.dmp
2013-05-17 10:22 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 10:22 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 10:22 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-17 10:22 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 10:22 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-17 10:22 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 10:22 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-17 10:22 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-17 10:22 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 10:22 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-17 10:22 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-17 10:22 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-16 12:17 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 12:17 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 12:17 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 12:17 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 12:17 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 12:17 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 12:17 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 12:17 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 12:17 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 12:17 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 12:17 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 12:17 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 12:17 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 12:17 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 20:18 - 2013-05-15 20:18 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-15 14:12 - 2013-05-15 14:12 - 00277040 ____A C:\Windows\Minidump\051513-26098-01.dmp
2013-05-15 11:39 - 2013-05-15 11:40 - 00000000 ____D C:\Users\Robin\AppData\Local\{75D0177D-FC9A-45B6-AB00-A960E6806553}
2013-05-14 20:40 - 2013-05-14 20:41 - 00277040 ____A C:\Windows\Minidump\051413-32822-01.dmp
2013-05-14 11:15 - 2013-05-14 11:15 - 00000000 ____D C:\Users\Robin\AppData\Local\{744C7F61-1CFC-4A71-AE3B-16BFC617436E}
2013-05-14 09:26 - 2013-05-14 09:27 - 00276984 ____A C:\Windows\Minidump\051413-35334-01.dmp
2013-05-11 19:58 - 2013-05-11 19:58 - 00277040 ____A C:\Windows\Minidump\051113-71261-01.dmp
2013-05-10 16:48 - 2013-05-10 16:48 - 00000000 ____D C:\ProgramData\NCH Software
2013-05-10 16:37 - 2013-05-10 16:37 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-05-10 15:59 - 2013-05-10 16:04 - 00000000 ____D C:\Users\Robin\AppData\Roaming\MAXQDA11
2013-05-10 15:57 - 2013-05-10 16:46 - 00000000 ____D C:\Users\Public\Documents\MAXQDA11
2013-05-10 15:56 - 2013-05-10 16:46 - 00000000 ____D C:\ProgramData\MAXQDA11
2013-05-10 15:56 - 2013-05-10 16:46 - 00000000 ____D C:\Program Files (x86)\MAXQDA11
2013-05-10 15:56 - 2013-05-10 15:56 - 00000000 ____D C:\Users\Robin\Downloads\MAXQDA v10.4.15.1 (Cracked)
2013-05-10 15:32 - 2013-05-10 15:32 - 00324034 ____A C:\Users\Robin\Documents\speech thesis.prproj
2013-05-10 15:19 - 2013-05-10 15:19 - 00000000 ____D C:\Users\Robin\AppData\Local\IsolatedStorage
2013-05-10 15:16 - 2013-05-10 15:16 - 00000262 _RASH C:\Users\Robin\ntuser.pol
2013-05-10 14:15 - 2013-05-29 16:56 - 00000000 ____D C:\Program Files (x86)\Airfoil
2013-05-10 14:15 - 2013-05-10 14:15 - 00000989 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil Speakers.lnk
2013-05-10 14:15 - 2013-05-10 14:15 - 00000925 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil.lnk
2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\Users\Robin\AppData\Local\Rogue_Amoeba
2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\users\Mcx1-ROBIN-PC
2013-05-08 13:39 - 2013-05-08 13:39 - 00000000 ____D C:\Program Files (x86)\WeftQDA
2013-05-08 13:38 - 2013-05-08 13:38 - 00001447 ____A C:\Users\Robin\Desktop\Atlasti - Snelkoppeling.lnk
2013-05-08 13:30 - 2013-05-29 21:18 - 00000000 ____D C:\Users\Robin\Downloads\ATLASti
2013-05-08 13:25 - 2013-05-10 16:48 - 00000000 ____D C:\Users\Robin\AppData\Roaming\NCH Software
2013-05-08 12:20 - 2013-05-08 12:20 - 00000000 ____D C:\Users\Robin\AppData\Local\{6D4B1CFF-9CFE-4A2B-8B8E-6936AE9ACC78}
2013-05-07 15:39 - 2013-05-07 15:39 - 00000000 ____D C:\Users\Robin\AppData\Local\{455B4C61-85FD-42A3-8728-EB7136024442}
2013-05-06 18:24 - 2013-05-06 18:24 - 00000000 ____D C:\Users\Robin\AppData\Local\{47770974-5FDD-47ED-B4B5-A3AFD11C3AA1}
2013-05-01 15:42 - 2013-05-01 15:42 - 00000000 ____D C:\Users\Robin\AppData\Local\{506EDB7C-4720-45D7-8C70-D0A75A590E6B}
2013-05-01 15:38 - 2013-05-01 15:38 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-01 15:38 - 2013-05-01 15:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-01 15:38 - 2013-05-01 15:38 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-01 15:38 - 2013-05-01 15:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-01 15:38 - 2013-05-01 15:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-01 15:38 - 2013-05-01 15:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-01 15:38 - 2013-05-01 15:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-05-01 15:35 - 2013-05-01 15:46 - 00009499 ____A C:\Windows\IE10_main.log

