Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extra binkiland tab in Chrome opens when I'm logged in to my profile from any PC


  • This topic is locked This topic is locked
2 replies to this topic

#1 mspacman

mspacman

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 11 February 2015 - 10:33 PM

I accidentally downloaded something that was attached to binkiland. They disquised it with a java update. Sneaky

Anyway, I noticed it immediately and used this site

http://www.virusresearch.org/remove-binkiland-com-chrome-firefox-ie/

to try to remove it, when I went to a different computer where I use Chrome, while I'm logged in with my profile an extra tab opens for a binkiland search. I also noticed that whenever I open a chrome browser, about 15 chrome.exe processes show up in the task manager. I don't know if that's related though.

Then I ran your AdwCleaner app and did a scan, but since I'm not entirely sure how to use it, I decided to come here and get some help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015 02
Ran by monica (administrator) on DAZZLINGDIVA-PC on 11-02-2015 21:45:21
Running from C:\Users\monica\Downloads
Loaded Profiles: monica (Available profiles: monica & Mcx1-DAZZLINGDIVA-PC & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 Classic & LAX)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Fitbit, Inc.) C:\Program Files\Fitbit\fitbit.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.SQL2008R2\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008R2\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.SQL2008R2\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008R2\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008R2\MSSQL\Binn\fdhost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Pure Networks, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(Fitbit, Inc.) C:\Program Files\Fitbit\fitbit-tray.exe
(Google Inc.) C:\Users\monica\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Akamai Technologies, Inc.) C:\Users\monica\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Akamai Technologies, Inc.) C:\Users\monica\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\monica\Desktop\AdwCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [648504 2008-05-16] (Pure Networks, Inc.)
HKLM\...\Run: [nmapp] => C:\Program Files\Pure Networks\Network Magic\nmapp.exe [451896 2008-05-21] (Pure Networks, Inc.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [OM2_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [967568 2014-12-09] (Cisco Systems, Inc.)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1063632 2015-01-19] (Carbonite, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-09] (Oracle Corporation)
HKLM\...\RunOnce: [Binkiland] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\monica\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [OM2_Monitor] => C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [Fitbit Service Monitor] => C:\Program Files\Fitbit\fitbit-tray.exe [2164256 2011-10-26] (Fitbit, Inc.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [Facebook Update] => C:\Users\monica\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-21] (Facebook Inc.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [Google Update] => C:\Users\monica\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-24] (Google Inc.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [MusicManager] => C:\Users\monica\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631360 2014-10-08] (Google Inc.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [Akamai NetSession Interface] => C:\Users\monica\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Run: [GoogleChromeAutoLaunch_0D335B016BD26C5E4F231621FDC2D8BB] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\RunOnce: [Binkiland] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\monica\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: IE Developer Toolbar BHO -> {CC7E636D-39AA-49b6-B511-65413DA137A1} -> C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-1567756143-2189054842-697228090-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1567756143-2189054842-697228090-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\monica\AppData\Roaming\Mozilla\Firefox\Profiles\bemqz1p2.default-1423670018676
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @stamps.com/Web client plug-in,version=1.1.0.41 -> C:\Program Files\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1567756143-2189054842-697228090-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\monica\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1567756143-2189054842-697228090-1000: @tools.google.com/Google Update;version=3 -> C:\Users\monica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1567756143-2189054842-697228090-1000: @tools.google.com/Google Update;version=9 -> C:\Users\monica\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1567756143-2189054842-697228090-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\monica\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1567756143-2189054842-697228090-1000: electronicarts.com/GameFacePlugin -> C:\Users\monica\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\monica\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-02-07]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-07]
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011-07-22]
 
