
Zoek.exe v5.0.0.1 Updated 05-November-2015
Tool run by Stephanie on do 05/11/2015 at 20:58:43,22.
Microsoft Windows 10 Pro N 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stephanie\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

5/11/2015 20:59:30 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\03000200-1445740342-0500-0006-000700080009 deleted successfully
C:\PROGRA~2\be3c4786-834f-4330-88da-6f9473809b1f deleted successfully
C:\PROGRA~2\proxysurf.com deleted successfully
C:\PROGRA~2\RCP deleted successfully
C:\PROGRA~2\TomTom DesktopSuite deleted successfully
C:\Program Files\log deleted successfully
C:\Program Files\Common Files\Goobzo deleted successfully
C:\PROGRA~3\374311380 deleted successfully
C:\PROGRA~3\4WinManPro4 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Jenthe\AppData\Local\gmsd_be_005010129 deleted successfully
C:\Users\Jenthe\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Stephanie\AppData\Local\Adobe deleted successfully
C:\Users\Stephanie\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Stephanie\AppData\Local\EmieSiteList deleted successfully
C:\Users\Stephanie\AppData\Local\EmieUserList deleted successfully
C:\Users\Stephanie\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} deleted successfully
HKEY_USERS\S-1-5-21-2897011901-2098946297-3000585223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nethfdrv deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSFK deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBIUpd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBIUpdd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.42.1.2687 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Jenthe\AppData\Roaming\Mozilla\Firefox\Profiles\v0x1dtva.default

user.js not found
---- Lines mystart removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "mystartsearch");
user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/favicon.ico");
user_pref("browser.search.searchengine.name", "mystartsearch");
user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=ds&ts=1440357820&z=e4a738f193630d871801c07g1zezde6cfw4mbm1g6g&fro
---- Lines quick_start removed from prefs.js ----
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- FireFox user.js and prefs.js backups ---- 

prefs_20150511_2115_.backup

ProfilePath: C:\Users\STEPHA~1\AppData\Roaming\Mozilla\Firefox\Profiles\pa1ph89c.default

user.js not found
---- Lines {cc6cc772-f121-49e0-b1f0-c26583cb0c5e} removed from prefs.js ----
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.config_sm", "1411069088104");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.installtime", "1411069085.934");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.isFirstRun", "false");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.is_bundle", "true");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.last_version", "");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.server", "https://s7921.webovernet.com");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.src", "7921");
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.toolbarButtonInstalled", true);
user_pref("{cc6cc772-f121-49e0-b1f0-c26583cb0c5e}.user_id", "CEDA1688-E045-4ED9-B92E-68AF1B2EC4D5");
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._b7Members_.lastActivePing", "1445738557228");
user_pref("extensions.toolbar.mindspark.lastInstalled", "mytransitguide@mindspark.com");
---- Lines delta removed from prefs.js ----
user_pref("searchreset.backup.browser.newtab.url", "http://www.delta-homes.com/newtab/?type=nt&ts=1434085226&z=6df10200d6faa515d1c41ddg3z8cazde4bfwao2
---- Lines quick_start removed from prefs.js ----
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- Lines istart removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "istartsurf");
user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/favicon.ico");
user_pref("browser.search.searchengine.name", "istartsurf");
user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=ds&ts=1445742258&z=2d6f773dfa03e6072eddeceg7zfzfwcm6z6o1e2gdg&from=f
user_pref("browser.search.selectedEngine", "istartsurf");
---- FireFox user.js and prefs.js backups ---- 