==================== One Month Modified Files and Folders =======

2030-08-29 15:22 - 2030-08-29 15:22 - 00143872 ____N (Intel Corporation) C:\Windows\SysWOW64\iacenc.dll
2030-08-29 15:22 - 2030-08-29 15:22 - 00056832 ____N C:\Windows\SysWOW64\iyvu9_32.dll
2013-05-30 13:11 - 2013-05-30 13:11 - 00000000 ____D C:\FRST
2013-05-30 13:10 - 2013-05-30 13:10 - 01915774 ____A (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2013-05-30 13:07 - 2013-02-22 16:23 - 00000000 ____D C:\ProgramData\continuetosave
2013-05-30 13:07 - 2013-01-16 17:22 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-30 13:06 - 2013-04-09 13:07 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-05-30 13:06 - 2012-08-16 00:41 - 00040891 ____A C:\Windows\setupact.log
2013-05-30 13:06 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-29 22:46 - 2010-04-27 02:26 - 01775475 ____A C:\Windows\WindowsUpdate.log
2013-05-29 22:37 - 2013-01-16 17:22 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-29 22:18 - 2013-01-08 18:07 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-29 21:18 - 2013-05-08 13:30 - 00000000 ____D C:\Users\Robin\Downloads\ATLASti
2013-05-29 17:06 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-29 17:06 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-29 17:03 - 2010-11-08 13:56 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-05-29 16:59 - 2010-10-06 15:10 - 00000000 ____D C:\users\Robin
2013-05-29 16:58 - 2009-07-14 07:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-29 16:56 - 2013-05-10 14:15 - 00000000 ____D C:\Program Files (x86)\Airfoil
2013-05-29 16:56 - 2013-04-09 13:07 - 00000000 ____D C:\Program Files\KPN Back-up Online
2013-05-29 16:56 - 2010-10-06 21:39 - 00000000 ____D C:\Users\Robin\AppData\Roaming\uTorrent
2013-05-29 16:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-05-29 16:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-29 16:06 - 2013-05-29 12:45 - 95023320 ___AT C:\ProgramData\qgrmj.pad
2013-05-29 16:06 - 2013-05-29 12:45 - 00000000 ____A C:\ProgramData\as98213.txt
2013-05-29 12:45 - 2013-05-29 12:44 - 95023320 ___AT C:\ProgramData\rheo.pad
2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\oehr.dat
2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\jmrgq.dat
2013-05-28 17:40 - 2010-10-25 21:29 - 00001456 ____A C:\Users\Robin\AppData\Local\Adobe Opslaan voor web 12.0 Prefs
2013-05-28 16:23 - 2011-05-15 16:49 - 00000000 ____D C:\Users\Robin\AppData\Local\Spotify
2013-05-27 22:39 - 2013-05-27 22:03 - 00000000 ____D C:\Users\Robin\Downloads\Chocolat (2000)
2013-05-27 11:16 - 2010-11-01 16:30 - 00000000 ____D C:\Users\Robin\Documents\3voor12
2013-05-27 10:01 - 2013-05-27 10:01 - 00000000 ____D C:\Users\Robin\AppData\Local\{C1A388B3-BABA-4480-8693-388271925238}
2013-05-25 19:26 - 2013-02-26 19:11 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Spotify
2013-05-25 17:07 - 2013-05-25 17:07 - 01394590 ____A C:\Users\Robin\Desktop\visuals.psd
2013-05-25 15:14 - 2013-05-25 15:14 - 00277040 ____A C:\Windows\Minidump\052513-43602-01.dmp
2013-05-25 15:14 - 2012-09-08 09:56 - 419129752 ____A C:\Windows\MEMORY.DMP
2013-05-25 15:14 - 2011-09-29 19:43 - 00000000 ____D C:\Windows\Minidump
2013-05-25 13:36 - 2013-03-04 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-24 16:12 - 2013-04-12 12:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-24 16:12 - 2013-03-08 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-05-23 14:16 - 2013-05-23 14:16 - 00000000 ____D C:\Users\Robin\AppData\Local\{D338AD4D-1069-4B70-A27C-0954EEFFA2F5}
2013-05-22 13:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-22 11:18 - 2013-05-22 11:17 - 00000000 ____D C:\Users\Robin\AppData\Local\{55588D7E-1613-418F-A4FC-525AD34F5762}
2013-05-21 23:43 - 2013-05-21 23:43 - 00276984 ____A C:\Windows\Minidump\052113-42915-01.dmp
2013-05-21 16:35 - 2011-09-20 15:15 - 00024206 ____A C:\Users\Robin\Documents\Diary.ods
2013-05-19 19:00 - 2010-03-28 02:31 - 10636238 ____A C:\Windows\System32\perfh013.dat
2013-05-19 19:00 - 2010-03-28 02:31 - 03434972 ____A C:\Windows\System32\perfc013.dat
2013-05-19 19:00 - 2009-07-14 07:13 - 00005214 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 20:24 - 2013-05-18 20:24 - 00277040 ____A C:\Windows\Minidump\051813-45302-01.dmp
2013-05-17 10:53 - 2009-07-14 06:45 - 04957728 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 10:29 - 2010-11-01 22:36 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 20:18 - 2013-05-15 20:18 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-15 20:18 - 2012-07-24 09:44 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 20:18 - 2011-06-12 15:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 14:12 - 2013-05-15 14:12 - 00277040 ____A C:\Windows\Minidump\051513-26098-01.dmp
2013-05-15 11:40 - 2013-05-15 11:39 - 00000000 ____D C:\Users\Robin\AppData\Local\{75D0177D-FC9A-45B6-AB00-A960E6806553}
2013-05-14 20:41 - 2013-05-14 20:40 - 00277040 ____A C:\Windows\Minidump\051413-32822-01.dmp
2013-05-14 11:15 - 2013-05-14 11:15 - 00000000 ____D C:\Users\Robin\AppData\Local\{744C7F61-1CFC-4A71-AE3B-16BFC617436E}
2013-05-14 09:27 - 2013-05-14 09:26 - 00276984 ____A C:\Windows\Minidump\051413-35334-01.dmp
2013-05-13 16:46 - 2012-09-30 13:34 - 00000000 ____D C:\Users\Robin\Documents\The Daily Indie
2013-05-11 19:58 - 2013-05-11 19:58 - 00277040 ____A C:\Windows\Minidump\051113-71261-01.dmp
2013-05-11 19:57 - 2010-10-06 15:05 - 00397492 ____A C:\Windows\PFRO.log
2013-05-10 16:48 - 2013-05-10 16:48 - 00000000 ____D C:\ProgramData\NCH Software
2013-05-10 16:48 - 2013-05-08 13:25 - 00000000 ____D C:\Users\Robin\AppData\Roaming\NCH Software
2013-05-10 16:48 - 2012-11-10 21:26 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-05-10 16:46 - 2013-05-10 15:57 - 00000000 ____D C:\Users\Public\Documents\MAXQDA11
2013-05-10 16:46 - 2013-05-10 15:56 - 00000000 ____D C:\ProgramData\MAXQDA11
2013-05-10 16:46 - 2013-05-10 15:56 - 00000000 ____D C:\Program Files (x86)\MAXQDA11
2013-05-10 16:45 - 2010-03-27 18:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-10 16:38 - 2010-10-22 17:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-05-10 16:37 - 2013-05-10 16:37 - 00000000 ____D C:\Users\Public\Documents\Adobe
2013-05-10 16:37 - 2010-10-15 15:23 - 00000000 ____D C:\Users\Robin\AppData\Local\Adobe
2013-05-10 16:37 - 2010-10-06 17:25 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Adobe
2013-05-10 16:04 - 2013-05-10 15:59 - 00000000 ____D C:\Users\Robin\AppData\Roaming\MAXQDA11
2013-05-10 15:56 - 2013-05-10 15:56 - 00000000 ____D C:\Users\Robin\Downloads\MAXQDA v10.4.15.1 (Cracked)
2013-05-10 15:40 - 2010-03-27 18:54 - 00000000 ____D C:\ProgramData\Adobe
2013-05-10 15:39 - 2012-03-12 13:05 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Skype
2013-05-10 15:32 - 2013-05-10 15:32 - 00324034 ____A C:\Users\Robin\Documents\speech thesis.prproj
2013-05-10 15:19 - 2013-05-10 15:19 - 00000000 ____D C:\Users\Robin\AppData\Local\IsolatedStorage
2013-05-10 15:16 - 2013-05-10 15:16 - 00000262 _RASH C:\Users\Robin\ntuser.pol
2013-05-10 15:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-05-10 14:15 - 2013-05-10 14:15 - 00000989 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil Speakers.lnk
2013-05-10 14:15 - 2013-05-10 14:15 - 00000925 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil.lnk
2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\Users\Robin\AppData\Local\Rogue_Amoeba
2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\users\Mcx1-ROBIN-PC
2013-05-08 13:39 - 2013-05-08 13:39 - 00000000 ____D C:\Program Files (x86)\WeftQDA
2013-05-08 13:38 - 2013-05-08 13:38 - 00001447 ____A C:\Users\Robin\Desktop\Atlasti - Snelkoppeling.lnk
2013-05-08 12:20 - 2013-05-08 12:20 - 00000000 ____D C:\Users\Robin\AppData\Local\{6D4B1CFF-9CFE-4A2B-8B8E-6936AE9ACC78}
2013-05-07 15:39 - 2013-05-07 15:39 - 00000000 ____D C:\Users\Robin\AppData\Local\{455B4C61-85FD-42A3-8728-EB7136024442}
2013-05-06 18:24 - 2013-05-06 18:24 - 00000000 ____D C:\Users\Robin\AppData\Local\{47770974-5FDD-47ED-B4B5-A3AFD11C3AA1}
2013-05-04 19:20 - 2013-04-10 00:47 - 00000000 ____D C:\Users\Robin\Documents\Dirk artikel
2013-05-01 22:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-01 15:46 - 2013-05-01 15:35 - 00009499 ____A C:\Windows\IE10_main.log
2013-05-01 15:42 - 2013-05-01 15:42 - 00000000 ____D C:\Users\Robin\AppData\Local\{506EDB7C-4720-45D7-8C70-D0A75A590E6B}
2013-05-01 15:38 - 2013-05-01 15:38 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-01 15:38 - 2013-05-01 15:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-05-01 15:38 - 2013-05-01 15:38 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-01 15:38 - 2013-05-01 15:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-05-01 15:38 - 2013-05-01 15:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-01 15:38 - 2013-05-01 15:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-05-01 15:38 - 2013-05-01 15:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-05-01 15:38 - 2013-05-01 15:38 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-01 15:38 - 2013-05-01 15:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

Other Malware:
===========
C:\ProgramData\jmrgq.dat
C:\ProgramData\oehr.dat
C:\ProgramData\qgrmj.pad
C:\ProgramData\rheo.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-25 19:51

==================== End Of Log ============================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/30/2013 4:24 PM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
Looks like you have (had)  the police virus, as there still are some remnants we'll need to remove.
 
 
 
Please work your way through the following steps:

  • Open notepad (Start => All Programs => Accessories => Notepad).
  • Please copy the content of the  below in the codebox. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it same place where you have Farbar Tool.
start
BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No File
BHO-x32: continuetosave - {F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} - C:\ProgramData\continuetosave\512786279cfbf.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
C:\ProgramData\qgrmj.pad
C:\ProgramData\as98213.txt
C:\ProgramData\rheo.pad
C:\ProgramData\oehr.dat
C:\ProgramData\jmrgq.dat
end
 
 
  • Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
  • The tool will make a log - Fixlog.txt
  • Please post it in your next reply
  • As soon as you have ran the above script please follow immediately with Combofix:
  •  
     
    Please download Combofix from:
     
    And save to the desktop.
     
