[Possible False Positive Trojan.zbot]

Here is the MBAM log as instructed in malware removal forum...

Thanks.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/14/2016
Scan Time: 3:43:08 PM
Logfile: MBAM log 11-14-16a.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.14.09
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: poi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388087
Time Elapsed: 20 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Zbot, C:\WINDOWS\vncutil.exe, , [1b16427ed0ca1f172eff03ce10f3639d],

Physical Sectors: 0
(No malicious items detected)

(end)

vncutil.zip

[Trojan.zbot found in MB Scan]

Thank you kindly.  I'm not 100% sure what you wanted me to post.  I just copied and pasted the information presented post-scan.

 

SHA256:	e6b2b7c8a04443e1e308889488e09b95fb30e8e1a165f9a7792fe789d4825e8e
File name:	vncutil.exe
Detection ratio:	1 / 55
Analysis date:	2016-11-14 21:23:15 UTC ( 0 minutes ago )

3

 

0

 

Probably harmless! There are strong indicators suggesting that this file is safe to use.

• Analysis
• File detail
• Relationships
• Additional information
• Comments
• Votes

Antivirus	Result	Update
Malwarebytes	Trojan.Zbot	20161114
ALYac		20161114
AVG		20161114
AVware		20161114
Ad-Aware		20161114
AegisLab		20161114
AhnLab-V3		20161114
Alibaba		20161114
Antiy-AVL		20161114
Arcabit		20161114
Avast		20161114
Avira (no cloud)		20161114
Baidu		20161111
BitDefender		20161114
Bkav		20161112
CAT-QuickHeal		20161114
CMC		20161114
ClamAV		20161114
Comodo		20161114
CrowdStrike Falcon (ML)		20161024
Cyren		20161114
DrWeb		20161114
ESET-NOD32		20161114
Emsisoft		20161114
F-Prot		20161114
F-Secure		20161114
Fortinet		20161114
GData		20161114
Ikarus		20161114
Invincea		20161018
Jiangmin		20161114
K7AntiVirus		20161114
K7GW		20161114
Kaspersky		20161114
Kingsoft		20161114
McAfee		20161114
McAfee-GW-Edition		20161114
eScan		20161114
Microsoft		20161114
NANO-Antivirus		20161114
Panda		20161114
Qihoo-360		20161114
Rising		20161114
SUPERAntiSpyware		20161114
Sophos		20161114
Symantec		20161114
Tencent		20161114
TheHacker		20161114
TrendMicro		20161114
TrendMicro-HouseCall		20161114
VBA32		20161114
VIPRE		20161114
ViRobot		20161114
Yandex		20161114
Zillya		20161114
Zoner		20161114
nProtect		20161114

[Trojan.zbot found in MB Scan]