Chrome: 
=======
CHR HomePage: Profile 2 -> 
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/", "hxxp://binkiland.com/?f=7&a=bnk_coinis_15_07&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0CyD0E0CzyyB0F0EyCtDzytN0D0Tzu0StCtCtAyBtN1L2XzutAtFzztFtDtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StBzy0AyB0E0DtB0CtGyCyB0E0CtGyB0EtD0FtGyEtByD0CtGyE0B0Czz0D0D0FtCtBtC0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtByBtDyD0DtAyCtGyCzz0E0FtGyE0FtA0BtG0AyEtDyDtG0DyBtB0C0B0A0EtCtC0A0E0B2Q&cr=1329731578&ir="
CHR Profile: C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Google Docs) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (YouTube) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google Search) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (binkiland New Tab) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elggllhppljlljkgfeokjpehmdamkejk [2015-02-11]
CHR Extension: (Google Sheets) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (IE Tab) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-02-11]
CHR Extension: (Advanced REST client) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2015-02-11]
CHR Extension: (Cisco WebEx Extension) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-11]
CHR Extension: (MyPoints Score!) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR Profile: C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (YouTube) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google Search) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (IE Tab) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-02-11]
CHR Extension: (Advanced REST client) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2015-02-11]
CHR Extension: (Cisco WebEx Extension) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-11]
CHR Extension: (MyPoints Score!) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mcglgmippekbdbmniknikdgkmnnpdnmh [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\monica\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
CHR HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6046416 2015-01-19] (Carbonite, Inc. (www.carbonite.com))
R2 Fitbit; C:\Program Files\Fitbit\fitbit.exe [788000 2011-10-26] (Fitbit, Inc.) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214880 2011-04-24] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 MSOLAP$SQL2008R2; C:\Program Files\Microsoft SQL Server\MSAS10_50.SQL2008R2\OLAP\bin\msmdsrv.exe [25768800 2010-04-03] (Microsoft Corporation)
R2 MSSQL$SQL2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008R2\MSSQL\Binn\sqlservr.exe [42872672 2011-04-24] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQL2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008R2\MSSQL\Binn\fdlauncher.exe [28512 2010-04-03] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2008-05-21] (Pure Networks, Inc.) [File not signed]
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [648504 2008-05-16] (Pure Networks, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 ReportServer$SQL2008R2; C:\Program Files\Microsoft SQL Server\MSRS10_50.SQL2008R2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1177952 2011-04-24] (Microsoft Corporation)
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)
S3 SQLAgent$SQL2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008R2\MSSQL\Binn\SQLAGENT.EXE [367456 2011-04-24] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560016 2014-12-09] (Cisco Systems, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-12-09] (Cisco Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 NWDellModem; C:\Windows\System32\DRIVERS\nwdelmdm.sys [166144 2007-11-02] (Novatel Wireless Inc.)
R3 NWDellPort; C:\Windows\System32\DRIVERS\nwdelser.sys [166144 2007-11-02] (Novatel Wireless Inc.)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24888 2008-05-16] (Pure Networks, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26424 2008-05-16] (Pure Networks, Inc.)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