    After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
    Exit all windows that are currently open on your computer.
    To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.
     
    Double-click on the combofix icon found on your desktop.
     
    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
    In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    When finished, it will produce a logfile located at C:\combofix.txt.
     

    Post the contents of that log in your next reply
    The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


    Please read:  Forum Rules
    Click here:   Before-posting-a-log
     
    Do not PM me with logfiles. They will be deleted. 

     

    Back to Top
     

    Robin085
    New Member


    Date Joined May 2013
    Total Posts : 7
     
       Posted 6/6/2013 1:42 AM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-05-2013
    Ran by Robin at 2013-06-06 00:41:52 Run:1
    Running from C:\Users\Robin\Desktop\Fix
    Boot Mode: Normal
    ==============================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
    HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
    C:\ProgramData\qgrmj.pad => Moved successfully.
    C:\ProgramData\as98213.txt => Moved successfully.
    C:\ProgramData\rheo.pad => Moved successfully.
    C:\ProgramData\oehr.dat => Moved successfully.
    C:\ProgramData\jmrgq.dat => Moved successfully.

    ==== End of Fixlog ====
    Back to Top
     

    Robin085
    New Member


    Date Joined May 2013
    Total Posts : 7
     
       Posted 6/6/2013 2:33 AM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
    Hi, above the FRST log. I ran Combofix as well and all went smoothly, but as soon as it finished and created the log, my internet connection was lost. I rebooted my pc and my router, but it doesn't solve it. I do in fact pick up the wifi signal but there's no www connection. My router's fine as I write this from my iPhone and it works fine. A quick google learns more people run into this after using Combofix, what to do?

    EDIT: I ran a system restore and internet is up again. I don't know whether the thing Combofix did, is undone now though?

    This is the Combofix log:


    ComboFix 13-06-05.05 - Robin 06-06-2013 0:51.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1848 [GMT 2:00]
    Gestart vanuit: c:\users\Robin\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\continuetosave
    c:\programdata\continuetosave\512786279cfbf.tlb
    c:\programdata\continuetosave\512786797a1e7.tlb
    c:\programdata\continuetosave\settings.ini
    c:\users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\tbinst
    c:\users\Robin\AppData\Roaming\Microsoft\~DFK53e58f.tmp
    c:\users\Robin\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Robin\AppData\Roaming\Microsoft\bass.dll
    c:\users\Robin\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Robin\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Robin\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\Robin\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Robin\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Robin\AppData\Roaming\Microsoft\rsaadjd.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-05-05 to 2013-06-05 ))))))))))))))))))))))))))))))
    .
    .
    2030-08-29 13:22 . 2030-08-29 13:22 56832 ------w- c:\windows\SysWow64\iyvu9_32.dll
    2030-08-29 13:22 . 2030-08-29 13:22 143872 ------w- c:\windows\SysWow64\iacenc.dll
    2013-06-05 23:00 . 2013-06-05 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-05-30 18:28 . 2013-05-30 18:28 -------- d-----w- c:\users\Robin\AppData\Roaming\Mael
    2013-05-30 11:11 . 2013-05-30 11:11 -------- d-----w- C:\FRST
    2013-05-24 14:12 . 2013-05-24 14:12 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    2013-05-16 10:17 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-05-15 18:18 . 2013-05-15 18:18 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-05-10 14:48 . 2013-05-10 14:48 -------- d-----w- c:\programdata\NCH Software
    2013-05-10 14:06 . 2013-05-10 14:06 -------- d-----w- c:\users\Robin\AppData\Local\Programs
    2013-05-10 13:59 . 2013-05-10 14:04 -------- d-----w- c:\users\Robin\AppData\Roaming\MAXQDA11
    2013-05-10 13:56 . 2013-05-10 14:46 -------- d-----w- c:\programdata\MAXQDA11
    2013-05-10 13:56 . 2013-05-10 14:46 -------- d-----w- c:\program files (x86)\MAXQDA11
    2013-05-10 13:19 . 2013-05-10 13:19 -------- d-----w- c:\users\Robin\AppData\Local\IsolatedStorage
    2013-05-10 13:16 . 2013-05-10 13:18 -------- d-----w- c:\program files (x86)\OApps
    2013-05-10 12:15 . 2013-05-10 12:15 -------- d-----w- c:\users\Robin\AppData\Local\Rogue_Amoeba
    2013-05-10 12:15 . 2013-05-10 12:15 -------- d-----w- c:\users\Mcx1-ROBIN-PC
    2013-05-10 12:15 . 2013-05-31 12:35 -------- d-----w- c:\program files (x86)\Airfoil
    2013-05-08 11:39 . 2013-05-30 22:16 -------- d-----w- c:\program files (x86)\WeftQDA
    2013-05-08 11:25 . 2013-05-10 14:48 -------- d-----w- c:\users\Robin\AppData\Roaming\NCH Software
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-17 08:29 . 2010-11-01 20:36 75016696 ----a-w- c:\windows\system32\MRT.exe
    2013-05-15 18:18 . 2012-07-24 07:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-15 18:18 . 2011-06-12 13:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 09:15 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-01 13:38 . 2013-05-01 13:38 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-05-01 13:38 . 2013-05-01 13:38 226304 ----a-w- c:\windows\system32\elshyph.dll
    2013-05-01 13:38 . 2013-05-01 13:38 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-05-01 13:38 . 2013-05-01 13:38 158720 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-05-01 13:38 . 2013-05-01 13:38 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-05-01 13:38 . 2013-05-01 13:38 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-05-01 13:38 . 2013-05-01 13:38 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-05-01 13:38 . 2013-05-01 13:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-05-01 13:38 . 2013-05-01 13:38 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-05-01 13:38 . 2013-05-01 13:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-05-01 13:38 . 2013-05-01 13:38 138752 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-05-01 13:38 . 2013-05-01 13:38 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-05-01 13:38 . 2013-05-01 13:38 12800 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-05-01 13:38 . 2013-05-01 13:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-05-01 13:38 . 2013-05-01 13:38 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-05-01 13:38 . 2013-05-01 13:38 361984 ----a-w- c:\windows\SysWow64\html.iec
    2013-05-01 13:38 . 2013-05-01 13:38 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-05-01 13:38 . 2013-05-01 13:38 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-05-01 13:38 . 2013-05-01 13:38 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-05-01 13:38 . 2013-05-01 13:38 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-05-01 13:38 . 2013-05-01 13:38 762368 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-05-01 13:38 . 2013-05-01 13:38 452096 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-05-01 13:38 . 2013-05-01 13:38 441856 ----a-w- c:\windows\system32\html.iec
    2013-05-01 13:38 . 2013-05-01 13:38 281600 ----a-w- c:\windows\system32\dxtrans.dll
    2013-05-01 13:38 . 2013-05-01 13:38 270848 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-05-01 13:38 . 2013-05-01 13:38 235008 ----a-w- c:\windows\system32\url.dll
    2013-05-01 13:38 . 2013-05-01 13:38 216064 ----a-w- c:\windows\system32\msls31.dll
    2013-05-01 13:38 . 2013-05-01 13:38 197120 ----a-w- c:\windows\system32\msrating.dll
    2013-05-01 13:38 . 2013-05-01 13:38 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-05-01 13:38 . 2013-05-01 13:38 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-05-01 13:38 . 2013-05-01 13:38 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2013-05-01 13:38 . 2013-05-01 13:38 599552 ----a-w- c:\windows\system32\vbscript.dll
    2013-05-01 13:38 . 2013-05-01 13:38 27648 ----a-w- c:\windows\system32\licmgr10.dll
    2013-05-01 13:38 . 2013-05-01 13:38 247296 ----a-w- c:\windows\system32\webcheck.dll
    2013-05-01 13:38 . 2013-05-01 13:38 173568 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-05-01 13:38 . 2013-05-01 13:38 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-05-01 13:38 . 2013-05-01 13:38 144896 ----a-w- c:\windows\system32\wextract.exe
    2013-05-01 13:38 . 2013-05-01 13:38 102912 ----a-w- c:\windows\system32\inseng.dll
    2013-05-01 13:38 . 2013-05-01 13:38 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-05-01 13:38 . 2013-05-01 13:38 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-05-01 13:38 . 2013-05-01 13:38 62976 ----a-w- c:\windows\system32\pngfilt.dll
    2013-05-01 13:38 . 2013-05-01 13:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-05-01 13:38 . 2013-05-01 13:38 51200 ----a-w- c:\windows\system32\imgutil.dll
    2013-05-01 13:38 . 2013-05-01 13:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-05-01 13:38 . 2013-05-01 13:38 149504 ----a-w- c:\windows\system32\occache.dll
    2013-05-01 13:38 . 2013-05-01 13:38 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-05-01 13:38 . 2013-05-01 13:38 136192 ----a-w- c:\windows\system32\iepeers.dll
    2013-05-01 13:38 . 2013-05-01 13:38 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-05-01 13:38 . 2013-05-01 13:38 12800 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-04-25 16:11 . 2013-04-25 16:11 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2013-04-13 05:49 . 2013-05-16 10:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-16 10:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-16 10:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-16 10:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-24 13:02 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-03-19 06:04 . 2013-04-11 09:27 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 05:46 . 2013-04-11 09:27 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 05:04 . 2013-04-11 09:27 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-11 09:27 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47 . 2013-04-11 09:27 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06 . 2013-04-11 09:27 112640 ----a-w- c:\windows\system32\smss.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    "ForceActiveDesktopOn"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
    S2 KPN Back-up Online SC;KPN Back-up Online SC;c:\program files\KPN Back-up Online\BackupSC.exe;c:\program files\KPN Back-up Online\BackupSC.exe [x]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
    S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 18:18]
    .
    2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 15:22]
    .
    2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 15:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
    "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://websearch.simplespeedy.info/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0D0E0CzyyCtB0EtA0B0EtN0D0Tzu0CtAtDtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=686163073
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0D0E0CzyyCtB0EtA0B0EtN0D0Tzu0CtAtDtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=686163073
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0D0E0CzyyCtB0EtA0B0EtN0D0Tzu0CtAtDtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=686163073&q=
    FF - user.js: extensions.funmoods.id - C80AA9DEC962E3BE
    FF - user.js: extensions.funmoods.instlDay - 15641
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:48
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - fmtgl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - fmtgl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - true
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
    AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
    AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
    AddRemove-WildTangentGDF-hp-runescape - c:\program files (x86)\HP Games\Web Link - RuneScape HD\Uninstall.exe
    AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
    AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
    "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
    "ImagePath"="system32\drivers\ACPI.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
    "ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
    "ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
    "ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
    "ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
    "ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AERTFilters]
    "ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
    "ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
    "ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
    "ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
    "ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
    "ImagePath"="system32\drivers\amdxata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apowersoft_AudioDevice]
    "ImagePath"="system32\drivers\Apowersoft_AudioDevice.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
    "ImagePath"="\SystemRoot\system32\drivers\appid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
    "ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
    "ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
    "ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
    "ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
    "ImagePath"="system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
    "ImagePath"="\"c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
    "ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSEH]
    "ImagePath"="system32\DRIVERS\AVGIDSEH.Sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSFilter]
    "ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
    "ImagePath"="system32\DRIVERS\avgldx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
    "ImagePath"="system32\DRIVERS\avgmfx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
    "ImagePath"="system32\DRIVERS\avgrkx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
    "ImagePath"="system32\DRIVERS\avgtdia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
    "ImagePath"="\"c:\program files (x86)\AVG\AVG10\avgwdsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
    "ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
    "ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
    "ImagePath"="system32\DRIVERS\b57nd60a.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
    "ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHDrvx64]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
    "ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
    "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
    "ImagePath"="system32\DRIVERS\bridge.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
    "ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
    "ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
    "ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
    "ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
    "ServiceDll"="%SystemRoot%\system32\bthserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
    "ImagePath"="\??\c:\combofix\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
    "ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
    "ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
    "ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
    "ImagePath"="System32\Drivers\cng.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
    "ImagePath"="system32\DRIVERS\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
    "ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
    "ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
    "ServiceDll"="%Systemroot%\System32\defragsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
    "ImagePath"="System32\drivers\discache.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
    "ImagePath"="system32\DRIVERS\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
    "ImagePath"="system32\DRIVERS\dtsoftbus01.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
    "ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
    "ImagePath"="%SystemRoot%\System32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
    "ImagePath"="%systemroot%\ehome\ehRecvr.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
    "ImagePath"="%systemroot%\ehome\ehsched.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
    "ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ewusbnet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ew_hwusbdev]
    "ImagePath"="system32\DRIVERS\ew_hwusbdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ezntsvc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ezSharedSvc]
    "ServiceDll"="c:\windows\System32\ezsvc7.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
    "ImagePath"="%systemroot%\system32\fxssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
    "ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
    "ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
    "ServiceDll"="%SystemRoot%\system32\FntCache.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
    "ImagePath"="System32\drivers\FsDepends.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
    "ImagePath"="System32\DRIVERS\fvevol.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
    "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
    "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
    "ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
    "ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
    "ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
    "ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
    "ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
    "ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
    "ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
    "ServiceDll"="%SystemRoot%\system32\provsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HP Health Check Service]
    "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hpqwmiex]
    "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
    "ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_cdcacm]
    "ImagePath"="system32\DRIVERS\ew_jucdcacm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_enumerator]
    "ImagePath"="system32\DRIVERS\ew_jubusenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwcdcmdm0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwdatacard]
    "ImagePath"="system32\DRIVERS\ewusbmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
    "ImagePath"="System32\drivers\hwpolicy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwusbapp]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwusbdev]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwusbser]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
    "ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ialm]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
    "ImagePath"="system32\DRIVERS\iaStor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IDSVia64]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\igfx]
    "ImagePath"="system32\DRIVERS\igdkmd64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
    "ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHD64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcHdmiAddService]
    "ImagePath"="system32\drivers\IntcHdmi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
    "ImagePath"="System32\drivers\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
    "ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KPN Back-up Online SC]
    "ImagePath"="\"c:\program files\KPN Back-up Online\BackupSC.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
    "ImagePath"="System32\Drivers\ksecpkg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
    "ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
    "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
    "ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
    "ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
    "ImagePath"="system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
    "ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
    "ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
    "ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MxEFUF]
    "ImagePath"="system32\DRIVERS\MxEFUF64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
    "ImagePath"="system32\drivers\ndis.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
    "ImagePath"="system32\DRIVERS\ndiscap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
    "ImagePath"="System32\DRIVERS\netbt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netw5v64]
    "ImagePath"="system32\DRIVERS\netw5v64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
    "ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NMSAccess]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NMSAccessU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
    "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
    "ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
    "ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
    "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
    "ImagePath"="System32\drivers\pcw.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
    "ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
    "ServiceDll"="%SystemRoot%\system32\umpo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
    "ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHlpa64]
    "ImagePath"="System32\Drivers\PxHlpa64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
    "ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
    "ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
    "ImagePath"="system32\DRIVERS\AgileVpn.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
    "ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
    "ImagePath"="system32\drivers\rdprefmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
    "ImagePath"="System32\drivers\rdyboost.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
    "ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RSUSBSTOR]
    "ImagePath"="System32\Drivers\RtsUStor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
    "ImagePath"="system32\DRIVERS\Rt64win7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rtl8192se]
    "ImagePath"="system32\DRIVERS\rtl8192se.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
    "ImagePath"="System32\DRIVERS\scfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdbus]
    "ImagePath"="\SystemRoot\system32\drivers\sdbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SeaPort]
    "ImagePath"="\"c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Secdrv]
    "ImagePath"="\??\c:\windows\system32\drivers\SECDRV.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
    "ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
    "ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
    "ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
    "ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
    "ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
    "ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
    "ImagePath"="%SystemRoot%\system32\sppsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
    "ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SrvHsfHDA]
    "ImagePath"="system32\DRIVERS\VSTAZL6.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SrvHsfV92]
    "ImagePath"="system32\DRIVERS\VSTDPV6.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SrvHsfWinac]
    "ImagePath"="system32\DRIVERS\VSTCNXT6.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stdriver]
    "ImagePath"="system32\DRIVERS\stdriver64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
    "ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
    "ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SwitchBoard]
    "ImagePath"="\"c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SymDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SymEFA]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SynTP]
    "ImagePath"="system32\DRIVERS\SynTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
    "ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
    "ServiceDll"="%SystemRoot%\system32\themeservice.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
    "ImagePath"="system32\drivers\tsusbflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
    "ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
    "ImagePath"="system32\DRIVERS\umpass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
    "ImagePath"="System32\Drivers\usbaapl64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
    "ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
    "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
    "ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
    "ImagePath"="system32\drivers\vdrvroot.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
    "ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
    "ImagePath"="system32\drivers\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
    "ImagePath"="system32\drivers\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
    "ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
    "ImagePath"="system32\DRIVERS\vwifibus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]
    "ImagePath"="system32\DRIVERS\vwififlt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
    "ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
    "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
    "ImagePath"="\"%systemroot%\system32\wbengine.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
    "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
    "ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
    "ImagePath"="system32\DRIVERS\wfplwf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
    "ImagePath"="system32\drivers\wimmount.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
    "ImagePath"="system32\DRIVERS\WinUsb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
    "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
    "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
    "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
    "ImagePath"="system32\drivers\WudfPf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
    "ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\yukonw7]
    "ImagePath"="system32\DRIVERS\yk62x64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{06132D06-2B44-48E3-9C0A-4F14FDC77469}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{CACB87BA-BD09-4C42-A97E-A8C8258C6339}]
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-06-06 01:06:54
    ComboFix-quarantined-files.txt 2013-06-05 23:06
    .
    Pre-Run: 249.362.341.888 bytes beschikbaar
    Post-Run: 254.750.056.448 bytes beschikbaar
    .
    - - End Of File - - 14BE3AB8A88AD51FA322B0EFA9D2E57E