Hello MB Forum,

This computer has been acting bizarre for a week or so.  Completely freezing up requiring reboot.  Ran AVAST boot scan and didn't find anything.  Fully updated MBAM and ran a standard scan.  Found Trojan.zbot.  I didn't act on the result because I decided I needed to have this looked at.  I will wait for your instruction.  I also attached the MBAM log.  Thanks as always for your continued service.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2016
Ran by poi (administrator) on FLOYD (14-11-2016 10:35:13)
Running from C:\Documents and Settings\poi\Desktop
Loaded Profiles: poi (Available Profiles: poi & ewq & az & UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\USB TV\EM28XX\BDARemote.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
HKU\S-1-5-21-1123561945-2111687655-725345543-1008\...\Run: [Zoom] => 0
HKU\S-1-5-21-1123561945-2111687655-725345543-1008\...\Policies\Explorer: [NoComputersNearMe] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-27] (AVAST Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2007-09-11]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk [2010-05-26]
ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2007-09-11]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A9B57C27-3A8D-4410-BF03-21FBC3F1992C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1123561945-2111687655-725345543-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1123561945-2111687655-725345543-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269795619093
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default [2016-11-14]
FF DefaultSearchEngine: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default -> Google
FF DefaultSearchEngine.US: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default -> Google
FF Homepage: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default -> about:blank
FF Extension: (Classic Theme Restorer) - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-10-24]
FF Extension: (Blur) - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\Extensions\donottrackplus@abine.com.xpi [2016-11-10]
FF Extension: (Adblock Plus) - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-01-14] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-24]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-30] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1123561945-2111687655-725345543-1008: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\poi\Application Data\Zoom\bin\npzoomplugin.dll [2016-11-09] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [270016 2016-10-30] (Adobe Systems Incorporated) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-27] (AVAST Software)
S4 Belkin Wireless USB Network Adapter Service; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [49152 2004-03-29] () [File not signed]
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2007-09-11] (Meetinghouse Data Communications) [File not signed]
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4017536 2006-08-18] (Realtek Semiconductor Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-06-25] (Creative)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-27] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-27] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-09-27] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-27] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-09-27] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-09-27] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-09-27] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-09-30] (Avanquest Software) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 CDRPDACC; C:\Program Files\321Studios\Shared\CDRPDACC.SYS [4633 2002-07-25] (Arrowkey) [File not signed]
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R2 HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [52800 1998-09-25] () [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [44032 2009-07-27] (Atheros Communications, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-14] (Malwarebytes) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-06-25] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6912 2007-09-11] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [54656 2003-06-18] (NVIDIA Corporation) [File not signed]
S3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [97280 2003-05-27] (NVIDIA Corporation) [File not signed]
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21120 2003-05-27] (NVIDIA Corporation) [File not signed]
R3 Pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [33376 2007-09-11] (VSO Software) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [232192 2005-08-02] (Ralink Technology, Corp.) [File not signed]
S3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation                           )
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.sys [9600 2001-10-30] (SiSoftware) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [716272 2008-08-15] () [File not signed]
S3 xbreader; C:\WINDOWS\System32\Drivers\xbreader.sys [19677 2001-01-02] (Thesycon GmbH, Germany) [File not signed]
S3 catchme; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\catchme.sys [X]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S3 hSONYPVh; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\hSONYPVh.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 10:35 - 2016-11-14 10:35 - 00013614 _____ C:\Documents and Settings\poi\Desktop\FRST.txt
2016-11-14 10:35 - 2016-11-14 10:35 - 00000000 ____D C:\FRST
2016-11-14 10:34 - 2016-11-14 10:34 - 01760768 _____ (Farbar) C:\Documents and Settings\poi\Desktop\FRST.exe
2016-11-14 10:29 - 2016-11-14 10:29 - 00001115 _____ C:\Documents and Settings\poi\Desktop\mbam log 11-14-16.txt
2016-11-14 09:43 - 2016-11-14 09:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-10 22:53 - 2016-11-10 22:53 - 00000005 _____ C:\Documents and Settings\poi\Desktop\nw22560.txt
2016-11-10 11:02 - 2016-11-11 16:17 - 01073664 _____ C:\Documents and Settings\poi\Desktop\B714F600
2016-11-10 11:02 - 2016-11-10 13:16 - 01073664 _____ C:\Documents and Settings\poi\Desktop\2016.10.31.xls
