Open notepad and copy/paste the text present inside the code box below:
Folder::
c:\program files (x86)\Google\Desktop\Install
c:\users\Simon\AppData\Local\Google\Desktop\Install
C:\Windows\Installer\{40021656-4d6d-26e9-ca6e-3085e6c4f832}
C:\Users\Simon\AppData\Local\{40021656-4d6d-26e9-ca6e-3085e6c4f832}
KillAll::
File::
C:\STFE4.tmp
C:\STF4B1E.tmp
C:\STF483D.tmp
C:\STF65BF.tmp
C:\STFF03D.tmp
C:\STFDB71.tmp
C:\STFFA1C.tmp
C:\STF68C0.tmp
C:\STF493D.tmp
C:\STF17F3.tmp
C:\STF7CF0.tmp
C:\STF3ADE.tmp
C:\STF8713.tmp
C:\STFF8AC.tmp
C:\STF20AA.tmp
C:\STFAF25.tmp
c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys
C:\ProgramData\dsgsdgdsgdsgw.pad
ClearJavaCache::
DirLook::
c:\users\Simon\.matplotlib
C:\temp
Driver::
ALSysIO
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777&CUI=UN40145512341332286
Firefox::
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\jbsnoky0.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8e90212000000000000002522efbb4a
FF - user.js: extensions.BabylonToolbar_i.hardId - a8e90212000000000000002522efbb4a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15441
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
----------------------- next ---------------------------
Re-run FRST, just check box for Addition.txt and press Scan button.
Post here fresh created logs
----------------------- next ---------------------------
Let’s check is it damage caused by ZA been repaired. We shall use another Farbar’s tool called FSS.
Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:
[*]Internet Services
[*]Windows Firewall
[*]System Restore
[*]Security Center/Action Center
[*]Windows Update
[*]Windows Defender
[*]Press “Scan”.
[]It will create a log (FSS.txt) in the same directory the tool is run.
[]Please copy and paste the log to your reply.