    Post Edited (Robin085) : 6/5/2013 11:49:20 PM GMT

    Back to Top
     

    Touch
    Forum Moderator




    Date Joined Jun 2004
    Total Posts : 12975
     
       Posted 6/6/2013 1:43 PM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
    I don't know whether the thing Combofix did, is undone now though?




    It looks fine to me, the most important thing was that the rootkit was removed with FRST tool.


    However, it looks like you have some potentialy unwanted program (PUP) installed which I suggest we remove.
     
     
    Please download:



     Double click on AdwCleaner.exe to run the tool. 
    ***Note: Windows Vista and Windows 7 users: 
    Right click in the adwCleaner.exe and select – Run as admin 
     Click Delete. 
     Everything that was found will be deleted. 
     Save any open files and approve the reboot. A text file will open after the restart. 


    Next -
    Junkware Removal Tool by thisisu

    Disable your Antivirus program if required
    For vista and windows 7 right click on the tool and select run as administrator.



    After the scan is completed, post the generated log here, along with Adwcleaner log.




    Please read:  Forum Rules
    Click here:   Before-posting-a-log
     
    Do not PM me with logfiles. They will be deleted. 

     

    Back to Top
     

    Robin085
    New Member


    Date Joined May 2013
    Total Posts : 7
     
       Posted 6/6/2013 9:20 PM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
    # AdwCleaner v2.301 - Verslag gemaakt op 06/06/2013 om 20:14:19
    # Geactualiseerd op 16/05/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Gebruiker : Robin - ROBIN-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Robin\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    File Verwijdert : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\searchplugins\Askcom.xml
    File Verwijdert : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\searchplugins\WebSearch.xml
    Map Verwijdert : C:\Program Files (x86)\continuetosave
    Map Verwijdert : C:\Program Files (x86)\OApps
    Map Verwijdert : C:\ProgramData\Ask
    Map Verwijdert : C:\ProgramData\continuetosave
    Map Verwijdert : C:\ProgramData\InstallMate
    Map Verwijdert : C:\ProgramData\SoftSafe
    Map Verwijdert : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blcjdfdbfabojnoihfadacglilhjlojb
    Verwijdert bij het opstarten : C:\ProgramData\boost_interprocess

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\APN PIP
    Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector
    Sleutel Verwijdert : HKCU\Software\Conduit
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Sleutel Verwijdert : HKCU\Software\Softonic
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Sleutel Verwijdert : HKLM\Software\AVG Secure Search
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Sleutel Verwijdert : HKLM\Software\Conduit
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Sleutel Verwijdert : HKLM\Software\PIP
    Sleutel Verwijdert : HKLM\Software\SP Global
    Sleutel Verwijdert : HKLM\Software\SProtector
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

    ***** [Browsers] *****

    -\\ Internet Explorer v10.0.9200.16576

    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.simplespeedy.info/ --> hxxp://www.google.com

    -\\ Mozilla Firefox v21.0 (nl)

    File : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\prefs.js

    C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\user.js ... Verwijdert !

    Verwijdert : user_pref("extensions.funmoods.aflt", "fmtgl");
    Verwijdert : user_pref("extensions.funmoods.autoRvrt", false);
    Verwijdert : user_pref("extensions.funmoods.dfltLng", "");
    Verwijdert : user_pref("extensions.funmoods.dfltSrch", true);
    Verwijdert : user_pref("extensions.funmoods.dnsErr", true);
    Verwijdert : user_pref("extensions.funmoods.envrmnt", "production");
    Verwijdert : user_pref("extensions.funmoods.excTlbr", true);
    Verwijdert : user_pref("extensions.funmoods.hmpg", false);
    Verwijdert : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2Xzuy[...]
    Verwijdert : user_pref("extensions.funmoods.id", "C80AA9DEC962E3BE");
    Verwijdert : user_pref("extensions.funmoods.instlDay", "15641");
    Verwijdert : user_pref("extensions.funmoods.instlRef", "fmtgl");
    Verwijdert : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Verwijdert : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Verwijdert : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2Xz[...]
    Verwijdert : user_pref("extensions.funmoods.prdct", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Verwijdert : user_pref("extensions.funmoods.tlbrId", "base");
    Verwijdert : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2[...]
    Verwijdert : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods_i.newTab", false);
    Verwijdert : user_pref("extensions.funmoods_i.smplGrp", "none");
    Verwijdert : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:48:31");

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [5416 octets] - [06/06/2013 20:14:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [5476 octets] ##########
    Back to Top
     

    Robin085
    New Member


    Date Joined May 2013
    Total Posts : 7
     
       Posted 6/6/2013 9:32 PM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Robin on do 06-06-2013 at 20:25:28,24
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{00AFB5EE-A3E4-4E48-9F8B-0950B37B5F9B}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4A2F05AE-7550-483E-8F1A-74D4597E2148}



