wannabeageek,
I've done everything from the user account. On the programs you've asked me to run, I right click and choose run as Admin, then enter Admin password when prompted. Should I stay in Admin for all our work?
I logged out of user and into admin. The zoek log was waiting for me
Here are the results: Let me know if you still want me to run again.
fayfox
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Admin on Sat 08/15/2015 at 16:31:17.82.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\fay\Downloads\zoek.exe [Scan all users] [Checkboxes used]
==== System Restore Info ======================
8/15/2015 4:33:02 PM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Avanquest deleted successfully
C:\Users\Admin\AppData\Roaming\GFI Software deleted successfully
C:\Users\Administrator\AppData\Roaming\VIPRE deleted successfully
C:\Users\Default\AppData\Roaming\VIPRE deleted successfully
C:\Users\fay\AppData\Roaming\GFI Software deleted successfully
C:\Users\fay\AppData\Roaming\Sunbelt deleted successfully
C:\Users\Admin\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Admin\AppData\Local\EmieSiteList deleted successfully
C:\Users\Admin\AppData\Local\EmieUserList deleted successfully
C:\Users\Admin\AppData\Local\ms-drivers deleted successfully
C:\Users\fay\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\fay\AppData\Local\EmieSiteList deleted successfully
C:\Users\fay\AppData\Local\EmieUserList deleted successfully
C:\Users\fay\AppData\Local\ms-drivers deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20150815_0443_.backup
ProfilePath: C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default
user.js not found
---- Lines inbox.com removed from prefs.js ----
user_pref("ibxcomtb.ibxHP", "http://www.inbox.com/homepage.aspx?tbid=80114&lng=en");
---- FireFox user.js and prefs.js backups ----
prefs_20150815_0443_.backup
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Windows Live SkyDrive deleted
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Holiday Jigsaw Valentines Day deleted
C:\PROGRA~2\My Kingdom for the Princess II deleted
C:\PROGRA~2\My Kingdom for the Princess III deleted
C:\install.exe deleted
C:\Users\Admin\AppData\Roaming\log.txt deleted
C:\Users\Admin\AppData\Roaming\Alawar Stargaze deleted
C:\Users\fay\AppData\Roaming\netstat.bat deleted
C:\Users\fay\AppData\Roaming\NevoSoft Gameslog.txt deleted
C:\Users\fay\AppData\Roaming\Alawar deleted
C:\Users\fay\AppData\Roaming\Alawar Entertainment deleted
C:\Users\fay\AppData\Roaming\Alawar Stargaze deleted
C:\Users\fay\AppData\Roaming\AlawarEntertainment deleted
C:\Users\fay\AppData\Roaming\YoudaGames deleted
C:\PROGRA~3\Alawar Stargaze deleted
C:\PROGRA~3\Funny Bear Studio deleted
C:\Users\fay\AppData\LocalLow\bfgbar deleted
C:\Users\fay\AppData\LocalLow\bfgbartb deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\searchplugins\inbox-search.xml deleted
C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default\bfgbartb deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default
user_pref("browser.startup.homepage", "http://www.yahoo.com/");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");
ProfilePath: C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default
user_pref("browser.startup.homepage", "http://www.yahoo.com/");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03/11/2012 12:04 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\fay\AppData\Roaming\Mozilla\Firefox\Profiles\t4b2x8kp.default
- Toolbar - Big Fish Games - %ProfilePath%\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5pgaobxx.default
A344EE6FD6FF97D3A374980C15583FE5 - C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll - Hulu Desktop
==== Chromium Look ======================
Chrome Hotword Shared Module - fay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
==== Chromium Startpages ======================
C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Preferences