prefs_20150511_2115_.backup

ProfilePath: C:\Users\STEPHA~1\AppData\Roaming\TomTom\HOME\Profiles\8qfq9f4u.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_20150511_2115_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\03000200-1445740342-0500-0006-000700080009 not found
C:\PROGRA~2\be3c4786-834f-4330-88da-6f9473809b1f not found
C:\PROGRA~2\proxysurf.com not found
C:\PROGRA~2\RCP not found
C:\PROGRA~2\TomTom DesktopSuite not found
C:\PROGRA~2\Exploremedia deleted
C:\Users\Stephanie\AppData\Roaming\TSv deleted
C:\Users\Stephanie\AppData\Roaming\istartsurf deleted
C:\Program Files (x86)\ShopperPro deleted
C:\windows\SysNative\Tasks\2pP deleted
C:\Users\Stephanie\AppData\Local\18842 deleted
C:\Users\Stephanie\AppData\Local\7397 deleted
C:\PROGRA~3\Adobe deleted
C:\PROGRA~2\COMMON~1\Config\uninstinethnfd.exe deleted
C:\PROGRA~2\Bench deleted
C:\PROGRA~2\SFK deleted
C:\PROGRA~2\COMMON~1\Config deleted
C:\PROGRA~3\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat deleted
C:\PROGRA~3\IePluginServices deleted
C:\PROGRA~3\8WinManPro8 deleted
C:\PROGRA~3\IHProtectUpDate deleted
C:\PROGRA~3\SearchModule deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jenthe\AppData\Local\gmsd_be_005010126 deleted
C:\Users\Stephanie\AppData\Local\proxy.log deleted
C:\Users\Stephanie\AppData\Local\Gameo deleted
C:\Users\Stephanie\AppData\Local\MyBrowser deleted
C:\Users\Stephanie\AppData\Local\03000200-1445743979-0500-0006-000700080009 deleted
C:\Users\Stephanie\AppData\Local\AVAST Software deleted
C:\Users\Stephanie\AppData\Local\BenchUpdater deleted
C:\Users\Stephanie\AppData\Local\Systweak deleted
C:\Users\Stephanie\AppData\Local\Installer deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage deleted
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\SysNative\roboot64.exe deleted
C:\Users\Stephanie\AppData\LocalLow\Protect deleted
C:\Users\Stephanie\AppData\LocalLow\{6C85A1C9-0F93-4B46-BE67-D409D64C7E67} deleted
C:\windows\SysNative\rsrcs.dll deleted
C:\windows\SysNative\Tasks\SPDriver deleted
C:\windows\SysNative\tasks\ASP deleted
C:\windows\SysNative\tasks\Smp deleted
C:\windows\SysNative\tasks\SMW_UpdateTask_Time_323431363436303932372d50372d5a456c37325a347841 deleted
C:\END deleted
C:\windows\SysNative\drivers\nethfdrv.sys deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\STEPHA~1\AppData\Roaming\Mozilla\Firefox\Profiles\pa1ph89c.default\MyTransitGuide_b7 deleted
C:\Users\STEPHA~1\AppData\Roaming\Mozilla\Firefox\Profiles\pa1ph89c.default\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jenthe\AppData\Roaming\Mozilla\Firefox\Profiles\v0x1dtva.default
user_pref("browser.startup.homepage", "https://www.google.be/?gws_rd=ssl");

ProfilePath: C:\Users\STEPHA~1\AppData\Roaming\Mozilla\Firefox\Profiles\pa1ph89c.default
user_pref("browser.startup.homepage", "about:home");
user_pref("searchreset.backup.browser.startup.homepage", "https://www.google.be/?gws_rd=ssl");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"jid1-r1tDuNiNb4SEww@jetpack"="C:\Program Files\AVAST Software\Avast\pam\FF" [04/11/2015 22:32]

==== Firefox Extensions ======================

ProfilePath: C:\Users\STEPHA~1\AppData\Roaming\Mozilla\Firefox\Profiles\pa1ph89c.default
- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- Modify Headers - %ProfilePath%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\STEPHA~1\AppData\Roaming\TomTom\HOME\Profiles\8qfq9f4u.default
- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\pa1ph89c.default
863AF0003392FEBC2667A8A790DED955	- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll -	Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Jenthe\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.80

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/11/2015 22:30]

ShopperPro - Stephanie\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd
Avast Online Security - Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Fix ======================

