Hi Eagle,
I've run the scan and attached the file in the initial request, along with the FRST logs.
Here is the results of the ZOEK in txt:
----------------
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Jordan on Thu 06/11/2015 at 10:02:56.93.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jordan\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-06-10-191717.log 72399 bytes
==== System Restore Info ======================
6/11/2015 10:03:42 AM Zoek.exe System Restore Point Created Successfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default
user_pref("browser.startup.homepage", "
https://www.yahoo.com?fr=hp-avast&type=odc179");
user_pref("browser.search.defaulturl", "
https://search.yahoo.com/yhs/search");
user_pref("browser.search.defaultengine", "Yahoo! (Avast)");
user_pref("browser.search.selectedEngine", "Yahoo! (Avast)");
user_pref("keyword.URL", "
https://search.yahoo.com/yhs/search");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"
wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [08/01/2014 09:04 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jordan\AppData\Roaming\Greyfirst\Celtx\Profiles\ckxseiu5.default
- Blackened - C:\Program Files (x86)\Celtx\extensions\
messagestyle-blackened@addons.instantbird.org
- Default Shot Palette - C:\Program Files (x86)\Celtx\extensions\
default-palette@celtx.com
- Depth - C:\Program Files (x86)\Celtx\extensions\
messagestyle-depth@addons.instantbird.org
- DOM Inspector - C:\Program Files (x86)\Celtx\extensions\
inspector@mozilla.org
- Minimal - C:\Program Files (x86)\Celtx\extensions\
messagestyle-minimal20@addons.instantbird.org
- MSN-Smileys - C:\Program Files (x86)\Celtx\extensions\
emoticons-msn-smileys@m513901.de
- Timezone Definitions for Mozilla Calendar - C:\Program Files (x86)\Celtx\extensions\
calendar-timezones@mozilla.org
ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default
- Flash Video Downloader - YouTube HD Download [4K] - %ProfilePath%\extensions\
artur.dubovoy@gmail.com
- LastPass - %ProfilePath%\extensions\
support@lastpass.com
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\i2eft6lb.default
D37150D707B71FFD9ED78CC862284367 - C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll - FileLab plugin
E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director
ECE6831D1CDFC3B76DC36B13B5E402B1 - C:\Users\Jordan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
08ACECEB47FAF053C468D8AFE44709AD - C:\Users\Jordan\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
A7CC98A3D79AB00DFF19FE9597D8CAD1 - C:\Users\Jordan\AppData\Local\Citrix\Plugins\97\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.97
96249DB82826C3CD5C4CB26001482761 - C:\Users\Jordan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.4.2\npasperaweb_3.4.2.91776.dll - Aspera Web
49D429EBF5305FC9ADD7545B7C914333 - C:\Users\Jordan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
6BEAD7859E8A087BE04556AB5A78855C - C:\Users\Jordan\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
178F30EB6105041AE4FA3943DBF40C75 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin
A27ADB900CF17F20CC5E4D8EC255876D - C:\Users\Jordan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.4.2\npasperaweb64_3.4.2.91776.dll - Aspera Web
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[08/01/2014 09:04 AM]
hdokiejnpimakedhajhdlcegeplioahd - No path found[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Jordan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[04/30/2013 09:27 AM]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Honey - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
AdBlock - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