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{002F5C20-0F8F-4FA6-93D5-FBD07D08DD66}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0116E789-FEBE-4ACF-921D-F05C1839259D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{01832A22-FA35-4DD3-B2B6-FFC64C0F1FE3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{01963357-0BC4-400C-BF5D-7EC13351D926}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{019FA9F3-DBE1-4EFB-AFEF-01F083319618}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{01CD429D-09BB-4412-8E6E-ED44969BC5EC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{026DB60B-CACD-40E8-BD63-1ABAFE76E521}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0289C6EE-7D70-4E3E-B4FB-DCA1C661FE57}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{028B4876-B018-4E59-808F-D74736E75C35}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{02A00EAC-45F4-454C-8DB3-3A0FB7695727}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{03453A9B-C47F-4A1A-92DA-BEC31212D69C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{03609397-D958-41D2-8BC5-A86F8A866CF1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{03923D3A-EA63-4FEA-B7F7-77C8B7990328}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{039E73F8-24F4-4916-9610-9F6DFEEE42A3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{04E06EB8-404D-414B-AE9D-0D4208B169F4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0578FBCC-2124-448C-8274-FDA122FF1178}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{06244917-82F5-4B53-BAE6-F7F84F99BD41}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{06334EFE-C36E-4919-9D63-AF65A0EFAD1A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0673899D-4CDD-4791-A74B-A60F94D0F607}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{06FED00C-B6C4-4EBE-94D2-0BC4193AAD38}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{07092354-A01A-4B01-B558-6DD627967E13}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0714544D-59A1-4077-9144-EF86EC3BF6B2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{081F8AED-26CB-43DC-BE0B-DD1417DC4746}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0A4486D5-C209-4D89-8C07-ED4E7A57DFF9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0AC59001-02B2-4202-9692-9280F203B096}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0BC5DEA5-9508-4F3B-A1C6-9989EBB126F0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0BE9E799-CA84-4893-8B05-8E73207D43C4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0C13BD36-F7F6-4814-BF80-35A58DE67E62}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0C29F918-FFF8-4B1A-BD6C-CC87754F529C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0CD35DB4-1CD3-4657-B445-12196A6B904B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0CDA2050-A100-462C-9AC7-CFAFA2693396}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0D5825A8-19E7-4E85-AC09-9A4E23F54408}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0E7B0651-EED0-4F7F-BBE5-181402A66E0D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{10C58400-A150-4234-BDCD-60C5442B124D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{11A3962F-77DC-43DC-8F00-0D3CDD945117}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{121DD44B-62F7-4795-85FE-4749144EFAFE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{12F076FA-6971-4189-AF19-4A364586F148}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{139CA7BD-D57A-4B1B-8124-57080CA2DF83}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{147B106A-6507-4410-B532-CF47BEE89F3B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{14807402-2EAA-427A-9304-A0FEB1E716D5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{14FE5BC6-CF4D-42DB-871C-549869529208}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{153E40B4-7185-480E-A94E-A8B515934384}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{168E9832-67BC-4770-8931-7A64D20F6541}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{169EB68F-8A20-474A-BAE6-0A9C34664E0E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{16C1C73C-DE83-43A3-924B-70B2B180B024}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{16D3017D-79F5-4AA9-A867-DFAF3509CBAA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{182C1BA4-990B-4C33-A9E9-32D3346ED605}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1849424B-7DE6-4963-8B03-8DAAB992F8D0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19719667-BC59-40A1-852F-600C88C7F512}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19976C70-B9D9-4D7A-A5B1-66A9C2CA0526}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19A036F4-00D7-470A-BD8D-75502A506D2B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19B7CD50-BA9D-4367-8A90-33BCB33BB309}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19BB6437-CF15-4FDD-9E13-42BBDD930C27}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1A683CDA-8472-4053-BBA0-413DA95A9434}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1AECD216-D6D7-45B8-B724-BD28DC2C9341}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1BBA6BBE-BD86-41BD-A95C-851C298E6EC9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1CCE1871-CE0F-406C-B13B-79A327873F44}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1E9518D0-8386-4724-9FAC-63795C2B7001}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1E99D814-75B3-46B8-8656-48EDDC913F85}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1EBC09AA-3BA2-484B-A45A-6FB3D9BB24AB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{20CC1A22-7647-41DF-AC0A-355AF2BA2314}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{22830C00-6473-44A4-BE35-808804D43BFC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{228F6990-1E3E-46F8-AF4A-4E110C61367D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{22EE6970-2332-4C7D-BE3A-044AD312B7A4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{244C4724-F5B9-4D1C-87CA-3DDF58D4D2C0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{258F5A61-9A4A-417A-BDF8-6B087CDEB078}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{25FF8A7B-3727-499D-BA92-0FBD059F5635}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{26080F03-F7A4-4122-9137-6DF5D55EA047}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{270F5814-548F-4283-8731-0608F24BADB2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{27F16278-FC42-42D8-8D76-5612CA1FCBC6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{29D33F9B-265F-48F3-BB93-20B3139F51B3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2ABECD59-A648-41B9-A641-BC18B58C4AF2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2BC15935-0095-4961-B96D-1ABF0F6775AF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2C614C2C-CB33-49D5-8254-C3E01711D115}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2CC82E25-5BEA-434C-B5EC-6921352BA302}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2D797A8B-C9E9-46CB-98D6-A762B90512EE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2DD5944A-31D5-42C4-99DD-C865B68C4F63}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2E0DBC75-A76E-40DC-9BE2-6556E35033E5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2EA614E6-9FF2-422D-881E-41F4C51F9C64}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2F28614A-1D99-4232-BB92-1EA117FCC74D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{30708499-13FA-4526-8DE3-8E1B7502618B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3173C98C-6CEF-4A1F-905B-C3FF6F581D07}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{31E8299E-5BF6-4BF2-BE37-3473560C53A1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{324328A1-E5D1-4188-9E2C-DD72B7F7C946}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{33250BF7-C1C0-4641-8B85-AD110936CE9F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{338A8F6C-F441-4458-A54B-3C9DAA44B411}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{33FABA13-D1E5-4B80-A4C0-521164347D02}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{344AAA60-F220-4AF8-8E51-FFC7BDAEA197}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{34D2F091-006D-4234-8D54-00143FF7797F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3657887D-73FD-4454-85A9-3B3EF8DA1914}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{367354FF-0A0A-4741-BD40-B13455EFEA27}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{38080757-01EC-4ADA-94E3-ACF60B8DFDCC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{381CF8B6-DDC1-4E89-B4A4-9161A8B9EACE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3895C4E0-6E20-4C08-AE9C-8199A24244C9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{393F28F7-61C4-4B61-8ECA-6F27233A26D0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3983F141-4EE7-453E-A07B-A0D42C119A38}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{39C0167E-3B02-4C60-BEDF-E0690519CF28}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3C35FF91-67F5-416B-A499-F81DBCA8EBC3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3DDFF032-5E7C-4F15-B9A2-D5021F479FA5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3E4E75E5-BF6D-42D0-86FB-2A9886460D1C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3EC36E81-3274-4F5F-9300-37362634FE7F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3F4D223E-0ACF-4E55-8990-6CB2EFED2702}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{40009145-AFF1-4A2B-B88B-24E427BEC3D1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{423284B4-E82D-444E-9AF5-63BD2CFC5281}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{428D9BBE-E12E-45EE-8AA8-8DE8A696BB43}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{42FDCE64-7C82-448D-A740-EBCD54FE45B5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{433687CB-B0D3-4921-B586-6BA05ECDD584}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{43A8C6B4-499A-42C1-BA25-12DE787B35E8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{43D29B5D-5219-4ADB-9B77-485B29C1AF70}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4501F2CE-EA8E-4F96-B66E-81673C6CFB2F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{455B4C61-85FD-42A3-8728-EB7136024442}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{457DC43B-21DA-4548-B17B-4218883177C0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{45A83641-F91A-45C3-A390-6682F5AAD522}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{47770974-5FDD-47ED-B4B5-A3AFD11C3AA1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{477D7F28-45F3-4986-A295-5D9C3E48F6EE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{477F331B-6B89-4094-A4B6-2BCD1A1FFAD3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{47B6ABA6-CB88-4BB6-A8E6-A4DDA3FE3E71}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{47D4FB10-9FB2-493E-88FB-ABD21133552C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4845452C-029F-41ED-A8F3-D1F963EB32CD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{488FEEF1-870A-4084-A37C-35696514DB5F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{493EA7A1-B1EC-44D4-8387-43CE26C2BFAA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{49B11D8A-E4D4-402B-B9DE-F43DF05D720D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4B107819-87C1-4B04-BB43-961640798FCB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4C46DB88-CC02-486C-94A9-D249657B280B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4C94D539-F92E-471C-AEDE-D82F51AD973A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4CA11F4D-577E-4398-96EF-1A8458716E89}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D028AC0-CF28-43B2-BFC5-954639E4461F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D3D7A5C-9322-4414-95E2-4861AD991E80}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D6F2BD8-3B89-48A8-BB96-57AB6B5F9005}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D89F918-B3B0-4FF6-A642-DAF9E2D57C4B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4DC5237B-63DC-497B-AD02-8CC161F7C98C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4DD262CA-29E6-4998-AF59-3051A37621DC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4EF0C8E6-EC09-4C65-AAB3-200B587DFE5C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4F122539-D6B7-4FF1-BEDF-F703B7F6F5B4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{50248711-5E8E-4E5D-BC10-A1542AA28DAB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{506EDB7C-4720-45D7-8C70-D0A75A590E6B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5097FC00-BDC7-4F6F-9471-D44186A0711E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{527D9766-53BA-4B07-8D6A-F83360B1501E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{531AE739-6EDC-4DC9-973A-DA75F52E909A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{533E510B-3AB6-4E04-ABB1-133B01B7053A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{547D51CF-2444-4526-879D-ADDB62F0157E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{55588D7E-1613-418F-A4FC-525AD34F5762}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5573C80E-5B4A-472B-BC0B-302F1BD25078}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5582EF60-E53D-4AE2-8B60-9B29F7E13DBA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{577D7F21-14E4-473B-B306-F3E34DD27E3E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{57F7A463-F303-495C-8CAC-90671441768C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{59395F72-6FCD-4851-B55C-E6C4997B6F49}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5941641E-06F7-4DFC-888C-BAF309874D38}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{594933BF-8FFB-4EA7-81BF-A88E9324FD13}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{59DF26CE-8D11-41DA-915E-D535DB8457CC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5AA202FA-265A-43AD-B8CF-847E017BC776}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5CF3F74E-94D9-4F9A-92E4-27795F48CA8D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5F43D5CC-8969-4AAE-A1A1-E973EC751DDF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5F50A415-13AC-4164-A155-DFF58DA488F0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{604EEC63-3BB2-4CAC-BAC5-4777D916BCC8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6053D5E1-3747-4B44-ABEC-3AE5C1384485}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{60595BAC-A5C4-4150-A600-3E24DA372160}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6239C832-3DE5-4FD8-83D7-610647CD1BC4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{63C67B8C-4DC1-4D69-9C86-AC99BDAB474C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{640227EF-6F27-4BDE-851F-9157BAFE4601}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{65108C9E-5B04-42F4-9F48-30887102B05D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6545B603-D0C0-48B8-BF50-570BE4056CDC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{65A9BC93-51A6-479F-9B72-97320FA0973C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{665E6FCA-2ABE-46F8-BA06-CA9A7808A396}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{668CEC6B-F9C6-4870-AD2D-6E329BDE2BD8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6703210A-0955-4B83-98A7-A3E38F0632EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{673C202E-0E67-4E95-83E2-8F874A5794FF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6C0CBE5E-F9C5-4214-AF2B-F0993EE609DC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6D4B1CFF-9CFE-4A2B-8B8E-6936AE9ACC78}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6E653407-21EA-44FC-BF66-A0DB0AE180F7}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6F95DFF0-B631-4EF2-8E66-84760FB1E276}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6FA30EF0-3752-4463-9D7D-2CC83BDFAB8B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7010D07A-C341-41FA-8EC1-C044AC6F99A9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7049A0CC-E467-4EC5-BB62-AAEAD7C96483}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{709FBB10-E62E-479E-AC5C-80561A96C3F4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{71AF54BE-8605-4E7D-AE56-96B1CB953495}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{71C170C4-4732-4EAB-A875-1C46D2196A26}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{73083A85-A359-4C8A-9C07-098ECF0F041B