Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hjacked by Search.gboxapp.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 19th, 2012, 10:21 am

Hi,
I need you to run Systemlook again, as before delete the Systemlook.txt on your desktop first.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *gboxapp.com*
    
    :folderfind
    *gboxapp.com*
    
    :Regfind
    *gboxapp.com*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 19th, 2012, 11:06 am

Nothing..........

SystemLook 30.07.11 by jpshortstuff
Log created at 09:05 on 19/08/2012 by Erik The Red
Administrator - Elevation successful

========== filefind ==========

Searching for "*gboxapp.com*"
No files found.

========== folderfind ==========

Searching for "*gboxapp.com*"
No folders found.

========== Regfind ==========

Searching for "*gboxapp.com*"
No data found.

-= EOF
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 19th, 2012, 11:07 am

Strange to me since I can see this in regedit under find.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 19th, 2012, 11:56 am

Hi,
Strange to me since I can see this in regedit under find.

Can you tell me exactly what you can see in regedit?

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 19th, 2012, 12:18 pm

See attahcment which is a picture of what I see in reg edit when I did a search using edit->Find
You do not have the required permissions to view the files attached to this post.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 19th, 2012, 12:36 pm

Unfortunately i don't have Microsoft office installed so i can't view your attachment.
If you haven't done so already go ahead and run ComboFix.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 19th, 2012, 1:22 pm

I added the screenshot again.
You do not have the required permissions to view the files attached to this post.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 19th, 2012, 3:34 pm

combofix didn't work for me. It stoped at stage 50 and maybe hung up or something. I tried again with same result. No log.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 20th, 2012, 5:49 am

Hi,
Interesting, it's odd that SL is not detecting those entries.
Lets try again using a slightly different search.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Gadgetbox*
     *bProtector*
    
    :folderfind
    * bProtector*
    *Gadgetbox*
    
    :Regfind
    Search.boxapp.com
     bProtector
    Gadgetbox

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next.

Run OTL again and post the resulting log.
Right click on OTL.exe And select Run as administrator to run it.

Logs/Information to Post in your Next Reply

  • SystemLook.txt.
  • OTL log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 20th, 2012, 7:11 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 17:06 on 20/08/2012 by Erik The Red
Administrator - Elevation successful

========== filefind ==========

Searching for "*Gadgetbox*"
No files found.

Searching for "*bProtector*"
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data --a---- 79872 bytes [22:30 09/07/2012] [22:30 09/07/2012] 46367ED8945B2F18690C6D77D606DD32
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences --a---- 9131 bytes [22:21 29/06/2012] [22:21 29/06/2012] F559FF998D2DE58909F5C164E6222874
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-10.0.2.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] C1186FBB4D799336BA845AD805A9C213
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-11.0.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 25BC787BBF42174F6167CEA5534D5927
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-3.6.dll --a---- 302080 bytes [14:39 27/04/2012] [14:39 27/04/2012] 19ED4C550F1181E2D208F43C57A26281
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-3.6.xpt --a---- 120 bytes [14:38 27/04/2012] [14:38 27/04/2012] C67F876BD01CDBD00D9CF761302EA229
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-5.0.dll --a---- 301056 bytes [14:40 27/04/2012] [14:40 27/04/2012] 6C2469B80A2B9960B8BC605F878CF7B2
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-6.0.2.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 5EF6E418FD291A64714BC694450E9A37
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-7.0.1.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 02B5150321394F60EE607433C744C36A
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-8.0.1.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] B1A591CBCBCB53F3A4496B64AA27F310
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-9.0.1.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 673937FBD40837B7B523B16C80C45810
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\content\bprotector.js --a---- 286 bytes [15:20 19/04/2012] [15:20 19/04/2012] 595A5482092020830CFA096A5DF7C8C9

========== folderfind ==========

Searching for "* bProtector*"
No folders found.

Searching for "*Gadgetbox*"
No folders found.

========== Regfind ==========

Searching for "Search.boxapp.com"
No data found.