LastPass - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Clue - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoeafobogfehcnplfbjeoabfedekhjlo
Chrome Hotword Shared Module - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Drive App Launcher - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
ruul. Screen ruler - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj
Auto Refresh Plus - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih
==== Chromium Startpages ======================
C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Preferences
y_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"
jordaninperson@gmail.com","username":"
jordaninperson@gmail.com"}},"homepage":"
http://www.google.com/ig","homepage_is_newtabpage":false,"pinned_tabs":[],"prefs":{"preference_reset_time":"13060242603903305"},"protection":{"macs":{"browser":{"show_home_button":"1F88A4A487111D961EFC5E144CAA75F6BABB180FF9B78F507ACC2443DB15C914"},"default_search_provider":{"keyword":"E9156B0C1E43FE554FACFAB8FF99EAAAB14255355A2C2FF0A2020676808D09A0","name":"325EBC88576E51F1A6918EF9A09252C43BB0CC9A3989264AE68582B49FC7CA88","search_url":"49C80734A2707A052CCC2971FA16EBE7CCF76B931E07813F9C48D6F75880A5E1"},"default_search_provider_data":{"template_url_data":"E323C3AA10C393837B48E4141B5DCDCB733823F3F71CA0B6E0309DDA43ABC711"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"86A7403E0681B7B7EA8AED55591E082893FAD62D82FD841D52F0F38922CA4AE1","apdfllckaahabafndbhieahigkjlhalf":"C4DC17FFD78CBEE3833140A272CDD4CF8CD0766AD2E12F8D3007BFB5E41FAC80","bepbmhgboaologfdajaanbcjmnhjmhfn":"FAA25F7B9B111D3D397F9F82692663119B5808CC7CF1704C68662CCAE785047C","bhoaojooagiaaiidlnfhkkafjpbbnnno":"385A3FCB4D096C51BD7E488782B44AD48FE964A84501C2E49B59B05BBC88175F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"A084272E2D1A3CB9E9CEAA08A03B6F84CF1F57F7F4329062E98FBF13C3B4A507","bmnlcjabgnpnenekpadlanbbkooimhnj":"2146084D9611BC72431E3B1730D8630338B25E77EDBC55D0E3A6D736AC4F30B3","ckibcdccnfeookdmbahgiakhnjcddpki":"7332232D22259F7D3A1083E1748F9C9138DC61E78F1EA251E2F79BCAD6AF14CD","coobgpohoikkiipiblmjeljniedjpjpf":"75ACD831D406536BED4A48F9405D99240557F7246F4626DC96F30478099E50E9","dnhpdliibojhegemfjheidglijccjfmc":"0D7D2DEDCA69447F068F4EB27D99E61715F574C0E3C718B8DEDEBA46C32AA924","eemcgdkfndhakfknompkggombfjjjeno":"F727DDDDED50A610A88F54C0188840D8D0EB54A057532BA39A3E3ABB571B64C5","elicpjhcidhpjomhibiffojpinpmmpil":"57DFD687BD9F108274B6017AA313844CF4FA52B4E7CE65DA1B22D16E9EB65C7F","ennkphjdgehloodpbhlhldgbnhmacadg":"E4EAEFD9BE310B82316E6DB4E56BA6FF3FCFBD8E6197E7AF02DDE08AC1295C22","gfdkimpbcpahaombhbimeihdjnejgicl":"09A09043526C36830BA5FE3888232E46432D2CAE019427226E88FE54807BD168","gighmmpiobklfepjocnamgkkbiglidom":"F4D46209F1DBCFB024139D55D14399A15172C27A088CCE4CFA5FB9D3574AF9CE","gomekmidlodglbbmalcneegieacbdmki":"AE4792D28F7A2045361EA2F836E93A80EABF59A9D460E7E73821D02DB92088DD","hdokiejnpimakedhajhdlcegeplioahd":"CCE87291BE8A6D97146B25F34C3BEAE851AD19BD15A8FCABF1A4929C6B8B524D","hmdbpbfpcldeegniokancfjolgpjeofc":"F7EF32469B332EF08A7F752780762D1DA7788A64A9E7D81CF78BEDCAFEF7AEE4","hoeafobogfehcnplfbjeoabfedekhjlo":"216FD9A12C79C5A4060CD2EDD3D89E18BC98F028161836B1052F8514846BAA65","kmendfapggjehodndflmmgagdbamhnfd":"068C0C1AE0774550822269544F8A50B1830F496A7DBD1FB47E92FCB157FCB9B9","lccekmodgklaepjeofjdjpbminllajkg":"65AA9F2B1359A477A9A55B4EFD1F6DCFF39AE65C5AB7D9D5AD53C9C645BD7510","lfmhcpmkbdkbgbmkjoiopeeegenkdikp":"E500544217B1EFBA48C22A2FABF42BC2D8B42681B078D226A6FC4D8644D3BE37","lgiedegfmekolcplboelnmfoiefpcpfg":"39BEF285794802BEAD2F9E1D1DDEB0B73CB2DE181BA9E0E7F415A73A1CEA41D0","lmjegmlicamnimmfhcmpkclmigmmcbeh":"F7039812490DD64270224C60D3D8F01312732EE3C2951BA93C709ACCD070D27B","mcbpblocgmgfnpjjppndjkmgjaogfceg":"F36DC90D2CFAA53FF7A7408E6EFFBC2AC3A3B2F1D2E6B251586EDFC634590848","mfehgcgbbipciphmccgaenjidiccnmng":"B1B27DEA6FEB6832B1FFD8CB465CE2E216B16F416CBFBEC8942BD12A2E5A65F6","mgndgikekgjfcpckkfioiadnlibdjbkf":"007E709D606F9284C63531E723B2D61D3144F0F89854E19A4206D6317CFD12E5","mhjfbmdgcfjbbpaeojofohoefgiehjai":"738194D6CCE3FCD39AE11C088E0E2B9BF9BC013DD9147767C7648BFF413C1EEF","mlbnpnlmfngmlcmkhjpbfokdphfehhjj":"2AD97F54A8B43E20D9751D81B6AA82D8F6CF338A342741E156A88F128785332A","nbkekaeindpfpcoldfckljplboolgkfm":"67ED8090EF1AFFBB8D52037FFFC3468007EF266BD3EE0CEE3136B58A99369EAE","nbpagnldghgfoolbancepceaanlmhfmd":"EED51F3B1647EBCB45109DBCDE85000395A11B862BA85F3D70D34C42238FF7D0","neajdppkdcdipfabeoofebfddakdcjhd":"5A9A09A4F90CB204A604D16D35BA8728374831CF27A00383190B1853CF805E29","nkeimhogjdpnpccoofpliimaahmaaome":"742B66E1F8766DA5A16889A3B7BC1E63338F8CBCB7496EE8DEE78976BA9A016F","nmmhkkegccagdldgiimedpiccmgmieda":"3FE7E85FB5F4A6A2648B091C8D3A0F411608E53BFB155F087036D6075F4DD028","oilipfekkmncanaajkapbpancpelijih":"49180C8CA6BBE41605409B740C7B170D33CEE1AF7ACCCB773E81A7971F43CDC9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"AA25939E814CD0608638C65B2B812CA08E0DF80C3C844C0A7FFAFC4552A76EE1","pjkljhegncpnkpknbcohdijeoejaedia":"94609C4F9B2F1BC68385D5F62AAEF802AB4424A4ADCA40E569383AB9ED959D74"}},"google":{"services":{"last_username":"522CD382ED5A321DB45CD8D21FBAE1DA44FDD8ACD48241E41B89F362BEF61BC7","username":"4D7E5D68562525BE412474F55C7592862CD2F625DE9076832138410B419FB81E"}},"homepage":"E0579D450459BFB38340F693ED131C099686985ED23C97119B16D90E95EDBB07","homepage_is_newtabpage":"FAB1104916CEA9BEC45FD59CC9B954A4EC56F23168BBA5C7E3EEFDFEA14667DA","pinned_tabs":"32550843F10C5AD92B8085AB648FE8E05E0896D0496DA8EF2DC0F2C65957138D","prefs":{"preference_reset_time":"1FF7A43954C59E5947D9A78542E77A4BCC5F795825506E77C98D6005AA4AC7B4"},"profile":{"reset_prompt_memento":"2050CD99D165E969C45282792B979BA0463DD909D6E0616393050A7FA53012ED"},"safebrowsing":{"incidents_sent":"FB928B60E5756E7A73866CF11C58EDBF72A5E809022EB759E101D01E5F1E558A"},"search_provider_overrides":"0E755E93F62B456C6D92833612764C8B7A8FA16A979D481CFEAEACCC43DCF8C9","session":{"restore_on_startup":"A7A06B9C79BE3D7F155B53BE65627D3A015A39DBCF32180947AA673FA7354BA8","startup_urls":"0DFB1E715E004903B2CF8384B9BE62D7D89189210285243E32ED4E1BCB02EB78"},"software_reporter":{"prompt_reason":"9DAE99D8CE428ABB6BBBE4E164A99C4E858711AAD26610BEFE910A35BB167B84","prompt_seed":"369810B2F06B26EFE1ADDA8DB45427D6C91B9912CC2CBB70A75809302BD3D1AC","prompt_version":"9C0401D9BC057BB7984A5CFAA5ACBC56976B0449B762522D5707F7A01570648D"},"sync":{"remaining_rollback_tries":"3B6FD9B56CBE03987A7BBFE2796F9D13231725EF45386F20E4B15D5D70548BBD"}},"super_mac":"FB1FDA1A4B79AB6A472CCAD2CB4EB049BA1E72A255A7D906241B7D9A091001D4"},"session":{"restore_on_startup":4,"startup_urls":["
https://www.facebook.com/"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{62122C7F-AD61-416B-AE08-DB4FB42C65E1} Google Url="
http://www.google.com/search?q={sea...ng?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS381"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="
http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jordan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\postgres\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Jordan\AppData\Local\Mozilla\Firefox\Profiles\i2eft6lb.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2059 folders=270 405363428 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jordan\AppData\Local\Temp will be emptied at reboot
C:\Users\LogMeInRemoteUser\AppData\Local\Temp emptied successfully
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Jordan\AppData\Local\Temp successfully emptied
==== EOF on Thu 06/11/2015 at 10:22:21.15 ======================