Don't let them infect your devices

Explorer.exe shuts down after Windows startup

Posted 5/29/2013 10:49 PM
#95681
User avatar

Robin085 Member

Date Joined Nov 2016
Total Posts: 7
Hey guys,

It seems my Windows 7 PC has somehow been infected with malware of some sort. While searching for a particular piece of software online I've had AVG giving a virus warning, on which I had it blocked.

Moments later, explorer.exe just seemed to shut down. I only had a blank desktop image, no Windows toolbar whatsoever. I wasn't able to open taskmanager to restart explorer.exe manually so I rebooted.

After the reboot, explorer.exe similarly would shut down as soon as Windows had fully started. I rebooted in safe mode, which worked fine, and had my PC scanned with AVG, which removed 2 virusses, and Hitman Pro, which didn't find anything.

After that, still the same trouble so I did a system restore (backup from 4 days earlier), which seems to work for now. Nevertheless I'm not sure whether any infected files in the registry have actually been replaced in the restore, or there's malware of some sort still lurking around somewhere.

A few hours of searching online didn't result in any useful advice as the only topics I found on this particular issue weren't much helpful. Does it sound familiar to anyone and any suggestions how to get rid of it, if I haven't already?
Posted 5/30/2013 8:26 AM
#95682
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Welcome Robin085 :smile:






[color="#0000ff"]https://download.bleepingcomputer.com/farbar/FRST.exe[/color][color="#0000ff"]https://download.bleepingcomputer.com/farbar/FRST.exe[/color]
  • and
    save it to a flash drive.



    Plug the flashdrive into the infected PC.



    Enter System Recovery Options.



    To enter System Recovery Options from the Advanced Boot
    Options:


    • Restart the computer.

    • As soon as the BIOS is loaded begin tapping
      the F8 key until Advanced Boot Options appears.

    • Use the arrow keys to select the Repair
      your computer
      menu item.

    • Choose your language settings, and then
      click Next.

    • Select the operating system you want to
      repair, and then click Next.

    • Select your user account an click Next.






    To enter System Recovery Options by using Windows installation disc:





      • Insert the installation disc.

      • Restart your computer.

      • If prompted, press any key to start Windows
        from the installation disc. If your computer is not configured to start
        from a CD or DVD, check your BIOS settings.

      • Click Repair your computer.

      • Choose your language settings, and then
        click Next.

      • Select the operating system you want to
        repair, and then click Next.

      • Select your user account an click Next.






    On the System Recovery Options menu you will get the following
    options:


    Startup Repair


    System Restore


    Windows Complete PC Restore

    Windows Memory Diagnostic Tool

    Scan your computer's memory for errors.

    Command Prompt




    • Select Command Prompt

    • In the command window type in notepad
      and press Enter.

    • The notepad opens. Under File menu select Open.

    • Select "Computer" and find your
      flash drive letter and close the notepad.

    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter


      Note: Replace letter e
      with the drive letter of your flash drive.

    • The tool will start to run.

    • When the tool opens click Yes to disclaimer.

    • Press Scan button.

    • It will make a log (FRST.txt) on the flash
      drive. Please copy and paste it to your reply.




    [color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
    [/color]
    Do not PM me with logfiles. They will be deleted.


    Posted 5/30/2013 8:41 AM
    #95683
    User avatar

    Robin085 Member

    Date Joined Nov 2016
    Total Posts: 7
    Hi, thanks for the quick and clear reply. I'll do so. Just wondering, would I not be able to just run FRST in safe mode?
    Posted 5/30/2013 8:43 AM
    #95684
    User avatar

    Touch Advanced member

    Date Joined Nov 2016
    Total Posts: 12976
    "just run FRST in safe mode?"





    It´s worth a try ;-)

    [color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
    [/color]
    Do not PM me with logfiles. They will be deleted.


    Posted 5/30/2013 11:16 AM
    #95687
    User avatar

    Robin085 Member

    Date Joined Nov 2016
    Total Posts: 7
    Okay, as I said, since the system restore, it all seems to work fine. I did the FRST scan anyway, in normal Windows mode. Here's the results:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013
    Ran by Robin (administrator) on 30-05-2013 13:11:15
    Running from C:\Users\Robin\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
    Internet Explorer Version 9
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (KPN) C:\Program Files\KPN Back-up Online\BackupSC.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    (KPN) C:\Program Files\KPN Back-up Online\BackupFP.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
    (Spotify Ltd) C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    (Farbar) C:\Users\Robin\Desktop\FRST64.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-06] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6160928 2010-01-30] (Realtek Semiconductor)
    HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-13] (Realtek Semiconductor Corp.)
    HKCU\...\Run: [AdobeBridge] [x]
    HKCU\...\Run: [Spotify Web Helper] "C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-06] (Spotify Ltd)
    MountPoints2: G - G:\LaunchU3.exe -a
    MountPoints2: H - H:\LaunchU3.exe -a
    MountPoints2: {1b3dc415-eea6-11e1-b8df-c80aa9dec962} - G:\AutoRun.exe
    MountPoints2: {2b95a1da-e12c-11e0-bb3b-c80aa9dec962} - H:\AutoRun.exe
    MountPoints2: {2b95a1dd-e12c-11e0-bb3b-c80aa9dec962} - G:\AutoRun.exe
    MountPoints2: {2b95a20b-e12c-11e0-bb3b-c80aa9dec962} - G:\LaunchU3.exe -a
    MountPoints2: {42892036-e1e8-11e0-8d3f-c80aa9dec962} - G:\AutoRun.exe
    MountPoints2: {42892094-e1e8-11e0-8d3f-c80aa9dec962} - G:\AutoRun.exe
    MountPoints2: {4289209f-e1e8-11e0-8d3f-c80aa9dec962} - H:\AutoRun.exe
    MountPoints2: {57eea60d-e12b-11e0-9bfb-c80aa9dec962} - H:\AutoRun.exe
    MountPoints2: {6e147d1b-eea0-11e1-b853-c80aa9dec962} - G:\AutoRun.exe
    MountPoints2: {946d5d0b-ede8-11e1-9b39-c80aa9dec962} - G:\AutoRun.exe
    MountPoints2: {946d5d18-ede8-11e1-9b39-c80aa9dec962} - G:\AutoRun.exe
    MountPoints2: {c9684ccb-d566-11df-b07c-c80aa9dec962} - I:\LaunchU3.exe -a
    MountPoints2: {ee539afb-20fc-11e2-b84a-c80aa9dec962} - G:\SETUP.EXE -autorun
    HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
    BootExecute: autocheck autochk * bootdeleteC:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://websearch.simplespeedy.info/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://g.uk.msn.com/CQCON/7
    HKLM SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    HKLM-x32 SearchScopes: DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = https://websearch.simplespeedy.info/?l=1&q={searchTerms}
    HKCU SearchScopes: DefaultScope {2CF7FF10-32B1-4D34-9371-D3A29CCC50BF} URL = https://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    SearchScopes: HKCU - {00AFB5EE-A3E4-4E48-9F8B-0950B37B5F9B} URL = https://search.avg.com/?d=4dbd90dc&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    SearchScopes: HKCU - {2CF7FF10-32B1-4D34-9371-D3A29CCC50BF} URL = https://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    SearchScopes: HKCU - {4A2F05AE-7550-483E-8F1A-74D4597E2148} URL = https://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=nl_NL&apn_ptnrs=U3&apn_dtid=OSJ000YYNL&apn_uid=815A0F13-CA74-48DD-9E23-022EA62EA7EB&apn_sauid=90ED71C1-CEFA-42B4-AEE4-77DCD313E8F1
    SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = https://websearch.simplespeedy.info/?l=1&q={searchTerms}
    BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No File
    BHO-x32: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: continuetosave - {F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} - C:\ProgramData\continuetosave\512786279cfbf.dll No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
    Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default
    FF Homepage: hxxp://www.hotmail.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: 503b6c9f609fa - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\Extensions\503b6c9f609fa@503b6c9f60a33.info.xpi

    Chrome:
    =======
    CHR Extension: (continuetosave) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blcjdfdbfabojnoihfadacglilhjlojb\1
    CHR Extension: (continuetosave) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpjhchhgecknaeieeemgnfhkmnmmnap\1

    ==================== Services (Whitelisted) =================

    R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-26] (Akamai Technologies, Inc.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
    R2 KPN Back-up Online SC; C:\Program Files\KPN Back-up Online\BackupSC.exe [523064 2013-01-30] (KPN)
    R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

