I ran the ZOEK application and here are the results.
Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Nugents on Mon 09/29/2014 at 10:56:54.81.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nugents\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
9/29/2014 11:03:30 AM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2590863182-928995718-1613084830-1000\Software\Microsoft\Internet Explorer\SearchScopes\{505EADC0-DAF5-43C9-8ABD-A9FA60F650AD} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\Users\Nugents\AppData\Roaming\Catalina – Print Savings not found
C:\PROGRA~3\eSellerate deleted
C:\PROGRA~3\Best Buy pc app deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Nugents\AppData\Local\BcsKtYcHW.dll deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Nugents\AppData\Roaming\Mozilla\Firefox\Profiles\feaj10b2.default\jetpack deleted
C:\Users\Nugents\AppData\Roaming\Mozilla\Firefox\Profiles\feaj10b2.default\extensions\staged deleted
"C:\PROGRA~3\2df2cc470f5e5a00\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140927141401" deleted
"C:\PROGRA~3\2df2cc470f5e5a00\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140927145410" deleted
"C:\PROGRA~3\2df2cc470f5e5a00\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140923201627" deleted
"C:\PROGRA~3\2df2cc470f5e5a00\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140923201636" deleted
"C:\PROGRA~3\2df2cc470f5e5a00\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140927141339" deleted
"C:\PROGRA~3\2df2cc470f5e5a00\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140927141340" deleted
"C:\PROGRA~3\2df2cc470f5e5a00\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140927141402" deleted
"C:\PROGRA~3\2df2cc470f5e5a00" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"
smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nugents\AppData\Roaming\Mozilla\Firefox\Profiles\feaj10b2.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- Add-on Compatibility Reporter - %ProfilePath%\extensions\
compatibility@addons.mozilla.org.xpi
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\
firefox-hotfix@mozilla.org.xpi
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Nugents\AppData\Roaming\Mozilla\Firefox\Profiles\feaj10b2.default
7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]
GoSaave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
GoSaave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
GoSaave - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
GoSaave - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - Nugents\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Nugents\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - Nugents\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Nugents\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
Google Drive - Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
SiteAdvisor - Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
NexxtCouip - Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
Google Wallet - Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GoSaave - Nugents\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Nugents\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
GoSaave - Nugents\AppData\Local\Torch\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme
NexxtCouip - Nugents\AppData\Local\Torch\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde
==== Chromium Startpages ======================
C:\Users\Nugents\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "
http://start.toshiba.com/?cid=C001B2Y",
"startup_urls": [ "
http://www.google.com/" ],
==== Chromium Fix ======================
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Nugents\AppData\Local\Chromatic Browser\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Nugents\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Nugents\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Nugents\AppData\Local\Torch\User Data\Default\Extensions\khkolnhcghmffpkafhfpdhppbaiclmde deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Nugents\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Nugents\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Nugents\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Nugents\AppData\Local\Torch\User Data\Default\Extensions\ahdlahlfiilichbmlgbkandmkcokfcme deleted successfully
C:\Users\Nugents\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="
http://start.toshiba.com/g/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="
http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS438"
{E8BF4B7C-E389-4CE0-A6D8-ED66938B34C3} Google Url="
http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS438"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="
http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS438"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2590863182-928995718-1613084830-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0347C33E-8762-4905-BF09-768834316C61} deleted successfully
HKEY_USERS\S-1-5-21-2590863182-928995718-1613084830-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0347C33E-8762-4905-BF09-768834316C61} deleted successfully
HKEY_USERS\S-1-5-21-2590863182-928995718-1613084830-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} deleted successfully
HKEY_USERS\S-1-5-21-2590863182-928995718-1613084830-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0347C33E-8762-4905-BF09-768834316C61} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2590863182-928995718-1613084830-1000\Software\Mozilla\Firefox\Extensions\
smartwebprinting@hp.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\
smartwebprinting@hp.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F3BDC-0A1B-4436-A696-5939629D5C31} deleted successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nugents\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nugents\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nugents\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nugents\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nugents\AppData\Roaming\deskPDF\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Nugents\AppData\Local\Mozilla\Firefox\Profiles\feaj10b2.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Nugents\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=298 folders=82 20774568 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nugents\AppData\Local\Temp will be emptied at reboot
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Nugents\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on Mon 09/29/2014 at 16:50:03.69 ======================