2016-11-10 10:58 - 2016-11-10 10:58 - 00014336 _____ C:\Documents and Settings\poi\My Documents\Book1 (version 1).xls
2016-11-10 10:57 - 2016-11-10 10:57 - 00847102 _____ C:\Documents and Settings\poi\Desktop\2016.10.31.Tables.xlsx
2016-11-10 10:09 - 2016-11-10 10:09 - 00000000 ____D C:\Documents and Settings\poi\Start Menu\Programs\Zoom
2016-11-10 10:08 - 2016-11-10 10:09 - 17764880 _____ (Microsoft Corporation) C:\Documents and Settings\poi\Desktop\ZoomInstallerXP.exe
2016-11-09 01:08 - 2016-11-09 01:08 - 00106496 _____ C:\WINDOWS\Minidump\Mini110916-01.dmp
2016-11-03 10:53 - 2016-11-03 10:53 - 00169217 _____ C:\Documents and Settings\poi\Desktop\_invoice 1-2016.10.01.pdf
2016-11-03 10:31 - 2016-11-05 14:56 - 00000000 ____D C:\Documents and Settings\poi\Desktop\Audio
2016-10-31 17:36 - 2016-10-31 17:36 - 00000697 _____ C:\Documents and Settings\poi\Desktop\Hrs to be worked.txt
2016-10-28 15:04 - 2016-10-28 15:04 - 00621056 _____ C:\Documents and Settings\poi\Desktop\Tables 10-20-16.xls
2016-10-28 14:04 - 2016-11-10 10:06 - 00133768 _____ (Zoom Video Communications, Inc.) C:\Documents and Settings\poi\Desktop\Zoom_launcher.exe
2016-10-28 13:13 - 2016-10-30 22:10 - 00180624 _____ C:\Documents and Settings\poi\Desktop\ SPH 2016_REVISED.pdf
2016-10-28 08:31 - 2016-10-28 08:31 - 00673860 _____ C:\Documents and Settings\poi\Desktop\Focus Groups_IO Colloquim_10-21-2016.pptm
2016-10-28 08:20 - 2016-10-28 08:20 - 00331264 _____ C:\Documents and Settings\poi\Desktop\Writer's Guide Update Slides Comments 10-28-16.ppt
2016-10-28 08:15 - 2016-10-28 08:15 - 00324608 _____ C:\Documents and Settings\poi\Desktop\Writer's Guide Update Slides.ppt
2016-10-28 08:13 - 2016-10-28 08:13 - 00186447 _____ C:\Documents and Settings\poi\Desktop\Writer's Guide Update Slides.pptx
2016-10-24 16:12 - 2016-10-24 16:12 - 00251501 _____ C:\Documents and Settings\poi\Desktop\6_DegreeLicensure Release_.pdf
2016-10-24 11:27 - 2016-09-27 12:00 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-10-24 10:41 - 2016-10-24 10:41 - 02147107 _____ C:\Documents and Settings\poi\Desktop\Symposium Program Handout.pdf
2016-10-20 18:35 - 2016-10-20 18:35 - 49505220 _____ C:\Documents and Settings\poi\Desktop\zoom_0.mp4
2016-10-20 17:45 - 2016-10-20 17:45 - 00044544 _____ C:\Documents and Settings\poi\Desktop\ and  work.xls
2016-10-20 17:45 - 2016-10-20 17:45 - 00037923 _____ C:\Documents and Settings\poi\Desktop\ and  work.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 10:35 - 2013-09-06 14:46 - 00000000 ____D C:\Documents and Settings\poi\Local Settings\temp
2016-11-14 10:15 - 2014-10-07 10:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-14 09:54 - 2016-08-22 10:01 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-14 09:44 - 2012-05-03 14:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-14 09:35 - 2013-09-06 14:46 - 00000000 ____D C:\Documents and Settings\az\Local Settings\temp
2016-11-14 09:35 - 2013-09-06 14:46 - 00000000 ____D C:\Documents and Settings\ewq\Local Settings\temp
2016-11-14 09:15 - 2014-04-22 21:07 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2016-11-14 09:15 - 2014-04-02 00:28 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-11-14 09:15 - 2013-05-15 16:30 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-11-14 09:14 - 2007-09-11 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-14 09:03 - 2007-09-11 09:53 - 00032416 _____ C:\WINDOWS\SchedLgU.Txt
2016-11-13 13:39 - 2010-03-12 00:46 - 00000278 ___SH C:\Documents and Settings\poi\ntuser.ini
2016-11-12 04:58 - 2007-09-11 04:34 - 00509960 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-12 04:49 - 2001-08-23 06:00 - 00002262 _____ C:\WINDOWS\system32\wpa.dbl
2016-11-10 22:53 - 2007-09-11 10:43 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2016-11-10 10:58 - 2010-03-12 00:46 - 00000000 ___RD C:\Documents and Settings\poi\My Documents
2016-11-10 10:58 - 2007-09-11 10:43 - 00002487 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2016-11-10 10:09 - 2016-07-22 08:25 - 00000000 ____D C:\Documents and Settings\poi\Application Data\Zoom
2016-11-09 01:08 - 2011-04-05 14:43 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-08 23:43 - 2014-04-02 00:28 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-11-08 09:02 - 2016-06-30 16:45 - 00000000 ____D C:\Documents and Settings\poi\My Documents\SPH Climate
2016-11-08 07:48 - 2009-02-19 12:47 - 00000000 ____D C:\Program Files\HLM7Student
2016-11-08 07:48 - 2009-02-19 12:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SSI, Inc
2016-11-07 15:40 - 2011-04-04 22:42 - 00000278 ___SH C:\Documents and Settings\ewq\ntuser.ini
2016-11-07 12:16 - 2010-03-13 04:27 - 00000000 ____D C:\Documents and Settings\poi\Application Data\vlc
2016-10-31 16:58 - 2016-08-22 09:35 - 00027648 _____ C:\Documents and Settings\poi\Desktop\LNSCP.xls
2016-10-30 22:13 - 2010-03-12 00:46 - 00000000 ____D C:\Documents and Settings\poi
2016-10-30 16:17 - 2012-04-10 16:12 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-10-30 16:17 - 2011-08-16 19:18 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-10-30 16:16 - 2016-02-20 02:41 - 00000000 ____D C:\Documents and Settings\poi\Desktop\New Folder
2016-10-30 16:16 - 2007-09-11 09:41 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-24 11:33 - 2014-07-02 14:19 - 00000000 ____D C:\Documents and Settings\poi\Local Settings\Application Data\Adobe
2016-10-24 11:30 - 2014-11-11 19:30 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2016-10-24 11:29 - 2007-09-11 04:30 - 00000000 ___HD C:\WINDOWS\inf
2016-10-24 11:22 - 2016-09-06 23:30 - 00000353 _____ C:\Documents and Settings\poi\Desktop\notes 9-6.txt
2016-10-24 11:21 - 2016-09-23 11:52 - 00000000 ____D C:\Documents and Settings\poi\Desktop\Summary of Analyses
2016-10-24 11:21 - 2016-09-08 10:17 - 01365904 _____ C:\Documents and Settings\poi\Desktop\WritersGuide1.0 [Team Notes].pdf
2016-10-18 19:28 - 2016-10-13 06:43 - 00590336 _____ C:\Documents and Settings\poi\Desktop\File for Risk Matrix Team.xls
2016-10-18 17:54 - 2016-10-13 06:34 - 00447477 _____ C:\Documents and Settings\poi\Desktop\File for Risk Matrix Team.xlsx
2016-10-16 13:56 - 2016-09-27 11:33 - 00000000 ____D C:\Documents and Settings\poi\Desktop\Data Test Download 9-27-16