    ==================== Drivers (Whitelisted) ====================

    S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
    R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
    R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
    R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
    R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-28] (DT Soft Ltd)
    R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
    S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2030-08-29 15:22 - 2030-08-29 15:22 - 00143872 ____N (Intel Corporation) C:\Windows\SysWOW64\iacenc.dll
    2030-08-29 15:22 - 2030-08-29 15:22 - 00056832 ____N C:\Windows\SysWOW64\iyvu9_32.dll
    2013-05-30 13:11 - 2013-05-30 13:11 - 00000000 ____D C:\FRST
    2013-05-30 13:10 - 2013-05-30 13:10 - 01915774 ____A (Farbar) C:\Users\Robin\Desktop\FRST64.exe
    2013-05-29 12:45 - 2013-05-29 16:06 - 95023320 ___AT C:\ProgramData\qgrmj.pad
    2013-05-29 12:45 - 2013-05-29 16:06 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-05-29 12:44 - 2013-05-29 12:45 - 95023320 ___AT C:\ProgramData\rheo.pad
    2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\oehr.dat
    2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\jmrgq.dat
    2013-05-27 22:03 - 2013-05-27 22:39 - 00000000 ____D C:\Users\Robin\Downloads\Chocolat (2000)
    2013-05-27 10:01 - 2013-05-27 10:01 - 00000000 ____D C:\Users\Robin\AppData\Local\{C1A388B3-BABA-4480-8693-388271925238}
    2013-05-25 17:07 - 2013-05-25 17:07 - 01394590 ____A C:\Users\Robin\Desktop\visuals.psd
    2013-05-25 15:14 - 2013-05-25 15:14 - 00277040 ____A C:\Windows\Minidump\052513-43602-01.dmp
    2013-05-23 14:16 - 2013-05-23 14:16 - 00000000 ____D C:\Users\Robin\AppData\Local\{D338AD4D-1069-4B70-A27C-0954EEFFA2F5}
    2013-05-22 11:17 - 2013-05-22 11:18 - 00000000 ____D C:\Users\Robin\AppData\Local\{55588D7E-1613-418F-A4FC-525AD34F5762}
    2013-05-21 23:43 - 2013-05-21 23:43 - 00276984 ____A C:\Windows\Minidump\052113-42915-01.dmp
    2013-05-18 20:24 - 2013-05-18 20:24 - 00277040 ____A C:\Windows\Minidump\051813-45302-01.dmp
    2013-05-17 10:22 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-17 10:22 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-17 10:22 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-05-17 10:22 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-17 10:22 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-05-17 10:22 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-17 10:22 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-17 10:22 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-05-17 10:22 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-17 10:22 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-17 10:22 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-17 10:22 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-05-16 12:17 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-16 12:17 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-16 12:17 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-16 12:17 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-16 12:17 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-16 12:17 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-16 12:17 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-16 12:17 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-16 12:17 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-16 12:17 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-16 12:17 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-16 12:17 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-16 12:17 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-16 12:17 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-15 20:18 - 2013-05-15 20:18 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2013-05-15 14:12 - 2013-05-15 14:12 - 00277040 ____A C:\Windows\Minidump\051513-26098-01.dmp
    2013-05-15 11:39 - 2013-05-15 11:40 - 00000000 ____D C:\Users\Robin\AppData\Local\{75D0177D-FC9A-45B6-AB00-A960E6806553}
    2013-05-14 20:40 - 2013-05-14 20:41 - 00277040 ____A C:\Windows\Minidump\051413-32822-01.dmp
    2013-05-14 11:15 - 2013-05-14 11:15 - 00000000 ____D C:\Users\Robin\AppData\Local\{744C7F61-1CFC-4A71-AE3B-16BFC617436E}
    2013-05-14 09:26 - 2013-05-14 09:27 - 00276984 ____A C:\Windows\Minidump\051413-35334-01.dmp
    2013-05-11 19:58 - 2013-05-11 19:58 - 00277040 ____A C:\Windows\Minidump\051113-71261-01.dmp
    2013-05-10 16:48 - 2013-05-10 16:48 - 00000000 ____D C:\ProgramData\NCH Software
    2013-05-10 16:37 - 2013-05-10 16:37 - 00000000 ____D C:\Users\Public\Documents\Adobe
    2013-05-10 15:59 - 2013-05-10 16:04 - 00000000 ____D C:\Users\Robin\AppData\Roaming\MAXQDA11
    2013-05-10 15:57 - 2013-05-10 16:46 - 00000000 ____D C:\Users\Public\Documents\MAXQDA11
    2013-05-10 15:56 - 2013-05-10 16:46 - 00000000 ____D C:\ProgramData\MAXQDA11
    2013-05-10 15:56 - 2013-05-10 16:46 - 00000000 ____D C:\Program Files (x86)\MAXQDA11
    2013-05-10 15:56 - 2013-05-10 15:56 - 00000000 ____D C:\Users\Robin\Downloads\MAXQDA v10.4.15.1 (Cracked)
    2013-05-10 15:32 - 2013-05-10 15:32 - 00324034 ____A C:\Users\Robin\Documents\speech thesis.prproj
    2013-05-10 15:19 - 2013-05-10 15:19 - 00000000 ____D C:\Users\Robin\AppData\Local\IsolatedStorage
    2013-05-10 15:16 - 2013-05-10 15:16 - 00000262 _RASH C:\Users\Robin\ntuser.pol
    2013-05-10 14:15 - 2013-05-29 16:56 - 00000000 ____D C:\Program Files (x86)\Airfoil
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000989 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil Speakers.lnk
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000925 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil.lnk
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\Users\Robin\AppData\Local\Rogue_Amoeba
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\users\Mcx1-ROBIN-PC
    2013-05-08 13:39 - 2013-05-08 13:39 - 00000000 ____D C:\Program Files (x86)\WeftQDA
    2013-05-08 13:38 - 2013-05-08 13:38 - 00001447 ____A C:\Users\Robin\Desktop\Atlasti - Snelkoppeling.lnk
    2013-05-08 13:30 - 2013-05-29 21:18 - 00000000 ____D C:\Users\Robin\Downloads\ATLASti
    2013-05-08 13:25 - 2013-05-10 16:48 - 00000000 ____D C:\Users\Robin\AppData\Roaming\NCH Software
    2013-05-08 12:20 - 2013-05-08 12:20 - 00000000 ____D C:\Users\Robin\AppData\Local\{6D4B1CFF-9CFE-4A2B-8B8E-6936AE9ACC78}
    2013-05-07 15:39 - 2013-05-07 15:39 - 00000000 ____D C:\Users\Robin\AppData\Local\{455B4C61-85FD-42A3-8728-EB7136024442}
    2013-05-06 18:24 - 2013-05-06 18:24 - 00000000 ____D C:\Users\Robin\AppData\Local\{47770974-5FDD-47ED-B4B5-A3AFD11C3AA1}
    2013-05-01 15:42 - 2013-05-01 15:42 - 00000000 ____D C:\Users\Robin\AppData\Local\{506EDB7C-4720-45D7-8C70-D0A75A590E6B}
    2013-05-01 15:38 - 2013-05-01 15:38 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-01 15:38 - 2013-05-01 15:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2013-05-01 15:38 - 2013-05-01 15:38 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-05-01 15:38 - 2013-05-01 15:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-05-01 15:38 - 2013-05-01 15:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2013-05-01 15:38 - 2013-05-01 15:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-05-01 15:38 - 2013-05-01 15:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2013-05-01 15:35 - 2013-05-01 15:46 - 00009499 ____A C:\Windows\IE10_main.log