1zm5xRlxc2mwHH2XNg=","signature":"PWmgVGjGfyKvjA48rNymu62Lp3cQocPzil3lN/sTkwzgYiKoZZmceYgvdrfifj64wd+K89lx9sBSO17vTVRFO/ojH8xE5XuwcLahFZycFoNudUoP+TGNjq1RTEXrCs1yJ25wGjvks1oXTDoC92qAPYg3lJ8vMSfiBCKUHsgNfOY0a0Qo4lE6cIV3NC/oLHOuNOx/kT/cc0TG31Wu7PpcbHy18jtoUPGM8h76l2UQX3TzIyow3aFKki5df65il7C32UwG6d5k7flX3e0q4HvEbNnaTBhUPDfBOZN983y4k2950GqA2oJBqtKBTTrkShVO7FlXFGHz5R78GqzVhITbUw==","signature_format_version":2,"timestamp":"13079010075246762"},"last_chrome_version":"43.0.2357.134"},"gcm":{"check_time":"13081717161971731"},"google":{"services":{"hosted_domain":"NO_HOSTED_DOMAIN","refresh_token_annotate_scheduled_time":"13083126056654463","signin_scoped_device_id":"15FD40D3-0026-4C43-862D-F3839688BAC5","user_account_id":"107712137936789270783"}},"hotword":{"previous_language":"en-US"},"http_original_content_length":"4755859933","http_received_content_length":"4755859933","intl":{"accept_languages":"en-US,en"},"invalidator":{"client_id":"yNZH/FzxWYFH8X9/shTvAw==","invalidation_state":"CicKJQoGCgQIAxABEhIJGuohDeTRxJQRz0q8hYJvYv8aBwiJHhADGAESFHe6Sb7Ep1Re5a3j/AqIsLXaEy2w","saved_invalidations":[]},"media":{"device_id_salt":"YIzBiaOVXO6cCGDjVWzihw=="},"net":{"http_server_properties":{"servers":{"accounts.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":15273},"supports_spdy":true},"apis.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":17917},"supports_spdy":true},"clients1.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":16525},"supports_spdy":true},"clients4.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":13655}},"cm.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"cm.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":21207}},"content.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"csi.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":256545},"supports_spdy":true},"fbcdn-profile-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fbstatic-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fonts.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"fonts.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"googleads.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":16719},"supports_spdy":true},"lh5.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"oauth.googleusercontent.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"play.google.com:443":{"network_stats":{"srtt":25774}},"plus.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":15722},"supports_spdy":true},"scontent.xx.fbcdn.net:443":{"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":16004},"supports_spdy":true},"support.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":40957},"supports_spdy":true},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true}},"supports_quic":{"address":"192.168.1.102","used_quic":true},"version":3}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"http://news.yahoo.com:80,http://news.yahoo.com:80":{"setting":1},"https://gma.yahoo.com:443,https://gma.yahoo.com:443":{"setting":1},"https://www.youtube.com:443,http://mashable.com:80":{"setting":1},"https://www.youtube.com:443,http://www.huffingtonpost.com:80":{"setting":1},"https://www.youtube.com:443,http://www.onegreenplanet.org:80":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://news.yahoo.com:80,http://news.yahoo.com:80":{"fullscreen":1},"https://gma.yahoo.com:443,https://gma.yahoo.com:443":{"fullscreen":1},"https://www.youtube.com:443,http://mashable.com:80":{"fullscreen":1},"https://www.youtube.com:443,http://www.huffingtonpost.com:80":{"fullscreen":1},"https://www.youtube.com:443,http://www.onegreenplanet.org:80":{"fullscreen":1}},"pref_version":1},"created_by_version":"43.0.2357.65","exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13081681448991689","icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Fay","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\fay\\Downloads"},"selectfile":{"last_directory":"C:\\MyPictures\\Touched up pics"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13077053136956118"},"translate_blocked_languages":["en"],"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/HPDSK/1"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/HPDSK/1"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\fay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5pgaobxx.default\cache2 emptied successfully
C:\Users\fay\AppData\Local\Mozilla\Firefox\Profiles\t4b2x8kp.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\fay\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2764 folders=260 534802972 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fay\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\fay\AppData\Local\Temp\AdobeARM.log" deleted
"C:\Users\fay\AppData\Local\Temp\FXSAPIDebugLogFile.txt" deleted
"C:\Users\fay\AppData\Local\Temp\JET73E7.tmp" not found
"C:\Users\fay\AppData\Local\Temp\logger.log" deleted
"C:\Users\fay\AppData\Local\Temp\PDApp.log" not found
==== EOF on Sat 08/15/2015 at 21:42:12.37 ======================