==================== Files in the root of some directories =======

2010-03-12 05:46 - 2012-08-21 10:27 - 0247808 _____ () C:\Documents and Settings\poi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-06-22 17:42 - 2008-08-14 01:12 - 0003276 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Addition.txt

mbam log 11-14-16.txt

[Windows 10 Welcome Scree]

Thanks for this.  Got it to work with the third one listed on that site.

tqh

[Windows 10 Welcome Scree]

I originally was able to bypass ctl-alt-del on this computer that I am working on and then I had a problem where I could not get the computer out of sleep mode or I just couldn't get back to the welcome screen.  Once I rebooted, I had to use ctl-alt-del for the first time in a month of using this computer.  Is there a way to get back to the original configuration and why would that change?

TIA,

tqh

[Block Windows 10 Update]

Hello again.  Thanks for all your help on this problem.  I am curious what does the .reg file do?  I read the linked topics and don't quite understand.  Is it analogous to resetting the update service?  What would be an indicator of it merging successfully?  Just curious.

 

Thanks in advance

[Firefox will not start following system restore]

Nevermind.  Seems like it is ok now.  Thanks.

[Block Windows 10 Update]

Ok this seemed to work.  Thanks!  However, windows update is extremely slow.  I even plugged in my modem directly and it is still not doing anything.  I just want to get this thing to where it is not using up so much RAM and processor (and work properly).  This thing is not doing anything; hardly any data is being transferred.

 

Thanks in advance

[Firefox will not start following system restore]

Hello again.  I was hoping this was a done deal, but I still keep getting the windows update notifications everytime I reboot.  I watch and make sure they install successfully yet they still come back.  Any ideas?

 

 

[Block Windows 10 Update]

I will take a look.  I am assuming it will get rid of the folder that I mentioned?  Your help is greatly appreciated.

[Block Windows 10 Update]

Hello MB Forum,

 

I am trying to block Windows 10 from forcing itself on my computer.  Based on my research, I need to delete the following file as one of the steps: $Windows.~BT

 

However, I read that this could be problematic as you can't revert back to 7 if you ever do upgrade to 10.  Also, I can't even delete it due to permissions.  I've tried everything possible and I still get a message that I need permission from (username) to delete.  If I click "Try Again", nothing happens.