    ==================== One Month Modified Files and Folders =======

    2030-08-29 15:22 - 2030-08-29 15:22 - 00143872 ____N (Intel Corporation) C:\Windows\SysWOW64\iacenc.dll
    2030-08-29 15:22 - 2030-08-29 15:22 - 00056832 ____N C:\Windows\SysWOW64\iyvu9_32.dll
    2013-05-30 13:11 - 2013-05-30 13:11 - 00000000 ____D C:\FRST
    2013-05-30 13:10 - 2013-05-30 13:10 - 01915774 ____A (Farbar) C:\Users\Robin\Desktop\FRST64.exe
    2013-05-30 13:07 - 2013-02-22 16:23 - 00000000 ____D C:\ProgramData\continuetosave
    2013-05-30 13:07 - 2013-01-16 17:22 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-30 13:06 - 2013-04-09 13:07 - 00000000 ____D C:\ProgramData\boost_interprocess
    2013-05-30 13:06 - 2012-08-16 00:41 - 00040891 ____A C:\Windows\setupact.log
    2013-05-30 13:06 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-29 22:46 - 2010-04-27 02:26 - 01775475 ____A C:\Windows\WindowsUpdate.log
    2013-05-29 22:37 - 2013-01-16 17:22 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-29 22:18 - 2013-01-08 18:07 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-29 21:18 - 2013-05-08 13:30 - 00000000 ____D C:\Users\Robin\Downloads\ATLASti
    2013-05-29 17:06 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-29 17:06 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-29 17:03 - 2010-11-08 13:56 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2013-05-29 16:59 - 2010-10-06 15:10 - 00000000 ____D C:\users\Robin
    2013-05-29 16:58 - 2009-07-14 07:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-05-29 16:56 - 2013-05-10 14:15 - 00000000 ____D C:\Program Files (x86)\Airfoil
    2013-05-29 16:56 - 2013-04-09 13:07 - 00000000 ____D C:\Program Files\KPN Back-up Online
    2013-05-29 16:56 - 2010-10-06 21:39 - 00000000 ____D C:\Users\Robin\AppData\Roaming\uTorrent
    2013-05-29 16:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
    2013-05-29 16:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
    2013-05-29 16:06 - 2013-05-29 12:45 - 95023320 ___AT C:\ProgramData\qgrmj.pad
    2013-05-29 16:06 - 2013-05-29 12:45 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-05-29 12:45 - 2013-05-29 12:44 - 95023320 ___AT C:\ProgramData\rheo.pad
    2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\oehr.dat
    2013-05-29 12:44 - 2013-05-29 12:44 - 00159744 ____A (?????????? ??????????) C:\ProgramData\jmrgq.dat
    2013-05-28 17:40 - 2010-10-25 21:29 - 00001456 ____A C:\Users\Robin\AppData\Local\Adobe Opslaan voor web 12.0 Prefs
    2013-05-28 16:23 - 2011-05-15 16:49 - 00000000 ____D C:\Users\Robin\AppData\Local\Spotify
    2013-05-27 22:39 - 2013-05-27 22:03 - 00000000 ____D C:\Users\Robin\Downloads\Chocolat (2000)
    2013-05-27 11:16 - 2010-11-01 16:30 - 00000000 ____D C:\Users\Robin\Documents\3voor12
    2013-05-27 10:01 - 2013-05-27 10:01 - 00000000 ____D C:\Users\Robin\AppData\Local\{C1A388B3-BABA-4480-8693-388271925238}
    2013-05-25 19:26 - 2013-02-26 19:11 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Spotify
    2013-05-25 17:07 - 2013-05-25 17:07 - 01394590 ____A C:\Users\Robin\Desktop\visuals.psd
    2013-05-25 15:14 - 2013-05-25 15:14 - 00277040 ____A C:\Windows\Minidump\052513-43602-01.dmp
    2013-05-25 15:14 - 2012-09-08 09:56 - 419129752 ____A C:\Windows\MEMORY.DMP
    2013-05-25 15:14 - 2011-09-29 19:43 - 00000000 ____D C:\Windows\Minidump
    2013-05-25 13:36 - 2013-03-04 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-05-24 16:12 - 2013-04-12 12:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-05-24 16:12 - 2013-03-08 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
    2013-05-23 14:16 - 2013-05-23 14:16 - 00000000 ____D C:\Users\Robin\AppData\Local\{D338AD4D-1069-4B70-A27C-0954EEFFA2F5}
    2013-05-22 13:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
    2013-05-22 11:18 - 2013-05-22 11:17 - 00000000 ____D C:\Users\Robin\AppData\Local\{55588D7E-1613-418F-A4FC-525AD34F5762}
    2013-05-21 23:43 - 2013-05-21 23:43 - 00276984 ____A C:\Windows\Minidump\052113-42915-01.dmp
    2013-05-21 16:35 - 2011-09-20 15:15 - 00024206 ____A C:\Users\Robin\Documents\Diary.ods
    2013-05-19 19:00 - 2010-03-28 02:31 - 10636238 ____A C:\Windows\System32\perfh013.dat
    2013-05-19 19:00 - 2010-03-28 02:31 - 03434972 ____A C:\Windows\System32\perfc013.dat
    2013-05-19 19:00 - 2009-07-14 07:13 - 00005214 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-18 20:24 - 2013-05-18 20:24 - 00277040 ____A C:\Windows\Minidump\051813-45302-01.dmp
    2013-05-17 10:53 - 2009-07-14 06:45 - 04957728 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-17 10:29 - 2010-11-01 22:36 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-15 20:18 - 2013-05-15 20:18 - 09195912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2013-05-15 20:18 - 2012-07-24 09:44 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-15 20:18 - 2011-06-12 15:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-15 14:12 - 2013-05-15 14:12 - 00277040 ____A C:\Windows\Minidump\051513-26098-01.dmp
    2013-05-15 11:40 - 2013-05-15 11:39 - 00000000 ____D C:\Users\Robin\AppData\Local\{75D0177D-FC9A-45B6-AB00-A960E6806553}
    2013-05-14 20:41 - 2013-05-14 20:40 - 00277040 ____A C:\Windows\Minidump\051413-32822-01.dmp
    2013-05-14 11:15 - 2013-05-14 11:15 - 00000000 ____D C:\Users\Robin\AppData\Local\{744C7F61-1CFC-4A71-AE3B-16BFC617436E}
    2013-05-14 09:27 - 2013-05-14 09:26 - 00276984 ____A C:\Windows\Minidump\051413-35334-01.dmp
    2013-05-13 16:46 - 2012-09-30 13:34 - 00000000 ____D C:\Users\Robin\Documents\The Daily Indie
    2013-05-11 19:58 - 2013-05-11 19:58 - 00277040 ____A C:\Windows\Minidump\051113-71261-01.dmp
    2013-05-11 19:57 - 2010-10-06 15:05 - 00397492 ____A C:\Windows\PFRO.log
    2013-05-10 16:48 - 2013-05-10 16:48 - 00000000 ____D C:\ProgramData\NCH Software
    2013-05-10 16:48 - 2013-05-08 13:25 - 00000000 ____D C:\Users\Robin\AppData\Roaming\NCH Software
    2013-05-10 16:48 - 2012-11-10 21:26 - 00000000 ____D C:\Program Files (x86)\NCH Software
    2013-05-10 16:46 - 2013-05-10 15:57 - 00000000 ____D C:\Users\Public\Documents\MAXQDA11
    2013-05-10 16:46 - 2013-05-10 15:56 - 00000000 ____D C:\ProgramData\MAXQDA11
    2013-05-10 16:46 - 2013-05-10 15:56 - 00000000 ____D C:\Program Files (x86)\MAXQDA11
    2013-05-10 16:45 - 2010-03-27 18:53 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-05-10 16:38 - 2010-10-22 17:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2013-05-10 16:37 - 2013-05-10 16:37 - 00000000 ____D C:\Users\Public\Documents\Adobe
    2013-05-10 16:37 - 2010-10-15 15:23 - 00000000 ____D C:\Users\Robin\AppData\Local\Adobe
    2013-05-10 16:37 - 2010-10-06 17:25 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Adobe
    2013-05-10 16:04 - 2013-05-10 15:59 - 00000000 ____D C:\Users\Robin\AppData\Roaming\MAXQDA11
    2013-05-10 15:56 - 2013-05-10 15:56 - 00000000 ____D C:\Users\Robin\Downloads\MAXQDA v10.4.15.1 (Cracked)
    2013-05-10 15:40 - 2010-03-27 18:54 - 00000000 ____D C:\ProgramData\Adobe
    2013-05-10 15:39 - 2012-03-12 13:05 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Skype
    2013-05-10 15:32 - 2013-05-10 15:32 - 00324034 ____A C:\Users\Robin\Documents\speech thesis.prproj
    2013-05-10 15:19 - 2013-05-10 15:19 - 00000000 ____D C:\Users\Robin\AppData\Local\IsolatedStorage
    2013-05-10 15:16 - 2013-05-10 15:16 - 00000262 _RASH C:\Users\Robin\ntuser.pol
    2013-05-10 15:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000989 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil Speakers.lnk
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000925 ____A C:\Users\Mcx1-ROBIN-PC\Desktop\Airfoil.lnk
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\Users\Robin\AppData\Local\Rogue_Amoeba
    2013-05-10 14:15 - 2013-05-10 14:15 - 00000000 ____D C:\users\Mcx1-ROBIN-PC
    2013-05-08 13:39 - 2013-05-08 13:39 - 00000000 ____D C:\Program Files (x86)\WeftQDA
    2013-05-08 13:38 - 2013-05-08 13:38 - 00001447 ____A C:\Users\Robin\Desktop\Atlasti - Snelkoppeling.lnk
    2013-05-08 12:20 - 2013-05-08 12:20 - 00000000 ____D C:\Users\Robin\AppData\Local\{6D4B1CFF-9CFE-4A2B-8B8E-6936AE9ACC78}
    2013-05-07 15:39 - 2013-05-07 15:39 - 00000000 ____D C:\Users\Robin\AppData\Local\{455B4C61-85FD-42A3-8728-EB7136024442}
    2013-05-06 18:24 - 2013-05-06 18:24 - 00000000 ____D C:\Users\Robin\AppData\Local\{47770974-5FDD-47ED-B4B5-A3AFD11C3AA1}
    2013-05-04 19:20 - 2013-04-10 00:47 - 00000000 ____D C:\Users\Robin\Documents\Dirk artikel
    2013-05-01 22:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2013-05-01 15:46 - 2013-05-01 15:35 - 00009499 ____A C:\Windows\IE10_main.log
    2013-05-01 15:42 - 2013-05-01 15:42 - 00000000 ____D C:\Users\Robin\AppData\Local\{506EDB7C-4720-45D7-8C70-D0A75A590E6B}
    2013-05-01 15:38 - 2013-05-01 15:38 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-01 15:38 - 2013-05-01 15:38 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2013-05-01 15:38 - 2013-05-01 15:38 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2013-05-01 15:38 - 2013-05-01 15:38 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2013-05-01 15:38 - 2013-05-01 15:38 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2013-05-01 15:38 - 2013-05-01 15:38 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2013-05-01 15:38 - 2013-05-01 15:38 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2013-05-01 15:38 - 2013-05-01 15:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2013-05-01 15:38 - 2013-05-01 15:38 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2013-05-01 15:38 - 2013-05-01 15:38 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

    Other Malware:
    ===========
    C:\ProgramData\jmrgq.dat
    C:\ProgramData\oehr.dat
    C:\ProgramData\qgrmj.pad
    C:\ProgramData\rheo.pad

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2013-05-25 19:51

    ==================== End Of Log ============================
    Posted 5/30/2013 1:24 PM
    #95688
    User avatar

    Touch Advanced member

    Date Joined Nov 2016
    Total Posts: 12976
    Looks like you have (had) the police virus, as there still are some remnants we'll need to remove.



    Please work your way through the following steps:
    [color="#0000ff">[/b]

    * Please copy the content of the below in the codebox. (To do this highlight the contents of the box, right click on it and select copy.
    * Right-click in the open notepad and select Paste).
    * Save it same place where you have Farbar Tool.
    start
    BHO-x32: No Name - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No File
    BHO-x32: continuetosave - {F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} - C:\ProgramData\continuetosave\512786279cfbf.dll No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    C:\ProgramData\qgrmj.pad
    C:\ProgramData\as98213.txt
    C:\ProgramData\rheo.pad
    C:\ProgramData\oehr.dat
    C:\ProgramData\jmrgq.dat
    end



    * Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
    * The tool will make a log - Fixlog.txt
    * Please post it in your next reply
    * As soon as you have ran the above script please follow immediately with Combofix:
    *


    Please download Combofix from:

    https://download.bleepingcomputer.com/sUBs/ComboFix.exe


    And save to the desktop.[/color]

     

    After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:

    Exit all windows that are currently open on your computer.

    To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.



     

    Double-click on the combofix icon found on your desktop.

     

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
    In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.



    When finished, it will produce a logfile located at C:\combofix.txt.

     



    Post the contents of that log in your next reply



    The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.





    [color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
    [/color]
    Do not PM me with logfiles. They will be deleted.


    Posted 6/5/2013 10:42 PM
    #95712
    User avatar

    Robin085 Member

    Date Joined Nov 2016
    Total Posts: 7
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-05-2013
    Ran by Robin at 2013-06-06 00:41:52 Run:1
    Running from C:\Users\Robin\Desktop\Fix
    Boot Mode: Normal
    ==============================================

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{F7DD5FF7-AA4B-25E4-8659-F4DF4AB1423A} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
    HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
    C:\ProgramData\qgrmj.pad => Moved successfully.
    C:\ProgramData\as98213.txt => Moved successfully.
    C:\ProgramData\rheo.pad => Moved successfully.
    C:\ProgramData\oehr.dat => Moved successfully.
    C:\ProgramData\jmrgq.dat => Moved successfully.