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{730F399F-34C4-44D0-9A5E-5FAC0FBCA9FE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{740A1E65-BB9E-49BF-8786-0B7049E07F98}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{744C7F61-1CFC-4A71-AE3B-16BFC617436E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{748392CC-413A-454E-9C0D-31E4D9CAF019}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{74C691DF-975D-4377-B553-F06E365267CD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{74FA463F-28E4-4C71-BA55-1BD7DF002751}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{75D0177D-FC9A-45B6-AB00-A960E6806553}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{75ED2CFD-ED22-456B-902B-B9DE3704707E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{763035DF-D37C-473E-939E-A0DFEB949CAC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{76426598-501F-4F19-A9C3-2C8B4C1BE72C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7676DFAC-C1CB-4257-BDCD-F14C31BF3A8D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{76D87E10-F55D-448F-9C57-710BA1FF8324}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7769F2C4-441E-4064-A46C-849EA7DAE835}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{78F3AE44-F881-42D7-BADF-8941952087A8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7933B5EA-958E-49DE-A156-805A7C2333BB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7972818B-32AD-42D2-9C67-762FF3024E33}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7B168315-FFAC-49A0-9EE0-9356C3D10B1E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7C39A994-2828-4C98-A363-659AF9A585EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7C6973D0-88D4-4104-B1C1-83AB1D5256E3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7D2B5804-7A3B-4681-A599-5DBA7C949B2A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7DB810F1-53BF-4650-990A-8B1B5240E513}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7FD0510E-95F8-4106-928C-F89C3AA3324F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8048DDAA-1801-4E3E-9B24-28D714212621}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{80BD2C17-BA74-4D08-94BF-8118512AFBEE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{811DCB32-7212-4792-8E33-CFC6BB79A363}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{81DEC592-F853-4965-AD9C-CA46265E4057}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8220D477-7121-44C2-BB16-5A89B0A44C96}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{82E60B56-8BC7-4DB7-BD78-2D3D0D0A6853}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{83548883-C7BE-40F1-ACFD-0144A982C1DB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{83709E14-0823-481C-923D-E53ED30B85D6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{84A62F6A-EB2B-4F9D-B29C-4AD0A38FE6D8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{870B17AD-8694-4B60-9C57-18C418FEAE42}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{872B9F9A-C98D-44D4-B85A-EEBEC11F30CF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{88F0D6DF-FAA5-42B3-9C74-10705E7B41F3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{89BA8501-C4A8-4579-9120-5B4D5790D7D5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8A26FF28-0E57-46B6-A73B-6451CE297544}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8B083979-F445-47FD-A667-3E4768B936C1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8B5BF9F6-8DDB-46AA-83E8-4DA3C25FDC53}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8D37BA46-AB48-462E-96C5-60D0B3418107}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8ED5CEE9-823D-489F-8B3A-5927E787BB24}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9077C2FD-390A-4EB8-8039-47560034DAF2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9095AC97-400A-4E6A-9E4A-57DE0CFF8BC8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{91073BD4-907E-4DCA-8F9E-4FDC09D1D9B6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{91840547-4FEF-45E0-B713-74B9A5FEA8BF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{922A6F5E-5E67-4210-88AD-0BE8D64D816C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{92612F5A-8F32-4EC4-97A7-6EDD94E2D40E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{92B26CAE-BBBF-4AEF-837E-F9BDCBB4FE9A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9346D344-4708-4C11-81CC-1916934E9DE7}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{94E9028D-DEEA-4753-83C5-41FEB97A3F07}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{95094EB3-F904-4585-885C-8C2DE1DCF2FF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{953A0AE4-1D6D-45A8-B8E3-800576D7BD6D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{95EDF56C-7462-42EE-9DED-386D62215DB8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{96E02777-9DDF-4979-ADAE-BE0C132F785F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{97805523-DAD6-4FC9-B7F3-1B9486A76E75}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{97850C16-EE2A-470C-AA01-8577C6FA21EF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{99451257-48E1-45E3-A1D9-99B7B2C71E18}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{994BC187-87A4-4DFB-9722-8001699102EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{99EE8152-59F0-4A80-B128-4970A098B50B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9B37633D-4E18-4B86-90C0-7EC60FE91F3E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9BA3ABDE-9047-4685-9806-C77416F3284B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9C651803-B06C-454C-BBA9-23E34AB968AD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9C91A542-345E-47F6-8D03-CA8E3D0AFDCA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9E32BA96-776A-46E9-BC32-5291D5C4BA49}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A065FE43-C94E-4392-9116-7509FF79F270}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0A3658E-2629-40DF-9C59-BF3CA136187E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0AC8C93-CEAD-46D6-AF45-1598653BBA59}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0B6E762-DF50-4D1C-B83E-7114B3D65A82}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0F670C4-97EB-47E3-BEBC-831239E4AEBA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A14E8279-3773-4658-B06B-55982219969F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A16A39F9-66E3-42D8-92D7-9DDD09A7686F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A1BCD1FB-6656-4A4E-9543-AC2F27BFF617}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A26FB9F1-E90A-4B28-B50A-9D8A92852A06}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A27E485D-35A1-4EC1-B924-F780F0C6BF7D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A30F3249-0F10-4E5C-B919-AC89E99FD80D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A357414A-B340-410C-BC00-BC3D1DD981A4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A4215FD9-51CD-4972-BB6D-44CBA89C2CD6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A59E0E66-CD14-4377-92BC-30F56846D979}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A5DED67E-3DED-4903-AA34-6F4350E162D2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A62FD38C-E225-496B-AB75-865B635769EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AB75A163-D336-44C8-BDFD-BA706ADDE0EC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AB96AC0C-AFA5-4BC2-8E0F-17927253C3A1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AD88E338-BEC0-42FF-99DD-B9FBA9DF5E8D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AD8BEFBA-0A61-4853-9FC6-182CDE04F243}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AF21D35E-3E0D-4394-8999-0DDC8E85B66A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B0636CC2-C0F3-4CEF-A063-BC92949F3528}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B12A47C7-0F79-47E3-976D-715D8D36D8FA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B15CE60A-67D7-4356-B519-2123D43D2B52}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B4B6B3E8-9EC7-4CF9-A893-6A87B952C309}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B4C06B2F-4B46-4ABE-B25A-E9B7925A5D63}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B8C106E1-A50B-4EAA-B2AE-B8AE57A2CB2D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B94D1E52-5F7F-46C7-8502-F9412470536A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BB944719-3AEF-4365-9018-88E6845AB032}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BBDC4A43-BDF1-462B-9E1D-6797437FFA2B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BC72AA78-B475-47C5-9A8F-C3E2B9D0D78C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BCC1DEE7-811C-427E-A682-32C18D320647}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BD9F4ACA-5D20-4EFC-8FB5-AB16099C44BF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BE76261E-FD9E-4E7A-8F0B-9D37CE52DE0F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BFFD10BE-7E0C-458B-A148-E74C46AB47E1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C0DE697D-4321-494D-84C3-101FEF1CCEAD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C1657676-1E13-46AF-B1A5-4B72A6C469F7}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C1A388B3-BABA-4480-8693-388271925238}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C4654CA3-0677-4254-B12B-41876699C3DC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C718ED6F-E3D9-4BC0-83B9-07B97A31B63A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C76B74AB-9791-46AB-98D5-9C98C454ECB8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C7F033B0-5D67-4B92-984B-115D11DB42CE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C8282C62-A920-4ECB-B527-5556A8285DEF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C860BA65-EC28-4F70-9CB4-EF80616E9DBD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C9D616B7-7824-4D36-BD16-B60EFD363115}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CCA34FB4-3B38-4C34-8A35-1A686ED51762}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CDD81BA7-9BB1-4BA4-82F1-8262D1F4BD5E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CED85AEC-4832-4F08-97D8-855E0D73EA91}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CEE4A592-A4C0-44D4-9411-D3FD4C525451}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CF3E55AB-1AD2-4972-97D3-19F349A06B69}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D05EB8FD-043A-4B04-B247-57A1F24FF0A9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D1425202-23A7-4CD0-9B12-49B334331ABD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D227B1CA-393A-49AC-BA72-873A29DEB787}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D2A19982-8A71-4391-B0BB-BEB57F8EB8C6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D338AD4D-1069-4B70-A27C-0954EEFFA2F5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D3C1F07C-CF97-429B-89F8-6DB852717CDE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D48818A8-04A7-43DF-AE2D-CAE42316A833}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D5362636-34DB-409C-AF77-FF725B8DE2A8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D638DA13-D1F1-4DEE-9605-1FC0F38DA200}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D6659E9C-C910-4FC1-A42C-4C964269CEE6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D6C17213-8204-4180-AF82-29DA335094B0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D72CFF3F-75AD-4C29-8598-F672E1184CEF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D8E61CEE-E4B9-4133-9B67-9C65AA3BD1DE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D911BD70-FBCB-41C2-A74B-E6B33ADA398B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DB4CA4D4-32E0-4E01-9BA1-367F2847DB62}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DD1215A2-984D-4A65-AFF7-52626E078AAE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DDC91DC3-49D8-4239-821E-361ABB4392F0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DF684868-FD87-423C-933A-3D25BF22DA56}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DF7FBA30-904A-4115-8F6F-38302B66EE2A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E084171E-0F38-4A56-93EC-C84483FF084C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E09E249F-1650-403A-9125-2BC0BF9287F5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E10964CF-0D4B-4FAB-A5B9-12FE5D673F4A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E2AEC35E-1002-4E4E-9B6D-19002389D47D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E2F5B71F-4A8A-4351-B729-3D5B24EF1EE9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E34FA9AB-3AC3-4020-ADC2-614BECEED81B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E398D608-8CE7-41E9-9FF0-B64D60B49C2C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E3A1427E-FD7F-452A-B955-7976B8E54C12}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E4BFDAB6-4338-4237-AF56-C3C1897E8A6D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E5AEFD7C-049C-42AD-AA71-2214BDF3C618}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E62EE511-8100-434C-B88C-D942F7FF9693}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E6B91043-F912-416D-93D2-0908C4909FD8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E90A8AB1-7B63-4EF7-A510-74C2F5D88359}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E90FC638-63CB-41CC-BEA2-FEB641ABB5E5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E9DBB0DD-C3BF-4F54-9B89-16A76337C035}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E9FA23A3-6BFE-42BB-8D5C-96C34362C30B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EC8333BC-FD10-496C-A01A-70E95C8D4E06}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EC843C66-93C9-42F8-8D5D-F2EA09C03600}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{ED8011B6-B0EF-48FB-9E23-04BC7D87B2C2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EE874BC3-31AF-422D-B2D3-1B439436BE8B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EED77C57-08EB-4E3C-A3AE-7805777DCF16}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EEE859FE-63D3-426D-890F-F331113DE78E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EEFA4A04-5801-4C21-AD6F-D776C46CA466}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F1F9798C-C510-4989-AF5B-45308F4EE4EB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F2641632-A84F-4502-9C6F-9623AD2CB1C2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F26AF65B-2CE1-48BD-AFFB-AC0EE8DF8957}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F286039B-B1CC-48E2-8184-F43DFD1AA362}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F2BDC12A-8B5B-4A55-A590-70A9D4B107C0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F3831173-7D36-4524-903C-4A78633061E3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F3C5D3F9-AAFD-4ACA-8EE6-560E49AA7FDC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F444C41C-AA94-4F61-B311-DC9FA1414261}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F50D3B26-ACF4-4379-9E7D-4F82C3C3E02D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F518C9F3-089D-4ADA-86DF-F6C16709AB20}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F5580B68-DC4C-465A-B627-4E79CAE85376}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F57B3EE1-739F-4704-B8AB-7814D6E0EEFD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F58EC7C3-FEC0-4DCB-8364-AEBCCE3F7380}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F72DC7DB-D324-4D37-BE38-4392C85AE5A1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F790D17D-2A75-47E6-A1EF-D45218250FCE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F92EEADD-6F55-45B1-A86D-0B0A4B844A86}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FA5B85C5-6039-4133-91EE-204E49A58FD2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FA854CAB-33E7-44FB-B1BB-EE209E408FCF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FB91FC56-9F63-4343-8656-405F0DE71BF5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FC4BD25A-DF4D-4A4D-A3C4-75AD56D8092D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FC5DF3FB-3ED2-4331-B62F-070F07C82467}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FDA4FF75-9A17-4844-BDE7-75459CB1E7F4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FDF815A5-876C-44AD-A76E-7C299AC9882A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FF9C63BB-E384-4E31-A941-3A2E7BCEFFBD}