S3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [21992 2011-12-01] (Silicon Laboratories)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
R3 xpvcom; C:\Windows\System32\Drivers\xpvcom.sys [30032 2007-03-23] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 21:45 - 2015-02-11 21:46 - 00034876 _____ () C:\Users\monica\Downloads\FRST.txt
2015-02-11 21:43 - 2015-02-11 21:45 - 00000000 ____D () C:\FRST
2015-02-11 21:40 - 2015-02-11 21:41 - 01125376 _____ (Farbar) C:\Users\monica\Downloads\FRST.exe
2015-02-11 16:47 - 2015-02-11 16:50 - 00000000 ____D () C:\AdwCleaner
2015-02-11 16:47 - 2015-02-11 16:46 - 02112512 _____ () C:\Users\monica\Desktop\AdwCleaner.exe
2015-02-11 16:46 - 2015-02-11 16:46 - 02112512 _____ () C:\Users\monica\Downloads\AdwCleaner.exe
2015-02-11 10:43 - 2015-02-11 10:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-11 10:42 - 2015-02-11 10:42 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-11 07:30 - 2015-02-11 07:28 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-11 07:29 - 2015-02-11 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-11 07:29 - 2015-02-11 07:28 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-11 07:29 - 2015-02-11 07:28 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-11 06:52 - 2015-02-11 20:53 - 00000296 _____ () C:\Windows\Tasks\Binkiland.job
2015-02-11 06:52 - 2015-02-11 06:52 - 00000000 ____D () C:\Users\monica\AppData\Roaming\Binkiland
2015-02-11 06:51 - 2015-02-11 06:50 - 29419944 _____ (Oracle Corporation) C:\Users\monica\Downloads\jre-7u60-windows-i586.exe
2015-02-11 06:50 - 2015-02-11 06:52 - 00000000 ____D () C:\Program Files\WSE_Binkiland
2015-02-10 21:55 - 2015-02-10 21:57 - 00795400 _____ (Coinis) C:\Users\monica\Downloads\java_runtime_enviroment_setup.exe
2015-02-10 15:09 - 2015-02-10 15:09 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-10 15:09 - 2015-02-10 15:09 - 00000917 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-02-07 14:12 - 2015-02-07 14:12 - 00365163 _____ () C:\Users\monica\Downloads\yellowcab2.zip
2015-02-07 11:37 - 2015-02-07 11:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-06 23:56 - 2015-02-06 23:56 - 00000000 _____ () C:\Users\Public\Desktop\Carbonite Setup.log
2015-02-06 23:54 - 2015-02-06 23:54 - 00002102 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-02-06 23:53 - 2015-02-06 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-02-05 07:04 - 2015-02-05 07:04 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-02-04 21:20 - 2015-02-04 21:20 - 00000000 ____D () C:\Users\monica\AppData\Local\TeamViewer
2015-01-29 20:35 - 2015-01-29 20:35 - 00000253 _____ () C:\Users\monica\Downloads\Paul.txt
2015-01-29 20:35 - 2015-01-29 20:35 - 00000253 _____ () C:\Users\monica\Downloads\Paul (1).txt
2015-01-28 20:16 - 2015-01-28 20:16 - 00002034 _____ () C:\Users\monica\Desktop\7RQWV12.rdp
2015-01-26 12:15 - 2015-01-26 12:15 - 00000000 ____D () C:\Users\monica\Downloads\Attachments_2015126
2015-01-26 12:13 - 2015-01-26 12:13 - 00261557 _____ () C:\Users\monica\Downloads\Attachments_2015126.zip
2015-01-14 20:51 - 2015-01-14 20:51 - 00000000 ____D () C:\Users\monica\.cisco
2015-01-14 20:51 - 2015-01-14 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-01-14 06:50 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 06:50 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 06:48 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:48 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:48 - 2014-12-11 12:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:48 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 08:50 - 2015-01-13 08:50 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-01-13 08:50 - 2015-01-13 08:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-11 21:45 - 2011-07-19 21:57 - 00000000 ____D () C:\Users\monica\AppData\Roaming\Skype