    ==== End of Fixlog ====
    Posted 6/5/2013 11:33 PM
    #95713
    User avatar

    Robin085 Member

    Date Joined Nov 2016
    Total Posts: 7
    Hi, above the FRST log. I ran Combofix as well and all went smoothly, but as soon as it finished and created the log, my internet connection was lost. I rebooted my pc and my router, but it doesn't solve it. I do in fact pick up the wifi signal but there's no www connection. My router's fine as I write this from my iPhone and it works fine. A quick google learns more people run into this after using Combofix, what to do?

    EDIT: I ran a system restore and internet is up again. I don't know whether the thing Combofix did, is undone now though?

    This is the Combofix log:


    ComboFix 13-06-05.05 - Robin 06-06-2013 0:51.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1848 [GMT 2:00]
    Gestart vanuit: c:\users\Robin\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\continuetosave
    c:\programdata\continuetosave\512786279cfbf.tlb
    c:\programdata\continuetosave\512786797a1e7.tlb
    c:\programdata\continuetosave\settings.ini
    c:\users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\tbinst
    c:\users\Robin\AppData\Roaming\Microsoft\~DFK53e58f.tmp
    c:\users\Robin\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Robin\AppData\Roaming\Microsoft\bass.dll
    c:\users\Robin\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Robin\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Robin\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\Robin\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Robin\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Robin\AppData\Roaming\Microsoft\rsaadjd.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-05-05 to 2013-06-05 ))))))))))))))))))))))))))))))
    .
    .
    2030-08-29 13:22 . 2030-08-29 13:22 56832 ------w- c:\windows\SysWow64\iyvu9_32.dll
    2030-08-29 13:22 . 2030-08-29 13:22 143872 ------w- c:\windows\SysWow64\iacenc.dll
    2013-06-05 23:00 . 2013-06-05 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-05-30 18:28 . 2013-05-30 18:28 -------- d-----w- c:\users\Robin\AppData\Roaming\Mael
    2013-05-30 11:11 . 2013-05-30 11:11 -------- d-----w- C:\FRST
    2013-05-24 14:12 . 2013-05-24 14:12 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    2013-05-16 10:17 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-05-15 18:18 . 2013-05-15 18:18 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-05-10 14:48 . 2013-05-10 14:48 -------- d-----w- c:\programdata\NCH Software
    2013-05-10 14:06 . 2013-05-10 14:06 -------- d-----w- c:\users\Robin\AppData\Local\Programs
    2013-05-10 13:59 . 2013-05-10 14:04 -------- d-----w- c:\users\Robin\AppData\Roaming\MAXQDA11
    2013-05-10 13:56 . 2013-05-10 14:46 -------- d-----w- c:\programdata\MAXQDA11
    2013-05-10 13:56 . 2013-05-10 14:46 -------- d-----w- c:\program files (x86)\MAXQDA11
    2013-05-10 13:19 . 2013-05-10 13:19 -------- d-----w- c:\users\Robin\AppData\Local\IsolatedStorage
    2013-05-10 13:16 . 2013-05-10 13:18 -------- d-----w- c:\program files (x86)\OApps
    2013-05-10 12:15 . 2013-05-10 12:15 -------- d-----w- c:\users\Robin\AppData\Local\Rogue_Amoeba
    2013-05-10 12:15 . 2013-05-10 12:15 -------- d-----w- c:\users\Mcx1-ROBIN-PC
    2013-05-10 12:15 . 2013-05-31 12:35 -------- d-----w- c:\program files (x86)\Airfoil
    2013-05-08 11:39 . 2013-05-30 22:16 -------- d-----w- c:\program files (x86)\WeftQDA
    2013-05-08 11:25 . 2013-05-10 14:48 -------- d-----w- c:\users\Robin\AppData\Roaming\NCH Software
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-17 08:29 . 2010-11-01 20:36 75016696 ----a-w- c:\windows\system32\MRT.exe
    2013-05-15 18:18 . 2012-07-24 07:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-15 18:18 . 2011-06-12 13:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 09:15 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-01 13:38 . 2013-05-01 13:38 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-05-01 13:38 . 2013-05-01 13:38 226304 ----a-w- c:\windows\system32\elshyph.dll
    2013-05-01 13:38 . 2013-05-01 13:38 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-05-01 13:38 . 2013-05-01 13:38 158720 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-05-01 13:38 . 2013-05-01 13:38 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-05-01 13:38 . 2013-05-01 13:38 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-05-01 13:38 . 2013-05-01 13:38 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-05-01 13:38 . 2013-05-01 13:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-05-01 13:38 . 2013-05-01 13:38 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-05-01 13:38 . 2013-05-01 13:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-05-01 13:38 . 2013-05-01 13:38 138752 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-05-01 13:38 . 2013-05-01 13:38 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-05-01 13:38 . 2013-05-01 13:38 12800 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-05-01 13:38 . 2013-05-01 13:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-05-01 13:38 . 2013-05-01 13:38 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-05-01 13:38 . 2013-05-01 13:38 361984 ----a-w- c:\windows\SysWow64\html.iec
    2013-05-01 13:38 . 2013-05-01 13:38 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-05-01 13:38 . 2013-05-01 13:38 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-05-01 13:38 . 2013-05-01 13:38 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-05-01 13:38 . 2013-05-01 13:38 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-05-01 13:38 . 2013-05-01 13:38 762368 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-05-01 13:38 . 2013-05-01 13:38 452096 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-05-01 13:38 . 2013-05-01 13:38 441856 ----a-w- c:\windows\system32\html.iec
    2013-05-01 13:38 . 2013-05-01 13:38 281600 ----a-w- c:\windows\system32\dxtrans.dll
    2013-05-01 13:38 . 2013-05-01 13:38 270848 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-05-01 13:38 . 2013-05-01 13:38 235008 ----a-w- c:\windows\system32\url.dll
    2013-05-01 13:38 . 2013-05-01 13:38 216064 ----a-w- c:\windows\system32\msls31.dll
    2013-05-01 13:38 . 2013-05-01 13:38 197120 ----a-w- c:\windows\system32\msrating.dll
    2013-05-01 13:38 . 2013-05-01 13:38 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-05-01 13:38 . 2013-05-01 13:38 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-05-01 13:38 . 2013-05-01 13:38 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2013-05-01 13:38 . 2013-05-01 13:38 599552 ----a-w- c:\windows\system32\vbscript.dll
    2013-05-01 13:38 . 2013-05-01 13:38 27648 ----a-w- c:\windows\system32\licmgr10.dll
    2013-05-01 13:38 . 2013-05-01 13:38 247296 ----a-w- c:\windows\system32\webcheck.dll
    2013-05-01 13:38 . 2013-05-01 13:38 173568 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-05-01 13:38 . 2013-05-01 13:38 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-05-01 13:38 . 2013-05-01 13:38 144896 ----a-w- c:\windows\system32\wextract.exe
    2013-05-01 13:38 . 2013-05-01 13:38 102912 ----a-w- c:\windows\system32\inseng.dll
    2013-05-01 13:38 . 2013-05-01 13:38 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-05-01 13:38 . 2013-05-01 13:38 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-05-01 13:38 . 2013-05-01 13:38 62976 ----a-w- c:\windows\system32\pngfilt.dll
    2013-05-01 13:38 . 2013-05-01 13:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-05-01 13:38 . 2013-05-01 13:38 51200 ----a-w- c:\windows\system32\imgutil.dll
    2013-05-01 13:38 . 2013-05-01 13:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-05-01 13:38 . 2013-05-01 13:38 149504 ----a-w- c:\windows\system32\occache.dll
    2013-05-01 13:38 . 2013-05-01 13:38 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-05-01 13:38 . 2013-05-01 13:38 136192 ----a-w- c:\windows\system32\iepeers.dll
    2013-05-01 13:38 . 2013-05-01 13:38 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-05-01 13:38 . 2013-05-01 13:38 12800 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-04-25 16:11 . 2013-04-25 16:11 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2013-04-13 05:49 . 2013-05-16 10:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-16 10:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-16 10:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-16 10:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:17 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-24 13:02 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-03-19 06:04 . 2013-04-11 09:27 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 05:46 . 2013-04-11 09:27 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 05:04 . 2013-04-11 09:27 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-11 09:27 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47 . 2013-04-11 09:27 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06 . 2013-04-11 09:27 112640 ----a-w- c:\windows\system32\smss.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 94208 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)
    "ForceActiveDesktopOn"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
    S2 KPN Back-up Online SC;KPN Back-up Online SC;c:\program files\KPN Back-up Online\BackupSC.exe;c:\program files\KPN Back-up Online\BackupSC.exe [x]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
    S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 18:18]
    .
    2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 15:22]
    .
    2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 15:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:19 97792 ----a-w- c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
    "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://websearch.simplespeedy.info/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0D0E0CzyyCtB0EtA0B0EtN0D0Tzu0CtAtDtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=686163073
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0D0E0CzyyCtB0EtA0B0EtN0D0Tzu0CtAtDtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=686163073
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0D0E0CzyyCtB0EtA0B0EtN0D0Tzu0CtAtDtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=686163073&q=
    FF - user.js: extensions.funmoods.id - C80AA9DEC962E3BE
    FF - user.js: extensions.funmoods.instlDay - 15641
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:48
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - fmtgl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - fmtgl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - true
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
    AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
    AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
    AddRemove-WildTangentGDF-hp-runescape - c:\program files (x86)\HP Games\Web Link - RuneScape HD\Uninstall.exe
    AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
    AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
    "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
    "ImagePath"="system32\drivers\ACPI.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
    "ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
    "ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
    "ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
    "ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
    "ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AERTFilters]
    "ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
    "ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
    "ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
    "ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
    "ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
    "ImagePath"="system32\drivers\amdxata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apowersoft_AudioDevice]
    "ImagePath"="system32\drivers\Apowersoft_AudioDevice.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
    "ImagePath"="\SystemRoot\system32\drivers\appid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
    "ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
    "ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
    "ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
    "ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
    "ImagePath"="system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
    "ImagePath"="\"c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
    "ImagePath"="system32\DRIVERS\AVGIDSDriver.Sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSEH]
    "ImagePath"="system32\DRIVERS\AVGIDSEH.Sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSFilter]
    "ImagePath"="system32\DRIVERS\AVGIDSFilter.Sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
    "ImagePath"="system32\DRIVERS\avgldx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
    "ImagePath"="system32\DRIVERS\avgmfx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
    "ImagePath"="system32\DRIVERS\avgrkx64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
    "ImagePath"="system32\DRIVERS\avgtdia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
    "ImagePath"="\"c:\program files (x86)\AVG\AVG10\avgwdsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
    "ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
    "ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
    "ImagePath"="system32\DRIVERS\b57nd60a.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
    "ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHDrvx64]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
    "ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
    "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
    "ImagePath"="system32\DRIVERS\bridge.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
    "ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
    "ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
    "ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
    "ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
    "ServiceDll"="%SystemRoot%\system32\bthserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
    "ImagePath"="\??\c:\combofix\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
    "ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
    "ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
    "ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
    "ImagePath"="System32\Drivers\cng.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
    "ImagePath"="system32\DRIVERS\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
    "ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
    "ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
    "ServiceDll"="%Systemroot%\System32\defragsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
    "ImagePath"="System32\drivers\discache.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
    "ImagePath"="system32\DRIVERS\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
    "ImagePath"="system32\DRIVERS\dtsoftbus01.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
    "ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
    "ImagePath"="%SystemRoot%\System32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
    "ImagePath"="%systemroot%\ehome\ehRecvr.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
    "ImagePath"="%systemroot%\ehome\ehsched.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
    "ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ewusbnet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ew_hwusbdev]
    "ImagePath"="system32\DRIVERS\ew_hwusbdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ezntsvc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ezSharedSvc]
    "ServiceDll"="c:\windows\System32\ezsvc7.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
    "ImagePath"="%systemroot%\system32\fxssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
    "ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
    "ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
    "ServiceDll"="%SystemRoot%\system32\FntCache.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
    "ImagePath"="System32\drivers\FsDepends.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
    "ImagePath"="System32\DRIVERS\fvevol.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
    "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
    "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
    "ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
    "ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
    "ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
    "ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
    "ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
    "ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
    "ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
    "ServiceDll"="%SystemRoot%\system32\provsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HP Health Check Service]
    "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hpqwmiex]
    "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
    "ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_cdcacm]
    "ImagePath"="system32\DRIVERS\ew_jucdcacm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_enumerator]
    "ImagePath"="system32\DRIVERS\ew_jubusenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwcdcmdm0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwdatacard]
    "ImagePath"="system32\DRIVERS\ewusbmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
    "ImagePath"="System32\drivers\hwpolicy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwusbapp]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwusbdev]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwusbser]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
    "ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ialm]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
    "ImagePath"="system32\DRIVERS\iaStor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IDSVia64]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\igfx]
    "ImagePath"="system32\DRIVERS\igdkmd64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
    "ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHD64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcHdmiAddService]
    "ImagePath"="system32\drivers\IntcHdmi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
    "ImagePath"="System32\drivers\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
    "ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KPN Back-up Online SC]
    "ImagePath"="\"c:\program files\KPN Back-up Online\BackupSC.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
    "ImagePath"="System32\Drivers\ksecpkg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
    "ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
    "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
    "ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
    "ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
    "ImagePath"="system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
    "ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
    "ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
    "ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MxEFUF]
    "ImagePath"="system32\DRIVERS\MxEFUF64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
    "ImagePath"="system32\drivers\ndis.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
    "ImagePath"="system32\DRIVERS\ndiscap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
    "ImagePath"="System32\DRIVERS\netbt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netw5v64]
    "ImagePath"="system32\DRIVERS\netw5v64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
    "ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NMSAccess]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NMSAccessU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
    "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
    "ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
    "ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
    "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
    "ImagePath"="System32\drivers\pcw.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
    "ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
    "ServiceDll"="%SystemRoot%\system32\umpo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
    "ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHlpa64]
    "ImagePath"="System32\Drivers\PxHlpa64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
    "ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
    "ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
    "ImagePath"="system32\DRIVERS\AgileVpn.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
    "ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
    "ImagePath"="system32\drivers\rdprefmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
    "ImagePath"="System32\drivers\rdyboost.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
    "ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RSUSBSTOR]
    "ImagePath"="System32\Drivers\RtsUStor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
    "ImagePath"="system32\DRIVERS\Rt64win7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rtl8192se]
    "ImagePath"="system32\DRIVERS\rtl8192se.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
    "ImagePath"="System32\DRIVERS\scfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdbus]
    "ImagePath"="\SystemRoot\system32\drivers\sdbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SeaPort]
    "ImagePath"="\"c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Secdrv]
    "ImagePath"="\??\c:\windows\system32\drivers\SECDRV.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
    "ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
    "ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
    "ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
    "ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
    "ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
    "ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
    "ImagePath"="%SystemRoot%\system32\sppsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
    "ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SrvHsfHDA]
    "ImagePath"="system32\DRIVERS\VSTAZL6.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SrvHsfV92]
    "ImagePath"="system32\DRIVERS\VSTDPV6.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SrvHsfWinac]
    "ImagePath"="system32\DRIVERS\VSTCNXT6.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stdriver]
    "ImagePath"="system32\DRIVERS\stdriver64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
    "ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
    "ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SwitchBoard]
    "ImagePath"="\"c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SymDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SymEFA]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SynTP]
    "ImagePath"="system32\DRIVERS\SynTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
    "ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
    "ServiceDll"="%SystemRoot%\system32\themeservice.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
    "ImagePath"="system32\drivers\tsusbflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
    "ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
    "ImagePath"="system32\DRIVERS\umpass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
    "ImagePath"="System32\Drivers\usbaapl64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
    "ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
    "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
    "ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
    "ImagePath"="system32\drivers\vdrvroot.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
    "ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
    "ImagePath"="system32\drivers\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
    "ImagePath"="system32\drivers\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
    "ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
    "ImagePath"="system32\DRIVERS\vwifibus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]
    "ImagePath"="system32\DRIVERS\vwififlt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
    "ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
    "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
    "ImagePath"="\"%systemroot%\system32\wbengine.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
    "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
    "ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
    "ImagePath"="system32\DRIVERS\wfplwf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
    "ImagePath"="system32\drivers\wimmount.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
    "ImagePath"="system32\DRIVERS\WinUsb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
    "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
    "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
    "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
    "ImagePath"="system32\drivers\WudfPf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
    "ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\yukonw7]
    "ImagePath"="system32\DRIVERS\yk62x64.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{06132D06-2B44-48E3-9C0A-4F14FDC77469}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{CACB87BA-BD09-4C42-A97E-A8C8258C6339}]
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-06-06 01:06:54
    ComboFix-quarantined-files.txt 2013-06-05 23:06
    .
    Pre-Run: 249.362.341.888 bytes beschikbaar
    Post-Run: 254.750.056.448 bytes beschikbaar
    .
    - - End Of File - - 14BE3AB8A88AD51FA322B0EFA9D2E57E
    Posted 6/6/2013 10:43 AM
    #95715
    User avatar