Searching for "bProtector"
[HKEY_CURRENT_USER\Software\bProtector]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_CURRENT_USER\Software\bProtector\2.1.419.7"
[HKEY_CURRENT_USER\Software\mozilla\Firefox\Extensions]
"{b64982b1-d112-42b5-b1e4-d3867c4533f8}"="C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
"DisplayName"="bProtector for Windows"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
"UninstallString"=""C:\ProgramData\bProtectorForWindows\2.1.419.7\component_442.decrpt" /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector]
"ImagePath"="C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector]
"DisplayName"="bProtector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector]
"ImagePath"="C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector]
"DisplayName"="bProtector"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector]
"ImagePath"="C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector]
"DisplayName"="bProtector"
[HKEY_USERS\.DEFAULT\Software\bProtector]
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector]
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_CURRENT_USER\Software\bProtector\2.1.419.7"
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\mozilla\Firefox\Extensions]
"{b64982b1-d112-42b5-b1e4-d3867c4533f8}"="C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension"
[HKEY_USERS\S-1-5-18\Software\bProtector]

Searching for "Gadgetbox"
[HKEY_CURRENT_USER\Software\bProtector\2.1.419.7]
"chrome search engines"="GadgetBox Google Conduit"
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector\2.1.419.7]
"chrome search engines"="GadgetBox Google Conduit"

-= EOF =-
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 20th, 2012, 7:12 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 17:06 on 20/08/2012 by Erik The Red
Administrator - Elevation successful

========== filefind ==========

Searching for "*Gadgetbox*"
No files found.

Searching for "*bProtector*"
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data --a---- 79872 bytes [22:30 09/07/2012] [22:30 09/07/2012] 46367ED8945B2F18690C6D77D606DD32
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences --a---- 9131 bytes [22:21 29/06/2012] [22:21 29/06/2012] F559FF998D2DE58909F5C164E6222874
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-10.0.2.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] C1186FBB4D799336BA845AD805A9C213
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-11.0.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 25BC787BBF42174F6167CEA5534D5927
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-3.6.dll --a---- 302080 bytes [14:39 27/04/2012] [14:39 27/04/2012] 19ED4C550F1181E2D208F43C57A26281
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-3.6.xpt --a---- 120 bytes [14:38 27/04/2012] [14:38 27/04/2012] C67F876BD01CDBD00D9CF761302EA229
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-5.0.dll --a---- 301056 bytes [14:40 27/04/2012] [14:40 27/04/2012] 6C2469B80A2B9960B8BC605F878CF7B2
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-6.0.2.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 5EF6E418FD291A64714BC694450E9A37
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-7.0.1.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 02B5150321394F60EE607433C744C36A
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-8.0.1.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] B1A591CBCBCB53F3A4496B64AA27F310
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\components\bprotector-9.0.1.dll --a---- 299520 bytes [14:40 27/04/2012] [14:40 27/04/2012] 673937FBD40837B7B523B16C80C45810
C:\_OTL\MovedFiles\08152012_171416\C_ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension\content\bprotector.js --a---- 286 bytes [15:20 19/04/2012] [15:20 19/04/2012] 595A5482092020830CFA096A5DF7C8C9

========== folderfind ==========

Searching for "* bProtector*"
No folders found.

Searching for "*Gadgetbox*"
No folders found.

========== Regfind ==========

Searching for "Search.boxapp.com"
No data found.

Searching for "bProtector"
[HKEY_CURRENT_USER\Software\bProtector]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_CURRENT_USER\Software\bProtector\2.1.419.7"
[HKEY_CURRENT_USER\Software\mozilla\Firefox\Extensions]
"{b64982b1-d112-42b5-b1e4-d3867c4533f8}"="C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
"DisplayName"="bProtector for Windows"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
"UninstallString"=""C:\ProgramData\bProtectorForWindows\2.1.419.7\component_442.decrpt" /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector]
"ImagePath"="C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector]
"DisplayName"="bProtector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector]
"ImagePath"="C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector]
"DisplayName"="bProtector"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector]
"ImagePath"="C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector]
"DisplayName"="bProtector"
[HKEY_USERS\.DEFAULT\Software\bProtector]
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector]
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_CURRENT_USER\Software\bProtector\2.1.419.7"
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\mozilla\Firefox\Extensions]
"{b64982b1-d112-42b5-b1e4-d3867c4533f8}"="C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension"
[HKEY_USERS\S-1-5-18\Software\bProtector]

Searching for "Gadgetbox"
[HKEY_CURRENT_USER\Software\bProtector\2.1.419.7]
"chrome search engines"="GadgetBox Google Conduit"
[HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector\2.1.419.7]
"chrome search engines"="GadgetBox Google Conduit"

-= EOF =-
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 20th, 2012, 7:18 pm

OTL logfile created on: 8/20/2012 5:13:47 PM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Erik The Red\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 59.46% Memory free
7.50 Gb Paging File | 5.74 Gb Available in Paging File | 76.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 489.40 Gb Free Space | 84.03% Space Free | Partition Type: NTFS