2015-02-11 21:38 - 2012-03-29 20:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 21:25 - 2012-09-24 06:33 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1567756143-2189054842-697228090-1000UA.job
2015-02-11 21:16 - 2011-07-30 11:35 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 21:03 - 2011-07-15 11:22 - 01481813 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 20:49 - 2012-08-21 16:44 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1567756143-2189054842-697228090-1000UA.job
2015-02-11 17:49 - 2012-08-21 16:44 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1567756143-2189054842-697228090-1000Core.job
2015-02-11 16:32 - 2011-07-15 12:48 - 00042206 _____ () C:\ProgramData\nvModes.001
2015-02-11 11:45 - 2011-07-21 21:51 - 00000000 ___RD () C:\Users\monica\Dropbox
2015-02-11 11:45 - 2011-07-21 21:48 - 00000000 ____D () C:\Users\monica\AppData\Roaming\Dropbox
2015-02-11 11:40 - 2012-10-29 09:39 - 00000000 ____D () C:\Temp
2015-02-11 11:40 - 2011-07-30 11:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 11:40 - 2011-07-15 12:48 - 00042206 _____ () C:\ProgramData\nvModes.dat
2015-02-11 11:27 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 11:27 - 2009-07-13 23:34 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 11:19 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 11:18 - 2009-07-13 23:39 - 00126494 _____ () C:\Windows\setupact.log
2015-02-11 11:17 - 2011-07-15 12:46 - 00244288 _____ () C:\Windows\PFRO.log
2015-02-11 10:53 - 2013-01-20 23:43 - 00000000 ____D () C:\Users\monica\Desktop\Old Firefox Data
2015-02-11 03:33 - 2012-09-24 06:33 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1567756143-2189054842-697228090-1000Core.job
2015-02-10 15:11 - 2014-07-18 05:58 - 00000000 ____D () C:\Program Files\TeamViewer
2015-02-09 21:59 - 2013-01-20 15:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-09 20:42 - 2013-12-06 17:24 - 00000000 ____D () C:\Users\monica\Documents\Visual Studio 2010
2015-02-07 14:17 - 2012-03-12 20:39 - 00000000 ____D () C:\MJM
2015-02-06 22:55 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 20:55 - 2011-07-19 20:43 - 00000000 ____D () C:\ProgramData\Pure Networks
2015-02-05 07:05 - 2012-03-29 20:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 07:05 - 2011-07-15 11:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-02 17:12 - 2011-12-25 21:51 - 00000402 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2015-01-28 20:15 - 2007-12-23 18:20 - 00002034 ____H () C:\Users\monica\Documents\Default.rdp
2015-01-27 07:21 - 2014-12-20 22:59 - 00002000 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-27 07:21 - 2014-12-20 22:59 - 00001998 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-27 07:21 - 2014-12-20 22:59 - 00001988 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-27 07:21 - 2014-12-20 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-25 19:34 - 2011-07-29 22:54 - 00000000 ____D () C:\Program Files\Brother
2015-01-22 06:27 - 2011-08-13 22:10 - 00000000 ____D () C:\DFWin
2015-01-15 06:44 - 2011-08-20 20:06 - 00000000 ____D () C:\Users\monica\AppData\Local\TSVNCache
2015-01-15 03:27 - 2013-07-21 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:04 - 2011-07-15 09:08 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 23:50 - 2014-10-22 20:04 - 00000000 ____D () C:\Users\monica\AppData\Roaming\webex
2015-01-14 20:51 - 2014-06-12 21:26 - 00000000 ____D () C:\ProgramData\Cisco
2015-01-14 20:51 - 2011-07-15 13:53 - 00000000 ____D () C:\Program Files\Cisco
2015-01-14 20:51 - 2011-07-15 08:30 - 00000000 ____D () C:\Users\monica
2015-01-12 18:44 - 2014-07-18 05:59 - 00000000 ____D () C:\Users\monica\AppData\Roaming\TeamViewer
 