    Touch Advanced member

    Date Joined Nov 2016
    Total Posts: 12976
    I don't know whether the thing Combofix did, is undone now though?





    It looks fine to me, the most important thing was that the rootkit was removed with FRST tool.


    However, it looks like you have some potentialy unwanted program (PUP) installed which I suggest we remove.


    Please download:
    https://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner



    Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select – Run as admin
    Click Delete.
    Everything that was found will be deleted.
    Save any open files and approve the reboot. A text file will open after the restart.


    Next -
    Junkware Removal Tool by thisisu
    Download: https://www.bleepingcomputer.com/download/junkware-removal-tool/

    Disable your Antivirus program if required
    For vista and windows 7 right click on the tool and select run as administrator.



    After the scan is completed, post the generated log here, along with Adwcleaner log.




    [color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
    [/color]
    Do not PM me with logfiles. They will be deleted.


    Posted 6/6/2013 6:20 PM
    #95719
    User avatar

    Robin085 Member

    Date Joined Nov 2016
    Total Posts: 7
    # AdwCleaner v2.301 - Verslag gemaakt op 06/06/2013 om 20:14:19
    # Geactualiseerd op 16/05/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Gebruiker : Robin - ROBIN-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Robin\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
    File Verwijdert : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\searchplugins\Askcom.xml
    File Verwijdert : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\searchplugins\WebSearch.xml
    Map Verwijdert : C:\Program Files (x86)\continuetosave
    Map Verwijdert : C:\Program Files (x86)\OApps
    Map Verwijdert : C:\ProgramData\Ask
    Map Verwijdert : C:\ProgramData\continuetosave
    Map Verwijdert : C:\ProgramData\InstallMate
    Map Verwijdert : C:\ProgramData\SoftSafe
    Map Verwijdert : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blcjdfdbfabojnoihfadacglilhjlojb
    Verwijdert bij het opstarten : C:\ProgramData\boost_interprocess

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\APN PIP
    Sleutel Verwijdert : HKCU\Software\AppDataLow\SProtector
    Sleutel Verwijdert : HKCU\Software\Conduit
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Sleutel Verwijdert : HKCU\Software\Softonic
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Sleutel Verwijdert : HKLM\Software\AVG Secure Search
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Sleutel Verwijdert : HKLM\Software\Conduit
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Sleutel Verwijdert : HKLM\Software\PIP
    Sleutel Verwijdert : HKLM\Software\SP Global
    Sleutel Verwijdert : HKLM\Software\SProtector
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

    ***** [Browsers] *****

    -\\ Internet Explorer v10.0.9200.16576

    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.simplespeedy.info/ --> hxxp://www.google.com

    -\\ Mozilla Firefox v21.0 (nl)

    File : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\prefs.js

    C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\1sryxlu5.default\user.js ... Verwijdert !