 

So, 1) should I delete the folder?  It seems ok, but since I have not yet done it I figured I would ask.  And 2) how do I grant the appropriate permissions to successfully delete the folder.

 

Thanks in advance

[Firefox will not start following system restore]

So I reinstalled firefox (did not uninstall then install) and that seemed to work well.  I uninstalled MB and installed per the instructions above and updated then scanned.  Got a shutdown and error message, but then rescanned and it worked.  No malware detected.  Audio seems to work.  However, I keep getting notifications about the malicious sw removal and now I am getting one about a security update for IE8.  I don't think these are that big a deal, but if someone thinks differently, then please let me know.  Since I started this whole thing, windows wants to download and install the malicious sw removal tool after every reboot.  I probably was being overly cautious.  If you guys think everything is ok, then we can probably close this topic.  Thank you very much for your help.

[Firefox will not start following system restore]

So, can you make a copy of the profile folder, xyz.default for example, to a memory stick then reinstall firefox?  If on reinstall the profile gets deleted can you then replace the contents of the new profile folder with the older content?  Also, AVAST notified me of a firefox update but I was not able to update through AVAST.  I have not been able to sit down and work on this, so thanks for your patience.

[Firefox will not start following system restore]

Well I can't access the forum with IE.

[Firefox will not start following system restore]

Ok to DH Lipman.  Pretty good and I laughed, but will I lose all my bookmarks, plugins, etc.??

[Firefox will not start following system restore]

Hello MB Forum,

 

I have searched quite a bit on the web and can't find a good solution to my problem. I hope I may be able to get some help here.  Some background...

 

I have a computer running XP and have a TV hooked up with a DVI to HDMI cable.  I tried hooking up some headphones through my analog jack and ended up losing sound on my TV - but only for that particular profile.  My solution was to try and do a system restore because I have never had a problem doing that in the past.  I restored back a couple weeks and I noticed that SRestore changed some file names.  Of course I did not write them down because they seemed harmless.  The sound worked, but when I got around to starting firefox, it did absolutely nothing.  I went to the actual application under program files and it still would not work.  I tried to go back under system restore and that did not help.  I then stopped because I suspected malware. 

 

I ran a scan w/ MB and the scan failed initially.  I also noticed that my program is not updating to 2.2.0.1024.  Maybe because it is XP?  When I finally got MB to run, it did not detect anything.  I also ran a boot-time scan with AVAST.  I have a corrupted file under C:\NVIDIA\Display Driver.  This may be what caused the problem with the sound, but under another profile the sound worked.  So, I am at a loss because I suspect that if I uninstall FF and reinstall it I will lose everything including bookmarks and plugins.  I have a few restore points I could try but I don't think that will work.  I'm starting to think system restore messed up my FF profile/folder.  Any help would be great.

 

Thanks in advance 

[Worm:MSIL/Necast.D virus]

Should I try to run TFC with Avast disabled?  Remember, it crashed on this computer.  However, it did not produce a BSOD. 

[Worm:MSIL/Necast.D virus]

computer seems to be running fine  no signs of infection 

reqested log posted below  thanks again

 

 

 Results of screen317's Security Check version 0.99.78  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     11.9.900.170  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[Worm:MSIL/Necast.D virus]

TFC is a temporary file cleaner and one can certainly use it as often as they feel they need to but it's not something that has to be run over and over.

 

I've seen a few other topics on this issue and so far it appears to be an elusive entry to remove from the Security Center - my guess is that it may be stored using WMI which makes it a bit more difficult to get to and remove.

 

Please download and run the following Malicious Software Removal Tool from Microsoft and let me know if it finds anything or not and reboot once you've run it and let me know if this still shows up as a "new" entry in the Security Center.

Hey there.  I ran the MSRT and found nothing.  There was no log.  From the above quote in bold: Can you provide some credible information about WMI (link)?  Just curious.  Also, the security center notification seems to have disappeared.  Not sure what happened to get rid of it, but it quit after running the last two AdwCleaner and MBAM.

 

Did this editor used to have a spell check function?  Just curious. 

[Worm:MSIL/Necast.D virus]

Thanks. Here are the requested logs.  

