Here's the results... Fix result of Farbar Recovery Scan Tool (x86) Version:21-08-2015Ran by Al & Mindy (2015-08-21 21:33:34) Run:1Running from C:\Users\Al & Mindy\Desktop\MB8-20Loaded Profiles: Al & Mindy (Available Profiles: Al & Mindy & UpdatusUser)Boot Mode: Normal ============================================== fixlist content:*****************CreateRestorePoint:Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONGroupPolicyScripts: Group Policy detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4019566695-2349307630-1478826107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No FileToolbar: HKU\S-1-5-21-4019566695-2349307630-1478826107-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileFF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)CHR Extension: (No Name) - C:\Users\Al & Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\balimbofoedmklhpnchbgmlfipgpbjnl [2015-07-08]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxS2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]CustomCLSID: HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1FE960F5-9468-D082-A3F0-98EE85889A47} No FileCustomCLSID: HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {46CC2438-9468-D082-6EB4-BDB785889A47} No FileAlternateDataStreams: C:\Users\Al & Mindy\BCHW - Feburary Mount St. Helens Chapter newsletter.eml:OECustomPropertyAlternateDataStreams: C:\Users\Al & Mindy\Bells Mountain Trail.eml:OECustomPropertyAlternateDataStreams: C:\Users\Al & Mindy\Fwd- Bells Mountain Trail - Copy (1).eml:OECustomPropertyAlternateDataStreams: C:\Users\Al & Mindy\Fwd- Bells Mountain Trail.eml:OECustomPropertyAlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo ***************** Restore point was successfully created."HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.C:\Windows\system32\GroupPolicy\Machine => moved successfullyC:\Windows\system32\GroupPolicy\GPT.ini => moved successfully"C:\Windows\system32\GroupPolicy\Machine" => File/Folder not found."HKLM\SOFTWARE\Policies\Google" => key removed successfully."HKU\S-1-5-21-4019566695-2349307630-1478826107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully."HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully.HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully.HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully."HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully.HKU\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found. "HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfullyC:\Users\Al & Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\balimbofoedmklhpnchbgmlfipgpbjnl => moved successfully"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully.SessionLauncher => service removed successfully."HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}" => key removed successfully."HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}" => key removed successfully.C:\Users\Al & Mindy\BCHW - Feburary Mount St. Helens Chapter newsletter.eml => ":OECustomProperty" ADS removed successfully..C:\Users\Al & Mindy\Bells Mountain Trail.eml => ":OECustomProperty" ADS removed successfully..C:\Users\Al & Mindy\Fwd- Bells Mountain Trail - Copy (1).eml => ":OECustomProperty" ADS removed successfully..C:\Users\Al & Mindy\Fwd- Bells Mountain Trail.eml => ":OECustomProperty" ADS removed successfully..C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.. The system needed a reboot. ==== End of Fixlog 21:34:19 ==== # AdwCleaner v5.003 - Logfile created 21/08/2015 at 21:46:43# Updated 20/08/2015 by Xplode# Database : 2015-08-20.1 [server]# Operating system : Windows Vista Ultimate Service Pack 2 (x86)# Username : Al & Mindy - RUSTRANCH# Running from : C:\Users\Al & Mindy\Desktop\MB8-20\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [C:\Users\Al & Mindy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_bit":true,"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13042140344411000","last_launch_time":"13084222849287800","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files\\Google\\Chrome\\Application\\29.0.1547.66\\resources\\web_store","was_installed_by_default":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067493018921800","lastpingday":"13084613983883651","location":1,"manifest":{"api_console_project_id":"619683526622","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"en_US","default_locale":"en_US","description":"Create and edit documents ","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Google Docs","offline_enabled":true,"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.9"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.9_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":true,"was_installed_by_oem":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_bit":false,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"has_declarative_rules":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13081623576698600","last_active_pingday":"13063795186262538","last_launch_time":"13063851359047538","lastpingday":"13084613983883651","location":1,"manifest":{"app":{"launch":{"web_url":"hxxps://drive.google.com/?usp=chrome_app"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","hxxps://docs.google.com/","hxxps://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"en_US","default_locale":"en_US","description":"Google Drive: create, share and keep all your stuff in one place.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"hxxps://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"14.0"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\14.0_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"balimbofoedmklhpnchbgmlfipgpbjnl":{"ack_settings_bubble":true,"active_permissions":{"api":["cookies","searchProvider","storage","tabs","unlimitedStorage"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"blacklist_state":3,"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["cookies","searchProvider","storage","tabs","unlimitedStorage"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079137717632000","lastpingday":"13084613983883651","location":1,"manifest":{"background":{"scripts":["/extensions_base/basejs/jquery-1.9.1.js","/extensions_base/basejs/products/zooms_musixlib_parameters_ds.js","/extensions_base/basejs/base.js","background.js"]},"chrome_settings_overrides":{"search_provider":{"alternate_urls":[],"encoding":"UTF-8","favicon_url":"hxxp://www.gozooms.com/images/favicon.ico","image_url":"hxxp://zooms.searchalgo.com/search/?category=images&q={searchTerms} ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [6647 bytes] ########## I ran JRT three times but it would not generate a report. The program self closed each time as it was checking the registry. Also, is it normal for this program to start off stating that "the system could not find the desired path" multiple times before it started the "create a restore point"? Here's the MB threat scan txt: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/21/2015Scan Time: 10:18:56 PMLogfile: MBscan 8-21.txtAdministrator: Yes Version: 2.1.8.1057Malware Database: v2015.08.21.09Rootkit Database: v2015.08.16.01License: PremiumMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Enabled OS: Windows Vista Service Pack 2CPU: x86File System: NTFSUser: Al & Mindy Scan Type: Threat ScanResult: CompletedObjects Scanned: 465062Time Elapsed: 23 min, 49 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) I am puzzled that this scan indicates that Malware Protection and Malicious Website Protection are Disabled? I doubled checked my settings in Malwarebytes and they show both of these settings to be Enabled.