    Verwijdert : user_pref("extensions.funmoods.aflt", "fmtgl");
    Verwijdert : user_pref("extensions.funmoods.autoRvrt", false);
    Verwijdert : user_pref("extensions.funmoods.dfltLng", "");
    Verwijdert : user_pref("extensions.funmoods.dfltSrch", true);
    Verwijdert : user_pref("extensions.funmoods.dnsErr", true);
    Verwijdert : user_pref("extensions.funmoods.envrmnt", "production");
    Verwijdert : user_pref("extensions.funmoods.excTlbr", true);
    Verwijdert : user_pref("extensions.funmoods.hmpg", false);
    Verwijdert : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=fmtgl&chnl=fmtgl&cd=2Xzuy[...]
    Verwijdert : user_pref("extensions.funmoods.id", "C80AA9DEC962E3BE");
    Verwijdert : user_pref("extensions.funmoods.instlDay", "15641");
    Verwijdert : user_pref("extensions.funmoods.instlRef", "fmtgl");
    Verwijdert : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Verwijdert : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Verwijdert : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=fmtgl&chnl=fmtgl&cd=2Xz[...]
    Verwijdert : user_pref("extensions.funmoods.prdct", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Verwijdert : user_pref("extensions.funmoods.tlbrId", "base");
    Verwijdert : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=fmtgl&chnl=fmtgl&cd=2[...]
    Verwijdert : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods_i.newTab", false);
    Verwijdert : user_pref("extensions.funmoods_i.smplGrp", "none");
    Verwijdert : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:48:31");

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [5416 octets] - [06/06/2013 20:14:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [5476 octets] ##########
    Posted 6/6/2013 6:32 PM
    #95720
    User avatar

    Robin085 Member

    Date Joined Nov 2016
    Total Posts: 7
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Robin on do 06-06-2013 at 20:25:28,24
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{00AFB5EE-A3E4-4E48-9F8B-0950B37B5F9B}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4A2F05AE-7550-483E-8F1A-74D4597E2148}