C:\Users\Stephanie\AppData\Local\BrowserAir\User Data\Default\Extensions\oglkphaaklhadjmojangahdlganfbajd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3PyFZxIQga013_q_YAueZXAAdSt-cYvUB154ts6A9ZtQFRDjM6xF8V5aUgy1XPNqgQGvwCMWWgPHrMlcdMZjH9UKlbavXMycXHeh7pH5mX5JPh6dIaH-BIWgXZvr05vbPOykTw-bw_e73w,&q={searchTerms}"
"SearchAssistant"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3PyFZxIQga013_q_YAueZXAAdSt-cYvUB154ts6A9ZtQFRDjM6xF8V5aUgy1XPNqgQGvwCMWWgPHrMlcdMZjH9UKlbavXMycXHeh7pH5mX5JPh6dIaH-BIWgXZvr05vbPOykTw-bw_e73w,&q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{272A191E-E359-4E56-AA6E-36D5904EA6CE} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google  Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{E4D03422-D07A-4609-89C3-705974F05472} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\quick_searchff@gmail.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\sweetsearch@gmail.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\default_newtabff@gmail.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\defsearchp@gmail.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\deskCutv2@gmail.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Jenthe\Desktop\VisualBoyAdvance - Snelkoppeling.lnk - S:\GBA\VisualBoyAdvance.exe 
C:\Users\Stephanie\Desktop\Dropbox.lnk - C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Stephanie\Desktop\TeamSpeak 3 Client.lnk - C:\Users\Stephanie\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Stephanie\Desktop\Visual Boy Advance.lnk - C:\Users\Stephanie\AppData\Local\Visual Boy Advance\VisualBoyAdvance.exe 
C:\Users\Stephanie\Desktop\WINWORD - Snelkoppeling.lnk - C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Apps.lnk - C:\Users\Public\Libraries\Apps.library-ms 
C:\Users\Public\Desktop\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 
C:\Users\Public\Desktop\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe 
C:\Users\Public\Desktop\Canon MG2500 series Schermhandleiding.lnk - C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MG2500 SERIES\Dutch\Info.egv"
C:\Users\Public\Desktop\Canon Quick Menu.lnk - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE 
C:\Users\Public\Desktop\Cold Turkey.lnk - C:\Program Files (x86)\Cold Turkey\Cold Turkey.exe 
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLauncher.exe 
C:\Users\Public\Desktop\De Sims 4.lnk - S:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe 
C:\Users\Public\Desktop\Discworld II - Mortellement votre.lnk - C:\Users\Stephanie\AppData\Roaming\Abandonware-France\Discworld II - Mortellement votre\Disc2.bat 
C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\LimeWire Music.lnk - S:\Program Files (x86)\LimeWire Music\LimeWire Music.exe 
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Public\Desktop\Origin.lnk - S:\Program Files (x86)\Origin\Origin.exe 
C:\Users\Public\Desktop\Picasa 3.lnk - D:\Picasa3\Picasa3.exe 
C:\Users\Public\Desktop\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe 
C:\Users\Public\Desktop\The Sims Medieval.lnk - S:\Program Files (x86)\Origin Games\The Sims Medieval\Game\Bin\TSM.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Jenthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\OneDrive.exe 
C:\Users\Jenthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1440357820&z=e4a738f193630d871801c07g1zezde6cfw4mbm1g6g&from=cornl&uid=ST1000DM003-1ER162_Z4Y0AA2AXXXXZ4Y0AA2A
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Stephanie\AppData\Local\Microsoft\OneDrive\OneDrive.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir\BrowserAir.lnk - C:\Users\Stephanie\AppData\Local\BrowserAir\Application\BrowserAir.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator\Download Games.lnk - S:\3ds\+R4-3DS-Games.htm 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator\Help & Support.lnk - S:\3ds\+Emulator-Help.URL 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator\NoGBA Emulator.lnk - S:\3ds\no$gba.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator\Play R4 3DS Games.lnk - S:\3ds\no$zoomer.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator\Uninstall R4 3DS Emulator.lnk - S:\3ds\Uninstal.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE /tsr
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Users\Stephanie\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - C:\Users\Stephanie\AppData\Local\TeamSpeak 3 Client\Uninstall.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abandonware-France\Discworld II - Mortellement votre\Discworld II - Mortellement votre.lnk - C:\Users\Stephanie\AppData\Roaming\Abandonware-France\Discworld II - Mortellement votre\Disc2.bat 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abandonware-France\Discworld II - Mortellement votre\D�sinstaller Discworld II - Mortellement votre.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoffice2010_XAdES_XL.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoutlooksnc.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cold Turkey\Cold Turkey.lnk - C:\Program Files (x86)\Cold Turkey\Cold Turkey.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLauncher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\accicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\joticon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pptico.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pubs.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Verzenden naar OneNote 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\joticon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Lync opnamebeheer.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk - C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Jenthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Jenthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Jenthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Jenthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Jenthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1440357820&z=e4a738f193630d871801c07g1zezde6cfw4mbm1g6g&from=cornl&uid=ST1000DM003-1ER162_Z4Y0AA2AXXXXZ4Y0AA2A
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk - C:\Users\Stephanie\AppData\Local\BrowserAir\Application\BrowserAir.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1445742258&z=2d6f773dfa03e6072eddeceg7zfzfwcm6z6o1e2gdg&from=face&uid=ST1000DM003-1ER162_Z4Y0AA2AXXXXZ4Y0AA2A
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1426280901&from=smt&uid=ST1000DM003-1ER162_Z4Y0AA2AXXXXZ4Y0AA2A
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LimeWire Music.lnk - S:\Program Files (x86)\LimeWire Music\LimeWire Music.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk - C:\Program Files (x86)\Picexa\Picexa.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk - C:\Windows\explorer.exe "microsoft-edge:http://www%2dsearching.com/?s=FAPztutbl012,32ce2a3a-9c0b-4e37-a921-a892ca756e9d,&prd=smw_epce&pi=3"
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1426280901&from=smt&uid=ST1000DM003-1ER162_Z4Y0AA2AXXXXZ4Y0AA2A

==== shortcuts After Repair ======================

C:\Users\Jenthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Jenthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jenthe\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jenthe\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Stephanie\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Stephanie\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jenthe\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Jenthe\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Stephanie\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Stephanie\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jenthe\AppData\Local\Mozilla\Firefox\Profiles\v0x1dtva.default\cache2 emptied successfully
C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\pa1ph89c.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Stephanie\AppData\Local\BrowserAir\User Data\Default\Cache emptied successfully
C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=525 folders=228 168752473 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\STEPHA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 05/11/2015 at 21:22:03,98 ======================