 

 

# AdwCleaner v3.016 - Report created 01/01/2014 at 17:55:05
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : KAREN - KAREN-PC
# Running from : C:\Users\KAREN\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\KAREN\AppData\Roaming\Mozilla\Firefox\Profiles\x4scr48k.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [21740 octets] - [26/12/2013 21:33:33]
AdwCleaner[R1].txt - [6489 octets] - [27/12/2013 19:28:26]
AdwCleaner[R2].txt - [2363 octets] - [01/01/2014 17:51:07]
AdwCleaner[s0].txt - [6083 octets] - [27/12/2013 19:31:43]
AdwCleaner[s1].txt - [2136 octets] - [01/01/2014 17:55:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2196 octets] ##########
 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.01.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
KAREN :: KAREN-PC [administrator]

1/1/2014 6:13:58 PM
mbam-log-2014-01-01 (18-13-58).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 417232
Time elapsed: 1 hour(s), 26 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\KAREN\Desktop\Update\Setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.

(end)
 

[Ran TFC and receied BSOD twice]

Ok cool.  Thank you.

[Ran TFC and receied BSOD twice]

Does it matter that this is on my machine and not the other one?

[Ran TFC and receied BSOD twice]

Hello MB forum.  I just ran TFC on my machine and received a BSOD.  I ran it again and got the same thing.  I now have 6 files on my desktop that otherwise would be hidden.  They look like temp .docx files.  There is also a file named desktop.ini.  I don't suspect malware, but have included a MB quick scan log.  I also included the two BSOD "reports".  I would like to get rid of the new files on the desktop, but have decided to hold off.  This is a separate issue with a separate computer than the topic under malware removal.  Thanks in advance for any help.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.31.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
iop :: FLOYD00 [administrator]

12/31/2013 4:18:22 PM
mbam-log-2013-12-31 (16-18-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308132
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

Blue Screen Crash 12-31-13

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.768.3
  Locale ID:    1033

Additional information about the problem:
  BCCode:    f4
  BCP1:    0000000000000006
  BCP2:    FFFFFA8006B53740
  BCP3:    FFFFFA8006B3CE10
  BCP4:    FFFFF800031D9780
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    768_1

Files that help describe the problem:
  C:\Windows\Minidump\123113-27378-01.dmp
  C:\Users\iop\AppData\Local\Temp\WER-209977-0.sysdata.xml


Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.768.3
  Locale ID:    1033

Additional information about the problem:
  BCCode:    3b
  BCP1:    00000000C0000005
  BCP2:    FFFFF800031B1DFE
  BCP3:    FFFFF88002290A80
  BCP4:    0000000000000000
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    768_1

Files that help describe the problem:
  C:\Windows\Minidump\123113-24476-01.dmp
  C:\Users\iop\AppData\Local\Temp\WER-84084-0.sysdata.xml
 

[Worm:MSIL/Necast.D virus]

So, what about the TFC.  Sorry I put OTC in the PM.  Should I try to run it again?

[Worm:MSIL/Necast.D virus]

I'm still getting the "problem reports and solutions" from windows.  Under virus alert is the notification about the "virus" in this thread title.  Also, there are remnants of AVG on here.   I ran screen317s security check and the result indicated that Adobe reader 9 and 10 are on here and that Adobe reader is out of date.  If I try to update Adobe, it gives me the note that it is already up to date.  Also, is there a way to make sure Java is completely uninstalled and is there a way to get it out of the add-ons for FF/IE?  Finally, AVAST web rep add-on is not installed on FF.  Any clues?  If not, no big deal.  Thanks once again.

 

 

Almost forgot.  When I ran the boot scan and AVAST found a number of PUPs (mindspark, etc.) the infected files were moved to the virus chest (a number of .dll files).  Also, someone ran a scan back in Sept. and some malware was moved to the virus chest.  FileRepMalware pops up twice.  JS:lfram-DMK [Trj] is on there.  Win32:Evo-gen[susp] is on there twice.  I guess my question is, what should I do with these, if anything?  Do we need to probe more?  I should have given you these details when I wrote that I did the boot scan way back there.  Anything to be concerned about?

 

Hate to do this, but I just opened up IE and the homepage was set to Bing.  I received an alert at the bottom stating that an unknown program wants bing to be the homepage or something like that.  I clicked no.  Didn't seem to matter.  Her yahoo toolbar option is gone from the add-ons page.  I'm hope this is a very minor issue.

 

Appreciate the help.