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{002F5C20-0F8F-4FA6-93D5-FBD07D08DD66}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0116E789-FEBE-4ACF-921D-F05C1839259D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{01832A22-FA35-4DD3-B2B6-FFC64C0F1FE3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{01963357-0BC4-400C-BF5D-7EC13351D926}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{019FA9F3-DBE1-4EFB-AFEF-01F083319618}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{01CD429D-09BB-4412-8E6E-ED44969BC5EC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{026DB60B-CACD-40E8-BD63-1ABAFE76E521}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0289C6EE-7D70-4E3E-B4FB-DCA1C661FE57}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{028B4876-B018-4E59-808F-D74736E75C35}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{02A00EAC-45F4-454C-8DB3-3A0FB7695727}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{03453A9B-C47F-4A1A-92DA-BEC31212D69C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{03609397-D958-41D2-8BC5-A86F8A866CF1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{03923D3A-EA63-4FEA-B7F7-77C8B7990328}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{039E73F8-24F4-4916-9610-9F6DFEEE42A3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{04E06EB8-404D-414B-AE9D-0D4208B169F4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0578FBCC-2124-448C-8274-FDA122FF1178}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{06244917-82F5-4B53-BAE6-F7F84F99BD41}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{06334EFE-C36E-4919-9D63-AF65A0EFAD1A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0673899D-4CDD-4791-A74B-A60F94D0F607}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{06FED00C-B6C4-4EBE-94D2-0BC4193AAD38}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{07092354-A01A-4B01-B558-6DD627967E13}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0714544D-59A1-4077-9144-EF86EC3BF6B2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{081F8AED-26CB-43DC-BE0B-DD1417DC4746}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0A4486D5-C209-4D89-8C07-ED4E7A57DFF9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0AC59001-02B2-4202-9692-9280F203B096}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0BC5DEA5-9508-4F3B-A1C6-9989EBB126F0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0BE9E799-CA84-4893-8B05-8E73207D43C4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0C13BD36-F7F6-4814-BF80-35A58DE67E62}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0C29F918-FFF8-4B1A-BD6C-CC87754F529C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0CD35DB4-1CD3-4657-B445-12196A6B904B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0CDA2050-A100-462C-9AC7-CFAFA2693396}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0D5825A8-19E7-4E85-AC09-9A4E23F54408}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{0E7B0651-EED0-4F7F-BBE5-181402A66E0D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{10C58400-A150-4234-BDCD-60C5442B124D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{11A3962F-77DC-43DC-8F00-0D3CDD945117}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{121DD44B-62F7-4795-85FE-4749144EFAFE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{12F076FA-6971-4189-AF19-4A364586F148}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{139CA7BD-D57A-4B1B-8124-57080CA2DF83}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{147B106A-6507-4410-B532-CF47BEE89F3B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{14807402-2EAA-427A-9304-A0FEB1E716D5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{14FE5BC6-CF4D-42DB-871C-549869529208}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{153E40B4-7185-480E-A94E-A8B515934384}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{168E9832-67BC-4770-8931-7A64D20F6541}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{169EB68F-8A20-474A-BAE6-0A9C34664E0E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{16C1C73C-DE83-43A3-924B-70B2B180B024}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{16D3017D-79F5-4AA9-A867-DFAF3509CBAA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{182C1BA4-990B-4C33-A9E9-32D3346ED605}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1849424B-7DE6-4963-8B03-8DAAB992F8D0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19719667-BC59-40A1-852F-600C88C7F512}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19976C70-B9D9-4D7A-A5B1-66A9C2CA0526}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19A036F4-00D7-470A-BD8D-75502A506D2B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19B7CD50-BA9D-4367-8A90-33BCB33BB309}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{19BB6437-CF15-4FDD-9E13-42BBDD930C27}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1A683CDA-8472-4053-BBA0-413DA95A9434}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1AECD216-D6D7-45B8-B724-BD28DC2C9341}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1BBA6BBE-BD86-41BD-A95C-851C298E6EC9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1CCE1871-CE0F-406C-B13B-79A327873F44}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1E9518D0-8386-4724-9FAC-63795C2B7001}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1E99D814-75B3-46B8-8656-48EDDC913F85}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{1EBC09AA-3BA2-484B-A45A-6FB3D9BB24AB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{20CC1A22-7647-41DF-AC0A-355AF2BA2314}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{22830C00-6473-44A4-BE35-808804D43BFC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{228F6990-1E3E-46F8-AF4A-4E110C61367D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{22EE6970-2332-4C7D-BE3A-044AD312B7A4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{244C4724-F5B9-4D1C-87CA-3DDF58D4D2C0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{258F5A61-9A4A-417A-BDF8-6B087CDEB078}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{25FF8A7B-3727-499D-BA92-0FBD059F5635}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{26080F03-F7A4-4122-9137-6DF5D55EA047}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{270F5814-548F-4283-8731-0608F24BADB2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{27F16278-FC42-42D8-8D76-5612CA1FCBC6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{29D33F9B-265F-48F3-BB93-20B3139F51B3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2ABECD59-A648-41B9-A641-BC18B58C4AF2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2BC15935-0095-4961-B96D-1ABF0F6775AF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2C614C2C-CB33-49D5-8254-C3E01711D115}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2CC82E25-5BEA-434C-B5EC-6921352BA302}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2D797A8B-C9E9-46CB-98D6-A762B90512EE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2DD5944A-31D5-42C4-99DD-C865B68C4F63}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2E0DBC75-A76E-40DC-9BE2-6556E35033E5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2EA614E6-9FF2-422D-881E-41F4C51F9C64}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{2F28614A-1D99-4232-BB92-1EA117FCC74D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{30708499-13FA-4526-8DE3-8E1B7502618B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3173C98C-6CEF-4A1F-905B-C3FF6F581D07}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{31E8299E-5BF6-4BF2-BE37-3473560C53A1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{324328A1-E5D1-4188-9E2C-DD72B7F7C946}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{33250BF7-C1C0-4641-8B85-AD110936CE9F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{338A8F6C-F441-4458-A54B-3C9DAA44B411}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{33FABA13-D1E5-4B80-A4C0-521164347D02}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{344AAA60-F220-4AF8-8E51-FFC7BDAEA197}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{34D2F091-006D-4234-8D54-00143FF7797F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3657887D-73FD-4454-85A9-3B3EF8DA1914}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{367354FF-0A0A-4741-BD40-B13455EFEA27}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{38080757-01EC-4ADA-94E3-ACF60B8DFDCC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{381CF8B6-DDC1-4E89-B4A4-9161A8B9EACE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3895C4E0-6E20-4C08-AE9C-8199A24244C9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{393F28F7-61C4-4B61-8ECA-6F27233A26D0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3983F141-4EE7-453E-A07B-A0D42C119A38}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{39C0167E-3B02-4C60-BEDF-E0690519CF28}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3C35FF91-67F5-416B-A499-F81DBCA8EBC3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3DDFF032-5E7C-4F15-B9A2-D5021F479FA5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3E4E75E5-BF6D-42D0-86FB-2A9886460D1C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3EC36E81-3274-4F5F-9300-37362634FE7F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{3F4D223E-0ACF-4E55-8990-6CB2EFED2702}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{40009145-AFF1-4A2B-B88B-24E427BEC3D1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{423284B4-E82D-444E-9AF5-63BD2CFC5281}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{428D9BBE-E12E-45EE-8AA8-8DE8A696BB43}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{42FDCE64-7C82-448D-A740-EBCD54FE45B5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{433687CB-B0D3-4921-B586-6BA05ECDD584}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{43A8C6B4-499A-42C1-BA25-12DE787B35E8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{43D29B5D-5219-4ADB-9B77-485B29C1AF70}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4501F2CE-EA8E-4F96-B66E-81673C6CFB2F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{455B4C61-85FD-42A3-8728-EB7136024442}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{457DC43B-21DA-4548-B17B-4218883177C0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{45A83641-F91A-45C3-A390-6682F5AAD522}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{47770974-5FDD-47ED-B4B5-A3AFD11C3AA1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{477D7F28-45F3-4986-A295-5D9C3E48F6EE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{477F331B-6B89-4094-A4B6-2BCD1A1FFAD3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{47B6ABA6-CB88-4BB6-A8E6-A4DDA3FE3E71}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{47D4FB10-9FB2-493E-88FB-ABD21133552C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4845452C-029F-41ED-A8F3-D1F963EB32CD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{488FEEF1-870A-4084-A37C-35696514DB5F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{493EA7A1-B1EC-44D4-8387-43CE26C2BFAA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{49B11D8A-E4D4-402B-B9DE-F43DF05D720D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4B107819-87C1-4B04-BB43-961640798FCB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4C46DB88-CC02-486C-94A9-D249657B280B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4C94D539-F92E-471C-AEDE-D82F51AD973A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4CA11F4D-577E-4398-96EF-1A8458716E89}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D028AC0-CF28-43B2-BFC5-954639E4461F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D3D7A5C-9322-4414-95E2-4861AD991E80}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D6F2BD8-3B89-48A8-BB96-57AB6B5F9005}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4D89F918-B3B0-4FF6-A642-DAF9E2D57C4B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4DC5237B-63DC-497B-AD02-8CC161F7C98C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4DD262CA-29E6-4998-AF59-3051A37621DC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4EF0C8E6-EC09-4C65-AAB3-200B587DFE5C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{4F122539-D6B7-4FF1-BEDF-F703B7F6F5B4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{50248711-5E8E-4E5D-BC10-A1542AA28DAB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{506EDB7C-4720-45D7-8C70-D0A75A590E6B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5097FC00-BDC7-4F6F-9471-D44186A0711E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{527D9766-53BA-4B07-8D6A-F83360B1501E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{531AE739-6EDC-4DC9-973A-DA75F52E909A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{533E510B-3AB6-4E04-ABB1-133B01B7053A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{547D51CF-2444-4526-879D-ADDB62F0157E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{55588D7E-1613-418F-A4FC-525AD34F5762}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5573C80E-5B4A-472B-BC0B-302F1BD25078}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5582EF60-E53D-4AE2-8B60-9B29F7E13DBA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{577D7F21-14E4-473B-B306-F3E34DD27E3E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{57F7A463-F303-495C-8CAC-90671441768C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{59395F72-6FCD-4851-B55C-E6C4997B6F49}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5941641E-06F7-4DFC-888C-BAF309874D38}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{594933BF-8FFB-4EA7-81BF-A88E9324FD13}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{59DF26CE-8D11-41DA-915E-D535DB8457CC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5AA202FA-265A-43AD-B8CF-847E017BC776}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5CF3F74E-94D9-4F9A-92E4-27795F48CA8D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5F43D5CC-8969-4AAE-A1A1-E973EC751DDF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{5F50A415-13AC-4164-A155-DFF58DA488F0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{604EEC63-3BB2-4CAC-BAC5-4777D916BCC8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6053D5E1-3747-4B44-ABEC-3AE5C1384485}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{60595BAC-A5C4-4150-A600-3E24DA372160}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6239C832-3DE5-4FD8-83D7-610647CD1BC4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{63C67B8C-4DC1-4D69-9C86-AC99BDAB474C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{640227EF-6F27-4BDE-851F-9157BAFE4601}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{65108C9E-5B04-42F4-9F48-30887102B05D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6545B603-D0C0-48B8-BF50-570BE4056CDC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{65A9BC93-51A6-479F-9B72-97320FA0973C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{665E6FCA-2ABE-46F8-BA06-CA9A7808A396}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{668CEC6B-F9C6-4870-AD2D-6E329BDE2BD8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6703210A-0955-4B83-98A7-A3E38F0632EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{673C202E-0E67-4E95-83E2-8F874A5794FF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6C0CBE5E-F9C5-4214-AF2B-F0993EE609DC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6D4B1CFF-9CFE-4A2B-8B8E-6936AE9ACC78}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6E653407-21EA-44FC-BF66-A0DB0AE180F7}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6F95DFF0-B631-4EF2-8E66-84760FB1E276}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{6FA30EF0-3752-4463-9D7D-2CC83BDFAB8B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7010D07A-C341-41FA-8EC1-C044AC6F99A9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7049A0CC-E467-4EC5-BB62-AAEAD7C96483}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{709FBB10-E62E-479E-AC5C-80561A96C3F4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{71AF54BE-8605-4E7D-AE56-96B1CB953495}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{71C170C4-4732-4EAB-A875-1C46D2196A26}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{73083A85-A359-4C8A-9C07-098ECF0F041B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{730F399F-34C4-44D0-9A5E-5FAC0FBCA9FE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{740A1E65-BB9E-49BF-8786-0B7049E07F98}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{744C7F61-1CFC-4A71-AE3B-16BFC617436E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{748392CC-413A-454E-9C0D-31E4D9CAF019}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{74C691DF-975D-4377-B553-F06E365267CD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{74FA463F-28E4-4C71-BA55-1BD7DF002751}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{75D0177D-FC9A-45B6-AB00-A960E6806553}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{75ED2CFD-ED22-456B-902B-B9DE3704707E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{763035DF-D37C-473E-939E-A0DFEB949CAC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{76426598-501F-4F19-A9C3-2C8B4C1BE72C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7676DFAC-C1CB-4257-BDCD-F14C31BF3A8D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{76D87E10-F55D-448F-9C57-710BA1FF8324}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7769F2C4-441E-4064-A46C-849EA7DAE835}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{78F3AE44-F881-42D7-BADF-8941952087A8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7933B5EA-958E-49DE-A156-805A7C2333BB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7972818B-32AD-42D2-9C67-762FF3024E33}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7B168315-FFAC-49A0-9EE0-9356C3D10B1E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7C39A994-2828-4C98-A363-659AF9A585EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7C6973D0-88D4-4104-B1C1-83AB1D5256E3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7D2B5804-7A3B-4681-A599-5DBA7C949B2A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7DB810F1-53BF-4650-990A-8B1B5240E513}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{7FD0510E-95F8-4106-928C-F89C3AA3324F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8048DDAA-1801-4E3E-9B24-28D714212621}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{80BD2C17-BA74-4D08-94BF-8118512AFBEE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{811DCB32-7212-4792-8E33-CFC6BB79A363}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{81DEC592-F853-4965-AD9C-CA46265E4057}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8220D477-7121-44C2-BB16-5A89B0A44C96}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{82E60B56-8BC7-4DB7-BD78-2D3D0D0A6853}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{83548883-C7BE-40F1-ACFD-0144A982C1DB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{83709E14-0823-481C-923D-E53ED30B85D6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{84A62F6A-EB2B-4F9D-B29C-4AD0A38FE6D8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{870B17AD-8694-4B60-9C57-18C418FEAE42}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{872B9F9A-C98D-44D4-B85A-EEBEC11F30CF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{88F0D6DF-FAA5-42B3-9C74-10705E7B41F3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{89BA8501-C4A8-4579-9120-5B4D5790D7D5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8A26FF28-0E57-46B6-A73B-6451CE297544}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8B083979-F445-47FD-A667-3E4768B936C1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8B5BF9F6-8DDB-46AA-83E8-4DA3C25FDC53}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8D37BA46-AB48-462E-96C5-60D0B3418107}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{8ED5CEE9-823D-489F-8B3A-5927E787BB24}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9077C2FD-390A-4EB8-8039-47560034DAF2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9095AC97-400A-4E6A-9E4A-57DE0CFF8BC8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{91073BD4-907E-4DCA-8F9E-4FDC09D1D9B6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{91840547-4FEF-45E0-B713-74B9A5FEA8BF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{922A6F5E-5E67-4210-88AD-0BE8D64D816C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{92612F5A-8F32-4EC4-97A7-6EDD94E2D40E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{92B26CAE-BBBF-4AEF-837E-F9BDCBB4FE9A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9346D344-4708-4C11-81CC-1916934E9DE7}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{94E9028D-DEEA-4753-83C5-41FEB97A3F07}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{95094EB3-F904-4585-885C-8C2DE1DCF2FF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{953A0AE4-1D6D-45A8-B8E3-800576D7BD6D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{95EDF56C-7462-42EE-9DED-386D62215DB8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{96E02777-9DDF-4979-ADAE-BE0C132F785F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{97805523-DAD6-4FC9-B7F3-1B9486A76E75}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{97850C16-EE2A-470C-AA01-8577C6FA21EF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{99451257-48E1-45E3-A1D9-99B7B2C71E18}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{994BC187-87A4-4DFB-9722-8001699102EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{99EE8152-59F0-4A80-B128-4970A098B50B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9B37633D-4E18-4B86-90C0-7EC60FE91F3E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9BA3ABDE-9047-4685-9806-C77416F3284B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9C651803-B06C-454C-BBA9-23E34AB968AD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9C91A542-345E-47F6-8D03-CA8E3D0AFDCA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{9E32BA96-776A-46E9-BC32-5291D5C4BA49}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A065FE43-C94E-4392-9116-7509FF79F270}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0A3658E-2629-40DF-9C59-BF3CA136187E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0AC8C93-CEAD-46D6-AF45-1598653BBA59}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0B6E762-DF50-4D1C-B83E-7114B3D65A82}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A0F670C4-97EB-47E3-BEBC-831239E4AEBA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A14E8279-3773-4658-B06B-55982219969F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A16A39F9-66E3-42D8-92D7-9DDD09A7686F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A1BCD1FB-6656-4A4E-9543-AC2F27BFF617}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A26FB9F1-E90A-4B28-B50A-9D8A92852A06}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A27E485D-35A1-4EC1-B924-F780F0C6BF7D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A30F3249-0F10-4E5C-B919-AC89E99FD80D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A357414A-B340-410C-BC00-BC3D1DD981A4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A4215FD9-51CD-4972-BB6D-44CBA89C2CD6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A59E0E66-CD14-4377-92BC-30F56846D979}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A5DED67E-3DED-4903-AA34-6F4350E162D2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{A62FD38C-E225-496B-AB75-865B635769EA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AB75A163-D336-44C8-BDFD-BA706ADDE0EC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AB96AC0C-AFA5-4BC2-8E0F-17927253C3A1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AD88E338-BEC0-42FF-99DD-B9FBA9DF5E8D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AD8BEFBA-0A61-4853-9FC6-182CDE04F243}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{AF21D35E-3E0D-4394-8999-0DDC8E85B66A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B0636CC2-C0F3-4CEF-A063-BC92949F3528}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B12A47C7-0F79-47E3-976D-715D8D36D8FA}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B15CE60A-67D7-4356-B519-2123D43D2B52}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B4B6B3E8-9EC7-4CF9-A893-6A87B952C309}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B4C06B2F-4B46-4ABE-B25A-E9B7925A5D63}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B8C106E1-A50B-4EAA-B2AE-B8AE57A2CB2D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{B94D1E52-5F7F-46C7-8502-F9412470536A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BB944719-3AEF-4365-9018-88E6845AB032}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BBDC4A43-BDF1-462B-9E1D-6797437FFA2B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BC72AA78-B475-47C5-9A8F-C3E2B9D0D78C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BCC1DEE7-811C-427E-A682-32C18D320647}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BD9F4ACA-5D20-4EFC-8FB5-AB16099C44BF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BE76261E-FD9E-4E7A-8F0B-9D37CE52DE0F}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{BFFD10BE-7E0C-458B-A148-E74C46AB47E1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C0DE697D-4321-494D-84C3-101FEF1CCEAD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C1657676-1E13-46AF-B1A5-4B72A6C469F7}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C1A388B3-BABA-4480-8693-388271925238}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C4654CA3-0677-4254-B12B-41876699C3DC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C718ED6F-E3D9-4BC0-83B9-07B97A31B63A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C76B74AB-9791-46AB-98D5-9C98C454ECB8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C7F033B0-5D67-4B92-984B-115D11DB42CE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C8282C62-A920-4ECB-B527-5556A8285DEF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C860BA65-EC28-4F70-9CB4-EF80616E9DBD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{C9D616B7-7824-4D36-BD16-B60EFD363115}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CCA34FB4-3B38-4C34-8A35-1A686ED51762}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CDD81BA7-9BB1-4BA4-82F1-8262D1F4BD5E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CED85AEC-4832-4F08-97D8-855E0D73EA91}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CEE4A592-A4C0-44D4-9411-D3FD4C525451}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{CF3E55AB-1AD2-4972-97D3-19F349A06B69}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D05EB8FD-043A-4B04-B247-57A1F24FF0A9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D1425202-23A7-4CD0-9B12-49B334331ABD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D227B1CA-393A-49AC-BA72-873A29DEB787}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D2A19982-8A71-4391-B0BB-BEB57F8EB8C6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D338AD4D-1069-4B70-A27C-0954EEFFA2F5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D3C1F07C-CF97-429B-89F8-6DB852717CDE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D48818A8-04A7-43DF-AE2D-CAE42316A833}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D5362636-34DB-409C-AF77-FF725B8DE2A8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D638DA13-D1F1-4DEE-9605-1FC0F38DA200}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D6659E9C-C910-4FC1-A42C-4C964269CEE6}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D6C17213-8204-4180-AF82-29DA335094B0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D72CFF3F-75AD-4C29-8598-F672E1184CEF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D8E61CEE-E4B9-4133-9B67-9C65AA3BD1DE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{D911BD70-FBCB-41C2-A74B-E6B33ADA398B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DB4CA4D4-32E0-4E01-9BA1-367F2847DB62}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DD1215A2-984D-4A65-AFF7-52626E078AAE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DDC91DC3-49D8-4239-821E-361ABB4392F0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DF684868-FD87-423C-933A-3D25BF22DA56}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DF7FBA30-904A-4115-8F6F-38302B66EE2A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E084171E-0F38-4A56-93EC-C84483FF084C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E09E249F-1650-403A-9125-2BC0BF9287F5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E10964CF-0D4B-4FAB-A5B9-12FE5D673F4A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E2AEC35E-1002-4E4E-9B6D-19002389D47D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E2F5B71F-4A8A-4351-B729-3D5B24EF1EE9}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E34FA9AB-3AC3-4020-ADC2-614BECEED81B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E398D608-8CE7-41E9-9FF0-B64D60B49C2C}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E3A1427E-FD7F-452A-B955-7976B8E54C12}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E4BFDAB6-4338-4237-AF56-C3C1897E8A6D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E5AEFD7C-049C-42AD-AA71-2214BDF3C618}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E62EE511-8100-434C-B88C-D942F7FF9693}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E6B91043-F912-416D-93D2-0908C4909FD8}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E90A8AB1-7B63-4EF7-A510-74C2F5D88359}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E90FC638-63CB-41CC-BEA2-FEB641ABB5E5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E9DBB0DD-C3BF-4F54-9B89-16A76337C035}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{E9FA23A3-6BFE-42BB-8D5C-96C34362C30B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EC8333BC-FD10-496C-A01A-70E95C8D4E06}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EC843C66-93C9-42F8-8D5D-F2EA09C03600}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{ED8011B6-B0EF-48FB-9E23-04BC7D87B2C2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EE874BC3-31AF-422D-B2D3-1B439436BE8B}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EED77C57-08EB-4E3C-A3AE-7805777DCF16}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EEE859FE-63D3-426D-890F-F331113DE78E}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{EEFA4A04-5801-4C21-AD6F-D776C46CA466}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F1F9798C-C510-4989-AF5B-45308F4EE4EB}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F2641632-A84F-4502-9C6F-9623AD2CB1C2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F26AF65B-2CE1-48BD-AFFB-AC0EE8DF8957}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F286039B-B1CC-48E2-8184-F43DFD1AA362}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F2BDC12A-8B5B-4A55-A590-70A9D4B107C0}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F3831173-7D36-4524-903C-4A78633061E3}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F3C5D3F9-AAFD-4ACA-8EE6-560E49AA7FDC}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F444C41C-AA94-4F61-B311-DC9FA1414261}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F50D3B26-ACF4-4379-9E7D-4F82C3C3E02D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F518C9F3-089D-4ADA-86DF-F6C16709AB20}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F5580B68-DC4C-465A-B627-4E79CAE85376}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F57B3EE1-739F-4704-B8AB-7814D6E0EEFD}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F58EC7C3-FEC0-4DCB-8364-AEBCCE3F7380}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F72DC7DB-D324-4D37-BE38-4392C85AE5A1}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F790D17D-2A75-47E6-A1EF-D45218250FCE}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{F92EEADD-6F55-45B1-A86D-0B0A4B844A86}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FA5B85C5-6039-4133-91EE-204E49A58FD2}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FA854CAB-33E7-44FB-B1BB-EE209E408FCF}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FB91FC56-9F63-4343-8656-405F0DE71BF5}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FC4BD25A-DF4D-4A4D-A3C4-75AD56D8092D}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FC5DF3FB-3ED2-4331-B62F-070F07C82467}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FDA4FF75-9A17-4844-BDE7-75459CB1E7F4}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FDF815A5-876C-44AD-A76E-7C299AC9882A}
    Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{FF9C63BB-E384-4E31-A941-3A2E7BCEFFBD}