==================== Files in the root of some directories =======
 
2008-07-01 05:42 - 2011-04-20 20:12 - 0027430 _____ () C:\Users\monica\AppData\Roaming\nvModes.001
2011-07-20 08:02 - 2011-04-20 20:12 - 0027430 _____ () C:\Users\monica\AppData\Roaming\nvModes.dat
2012-08-27 19:26 - 2012-08-27 19:26 - 0000268 ___RH () C:\Users\monica\AppData\Roaming\Sounds
2012-08-27 19:28 - 2012-08-27 19:28 - 0000268 ___RH () C:\Users\monica\AppData\Roaming\Soundtrack
2012-08-27 19:26 - 2012-08-27 19:26 - 0000268 ___RH () C:\Users\monica\AppData\Roaming\Space Choir
2012-08-27 19:26 - 2012-08-27 19:26 - 0000268 ___RH () C:\Users\monica\AppData\Roaming\String Comparison
2011-07-27 23:50 - 2013-12-15 20:28 - 0001456 _____ () C:\Users\monica\AppData\Local\Adobe Save for Web 12.0 Prefs
2008-01-07 10:37 - 2011-01-26 16:06 - 0001356 _____ () C:\Users\monica\AppData\Local\d3d9caps.dat
2013-05-30 14:59 - 2013-10-07 03:49 - 0004608 _____ () C:\Users\monica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-05 07:27 - 2012-01-05 07:29 - 0012340 ___SH () C:\Users\monica\AppData\Local\ilp67ms33oh0hsftwqcu555405a6qoo402a23nocxh8
2011-12-26 15:11 - 2011-12-26 15:11 - 0000022 _____ () C:\Users\monica\AppData\Local\kodakpcd.ini
2012-01-05 07:27 - 2012-01-05 07:29 - 0012340 ___SH () C:\ProgramData\ilp67ms33oh0hsftwqcu555405a6qoo402a23nocxh8
2011-07-15 12:48 - 2015-02-11 16:32 - 0042206 _____ () C:\ProgramData\nvModes.001
2011-07-15 12:48 - 2015-02-11 11:40 - 0042206 _____ () C:\ProgramData\nvModes.dat
2012-08-27 19:26 - 2012-08-27 19:26 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2012-08-27 19:28 - 2012-08-27 19:28 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-08-27 19:26 - 2012-08-27 19:33 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-08-27 19:26 - 2012-08-27 19:26 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2012-08-27 19:26 - 2012-08-27 19:26 - 0000268 ___RH () C:\ProgramData\Specifications
2012-08-27 19:28 - 2012-08-27 19:28 - 0000268 ___RH () C:\ProgramData\Speech Enhancer
2012-08-27 19:26 - 2012-08-27 19:26 - 0000268 ___RH () C:\ProgramData\Sports
2012-12-12 22:16 - 2012-12-12 22:16 - 0001534 _____ () C:\ProgramData\ss.ini
2012-08-27 19:26 - 2012-08-27 19:26 - 0000012 ___RH () C:\ProgramData\SupportPrinters
2012-08-27 19:28 - 2012-08-27 19:28 - 0000012 ___RH () C:\ProgramData\Sync Services
2012-08-27 19:26 - 2012-08-27 19:26 - 0000012 ___RH () C:\ProgramData\Synth Leads
2012-08-27 19:26 - 2012-08-27 19:26 - 0000012 ___RH () C:\ProgramData\Vocal Transformer
 
Some content of TEMP:
====================
C:\Users\monica\AppData\Local\temp\20140612102556883jniverify.dll
C:\Users\monica\AppData\Local\temp\8.2.30.1-EasyShrx.Dll
C:\Users\monica\AppData\Local\temp\8.3.30.1-EasyShrx.Dll
C:\Users\monica\AppData\Local\temp\APNStub.exe
C:\Users\monica\AppData\Local\temp\contentDATs.exe
C:\Users\monica\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3ovcwz.dll
C:\Users\monica\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\monica\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\monica\AppData\Local\temp\jre-7u9-windows-i586-iftw.exe
C:\Users\monica\AppData\Local\temp\MotorolaDeviceManager_2.0304.exe
C:\Users\monica\AppData\Local\temp\MotorolaDeviceManager_2.0309.exe
C:\Users\monica\AppData\Local\temp\MotorolaDeviceManager_2.0403.exe
C:\Users\monica\AppData\Local\temp\MotorolaDeviceManager_2.0405.exe
C:\Users\monica\AppData\Local\temp\MotorolaDeviceManager_2.2.28.exe
C:\Users\monica\AppData\Local\temp\npp.6.7.4.Installer.exe
C:\Users\monica\AppData\Local\temp\ose00000.exe
C:\Users\monica\AppData\Local\temp\Quarantine.exe
C:\Users\monica\AppData\Local\temp\secuniasi8754157911156192610.dll
C:\Users\monica\AppData\Local\temp\SkypeSetup.exe
C:\Users\monica\AppData\Local\temp\sqlite3.dll
C:\Users\monica\AppData\Local\temp\swt-gdip-win32-3448.dll
C:\Users\monica\AppData\Local\temp\VistaLib32_1.dll
C:\Users\monica\AppData\Local\temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 22:33
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 PM

Posted 16 February 2015 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM\...\RunOnce: [Binkiland] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\monica\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\RunOnce: [Binkiland] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\monica\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1567756143-2189054842-697228090-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
Toolbar: HKU\S-1-5-21-1567756143-2189054842-697228090-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1567756143-2189054842-697228090-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
CHR HKU\S-1-5-21-1567756143-2189054842-697228090-1000\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
C:\Users\monica\AppData\Roaming\Binkiland

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please post the content of the additional.txt file that was created when you ran the Farbar tool.

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 PM

Posted 21 February 2015 - 09:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users