    ~~~ FireFox

    Successfully deleted: [File] "C:\Users\Robin\AppData\Roaming\mozilla\firefox\profiles\1sryxlu5.default\extensions\503b6c9f609fa@503b6c9f60a33.info.xpi"
    Emptied folder: C:\Users\Robin\AppData\Roaming\mozilla\firefox\profiles\1sryxlu5.default\minidumps [537 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on do 06-06-2013 at 20:31:14,16
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Back to Top
     

    Touch
    Forum Moderator




    Date Joined Jun 2004
    Total Posts : 12975
     
       Posted 6/7/2013 10:55 AM (GMT +3)    Quote: Explorer.exe shuts down after Windows startupAlert an admin about: Explorer.exe shuts down after Windows startup
     
    Download Ccleaner: 
    Click on ->
    Download
    Latest Version”
     
    Once installed, run CCleaner click the Windows tab
    Select the following:
    Internet Explorer:
    Temp Internet
    History
    Recently Typed URLs
    Delete Index.dat files
     
    System:
    Empty Recycle Bin
    Temporary Files
    Memory Dumps
    Chkdsk File Fragments
    Then click Run Cleaner (bottom right) then Exit
     
     
     
     
    Please download Malwarebytes' Anti-Malware:

    to your desktop.

    Double-click mbam-setup  and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select Perform full scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad. Please save it to a convenient location.
     
    NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
     
     
     
     
     
     

    to download HJTinstall.exe
    Save HJTinstall.exe to your desktop.
    Double click on the HJTinstall.exe icon on your desktop.
    By default it will install to C:\Program Files\Trend Micro\Hijack This.
    Click I accept
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
     
    Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ?


    Please read:  Forum Rules
    Click here:   Before-posting-a-log
     
    Do not PM me with logfiles. They will be deleted. 

     

    Back to Top
     
    New Topic Post reply to : Explorer.exe shuts down after Windows startup Printable version of : Explorer.exe shuts down after Windows startup
     
    Forum Information
    Currently it is Saturday, August 23, 2014 2:25 PM (GMT +3)
    There are a total of 60,569 posts in 13,311 threads.
    In the last 3 days there were 2 new threads and 2 reply posts. View Active Threads
    Who's Online
    This forum has 36262 registered members. Please welcome our newest member, pravintechno.
    3 Guest(s), 0 Registered Member(s) are currently online.  Details
    5 Latest Threads
    Bullguard 2014 Firewall and high DPC latency (13)8/22/2014 5:29:40 PM (NorthPole)
    Best antivirus features under free licensing (0)8/22/2014 6:30:43 AM (pravintechno)
    Malware bytes can not be installed successfully and pricechope adware (0)8/21/2014 10:23:52 PM (petlad)