    ~~~ FireFox

    Successfully deleted: [File] "C:\Users\Robin\AppData\Roaming\mozilla\firefox\profiles\1sryxlu5.default\extensions\503b6c9f609fa@503b6c9f60a33.info.xpi"
    Emptied folder: C:\Users\Robin\AppData\Roaming\mozilla\firefox\profiles\1sryxlu5.default\minidumps [537 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on do 06-06-2013 at 20:31:14,16
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Posted 6/7/2013 7:55 AM
    #95722
    User avatar

    Touch Advanced member

    Date Joined Nov 2016
    Total Posts: 12976
     

    Download Ccleaner:
    [color="#0066cc">https://www.filehippo.com/download_ccleaner[/color]

    Click on ->

    Download[color="#008080">
    [/color]Latest Version”


    [color="#0066cc">[/color]
    [color="#0066cc">

    to your desktop.



    Double-click mbam-setup  and follow the prompts to install the program.

    At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform full scan, then click Scan.

    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click Remove Selected.

    When completed, a log will open in Notepad. Please save it to a convenient location.

    [color="#0066cc"]https://sourceforge.net/projects/hjt/[/color]



    to download HJTinstall.exe

    Save HJTinstall.exe to your desktop.

    Double click on the HJTinstall.exe icon on your desktop.

    By default it will install to C:\Program Files\Trend Micro\Hijack This.

    Click I accept

    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.

    Click Save to save the log file and then the log will open in notepad.

    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ?


    [color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

    <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
    [/color]
    Do not PM me with logfiles. They will be deleted.


    • Unread posts or replies
    • No unread posts or replies
    • Unread Posts (Read Only Forum)
    • No Unread Posts (Read Only Forum)

    Forum Information

    Currently it is Tuesday, October 24, 2017, 1:07 PM (GMT +2)
    There are a total of 61,425 posts in 13,513 threads.
    In the last 3 days there were 2 new threads and 8 reply posts.

    Who's online

    This forum has 38,104 registered members. Please welcome our newest member, feargal.timon@simulation.ie.
    There are currently no users on-line.
    We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.