Okay THE,
Here is the results of zoek. I had to copy and paste the contents of the file because it would not upload. Thanks again for your help.
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Lionel on Sun 06/21/2015 at 20:26:32.47.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lionel\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-06-12-030719.log 16847 bytes
==== System Restore Info ======================
6/21/2015 8:29:49 PM Zoek.exe System Restore Point Created Successfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"
online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\
online_banking@kaspersky.com" [03/17/2015 11:47 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Lionel\AppData\Roaming\eMusic\eMusic Download Manager\Profiles\7uju956j.default
- eMusic - Apple iTunes Support - C:\Program Files (x86)\eMusic Download Manager\xulrunner\extensions\
dlm_itunes@emusic.com
- eMusic - Nullsoft Winamp Support - C:\Program Files (x86)\eMusic Download Manager\xulrunner\extensions\
dlm_winamp@emusic.com
- eMusic - Microsoft Media Player Support - C:\Program Files (x86)\eMusic Download Manager\xulrunner\extensions\
dlm_wmp@emusic.com
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dbhjdbfgekjfcfkkfjjmlmojhbllhbho -
https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[01/17/2012 11:45 AM]
Chrome Hotword Shared Module - Lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Mini Ninjas - Lionel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi
==== Chromium Startpages ======================
C:\Users\Lionel\AppData\Local\Google\Chrome\User Data\Default\Preferences
estinationOrigin\":\"local\",\"customMargins\":null}","savePath":"C:\\Users\\Lionel\\Desktop"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"
http://www.wyndhamhotelgroup.com:80,http://www.wyndhamhotelgroup.com:80":{"geolocation":2},"
https://tmobile.ecustomersupport.com:443,https://tmobile.ecustomersupport.com:443":{"geolocation":2}},"pref_version":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"multiple_profile_prefs_version":1,"name":"Default Profile","password_manager_enabled":false,"password_manager_groups_for_domains":[3,null,null,null,null,9],"per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Lionel\\Downloads","type":0},"selectfile":{"last_directory":"C:\\misc dsktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13034058554206209"},"settings":{"privacy":{"drm_salt":"C11150507FDADF0774E3DEA9E12BEB0DE9115E79D9A1C23FB6A3ABE25CC178BB"}},"spdy":{"servers":["lh6.googleusercontent.com:443","news.google.com:443","lh5.googleusercontent.com:443","gg.google.com:443","clients6.google.com:443","lh4.googleusercontent.com:443","ajax.googleapis.com:443","accounts.google.com:443","mail-attachment.googleusercontent.com:443","plusone.google.com:443","toolbarqueries.google.com:443","i3.ytimg.com:443","apis.google.com:443","chatenabled.mail.google.com:443","i2.ytimg.com:443","securepubads.g.doubleclick.net:443","id.google.com:443","partner.googleadservices.com:443","dl-ssl.google.com:443","support.google.com:443","static.doubleclick.net:443","googleads.g.doubleclick.net:443","pagead2.googleadservices.com:443","
www.googleadservices.com:443","lh3.googleusercontent.com:443","ssl.gstatic.com:443","accounts.youtube.com:443","fonts.googleapis.com:443","ad.doubleclick.net:443","mail.google.com:443","
www.google.com:443","themes.googleusercontent.com:443","ssl.google-analytics.com:443","
www.gmail.com:443","clients2.google.com:443","plus.google.com:443","pagead2.googlesyndication.com:443","fls.doubleclick.net:443"]},"sync":{"suppress_start":true},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false},"translate_accepted_count":{"es":0,"ja":0},"translate_blocked_languages":["en"],"translate_denied_count":{"es":5,"ja":2},"translate_last_denied_time":1431865608206.644,"translate_site_blacklist":["
www.livewell1demo.com"],"translate_whitelists":{},"webkit":{"webprefs":{"inspector_settings":"lastActivePanel:string:elements\n"}},"zerosuggest":{"cachedresults":""}}
61","username":"144FACE5906C4F447F973681F7C47CFC0B725299F31C0BE73C900991C31F0B5F"}},"homepage":"C852D2E14F5CB3D54D20A5B8359EC32E0E540ED0DE3F7ECEFA89ED80DD8C27FD","homepage_is_newtabpage":"CAE9C70C2EB1D3C440BC8973DE565E8F863587223A791546217030E5D8F4B495","pinned_tabs":"2914BCDEBF5B5FD7F020A66862DC99956997B487FE3264958588D2FD833924C1","prefs":{"preference_reset_time":"E9F625154E675D221280150E98D0E7E7E339ADDEDD6FDABA5F159DCDB7C9C12C"},"profile":{"reset_prompt_memento":"EFDF211E7AB864952C9E0866F2448D19CB18C088B2BCA15D0FB06142FBE92631"},"safebrowsing":{"incidents_sent":"9F5F8C4F0D2CBD1B9FBD033FF56316E96458C3A1F72461340A71712497DEF094"},"search_provider_overrides":"653E2FDE809581FFB734322D7C7D57E8EE91EEC3313852ECA9F95D0C745A1BEB","session":{"restore_on_startup":"B95FA4A7DD24849344B6F091B66CAC6BEBB456AFD49C3DE688F1CB888DFBB595","startup_urls":"A8C419FDBFE1DD5FE82D2850A2F60CF386C9DB9474080A083932EE603141E94A"},"software_reporter":{"prompt_reason":"6ACEFFE4CA29AA38EF25D26750E6BEF33D6DBBBB9816CA13A4304A7C1BE4F012","prompt_seed":"7C7FB288339AFE8263CBFBF4A63BCE521F30F0691F67A4094BB02479F09F3FC7","prompt_version":"72861789FB0975A51E646DE4A538636EDF50DAE67C44820424A95F11C0BF4D96"},"sync":{"remaining_rollback_tries":"68B60B9B645C53EA21378E8814E7106DB58D393006674A9ACB858DC1BD6A5AC9"}},"super_mac":"755A51A9B64D700CD15557363C953C67BA5DAF461CC92917D87FC0E1FE762D1A"},"session":{"startup_urls":["
http://www.comcast.net/"]},"sync":{"remaining_rollback_tries":0}}
==== Chromium Fix ======================
C:\Users\Lionel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_
www.mcgheeswasteremovalservices.com_0.localstorage deleted successfully
C:\Users\Lionel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_
www.mcgheeswasteremovalservices.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.comcast.net/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.comcast.net/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A524430-0EB4-416D-BBEB-14D6138C0BF0}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{6A524430-0EB4-416D-BBEB-14D6138C0BF0} Bing Url="
http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lionel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lionel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Lionel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=2 7893963 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Lionel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Lionel\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Sun 06/21/2015 at 21:27:16.57 ======================