Computer Name: ERIKTHERED-PC | User Name: Erik The Red | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
PRC - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe
PRC - [2012/06/13 19:52:05 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe
PRC - [2012/05/16 15:05:42 | 000,100,792 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
PRC - [2012/05/16 15:05:24 | 008,192,440 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
PRC - [2012/05/16 15:05:16 | 009,063,352 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
PRC - [2012/05/16 14:36:14 | 000,046,080 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
PRC - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/28 12:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/03/07 14:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/11/01 22:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/02/05 13:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/12/24 19:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 19:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 16:22:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:22:51 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/29 16:21:38 | 002,004,472 | ---- | M] () -- c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll
MOD - [2012/06/13 19:52:05 | 011,742,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtWebKit4.dll
MOD - [2012/06/13 19:52:05 | 008,227,560 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtGui4.dll
MOD - [2012/06/13 19:52:05 | 002,554,088 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXmlPatterns4.dll
MOD - [2012/06/13 19:52:05 | 002,430,184 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtDeclarative4.dll
MOD - [2012/06/13 19:52:05 | 002,297,576 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtCore4.dll
MOD - [2012/06/13 19:52:05 | 002,267,368 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlccore.dll
MOD - [2012/06/13 19:52:05 | 001,298,152 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtScript4.dll
MOD - [2012/06/13 19:52:05 | 000,979,176 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtNetwork4.dll
MOD - [2012/06/13 19:52:05 | 000,343,784 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtXml4.dll
MOD - [2012/06/13 19:52:05 | 000,224,488 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qmng4.dll
MOD - [2012/06/13 19:52:05 | 000,200,424 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qjpeg4.dll
MOD - [2012/06/13 19:52:05 | 000,195,304 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\QtSql4.dll
MOD - [2012/06/13 19:52:05 | 000,105,192 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\libvlc.dll
MOD - [2012/06/13 19:52:05 | 000,030,440 | ---- | M] () -- C:\Users\Erik The Red\AppData\Local\MediaGet2\imageformats\qgif4.dll
MOD - [2012/06/13 19:03:16 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
MOD - [2012/06/13 19:03:02 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
MOD - [2012/06/13 19:02:51 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012/06/13 19:02:50 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
MOD - [2012/06/13 19:02:42 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012/05/10 16:52:40 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/05/10 16:43:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 16:41:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/10 16:41:16 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/10 16:41:11 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/25 20:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 20:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/08 15:13:58 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/04/19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2012/08/15 06:53:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 16:22:51 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/29 16:21:38 | 001,677,304 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.1.419.7\bProtect.exe -- (bProtector)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/07 01:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 12:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 16:36:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/11 22:14:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/04/29 23:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2007/06/19 02:21:54 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w4521v292
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MindDabble_4p.com/Plugin: C:\Program Files (x86)\MindDabble_4p\bar\1.bin\NP4pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik The Red\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4pffxtbr@MindDabble_4p.com: C:\Program Files (x86)\MindDabble_4p\bar\1.bin [2012/08/18 07:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/05/16 15:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:22:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.419.7\FirefoxExtension

[2012/05/16 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT28019 ... hSource=48
CHR - Extension: No name found = C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\

O1 HOSTS File: ([2012/08/17 14:51:18 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MediaGet2] C:\Users\Erik The Red\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKLM..\RunOnce: [TheBflixUpdater] C:\ProgramData\TheBflixUpdater\updater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 11:36:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/19 11:25:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/19 10:26:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/19 10:26:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/19 10:26:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/19 10:26:50 | 000,000,000 | ---D | C] -- C:\searchplugins
[2012/08/19 10:26:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/19 10:26:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/19 10:19:59 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\Erik The Red\Desktop\ComboFix.exe
[2012/08/19 10:15:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\Documents\Snagit
[2012/08/19 10:15:01 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\assembly
[2012/08/19 10:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2012/08/19 10:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012/08/19 10:14:29 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\TechSmith
[2012/08/19 10:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2012/08/19 10:05:39 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\Desktop\searchplugins
[2012/08/19 07:17:46 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Erik The Red\Desktop\aswMBR.exe
[2012/08/16 17:12:38 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/15 17:29:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 17:29:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 17:29:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 17:29:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 17:29:36 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 17:29:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 17:29:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 17:29:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 17:29:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 17:29:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 17:29:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 17:29:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 17:29:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 17:26:38 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 17:14:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/15 06:53:42 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/14 18:02:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/14 18:02:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/14 18:02:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/14 18:02:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/14 18:02:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/14 18:02:29 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/14 18:02:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/14 17:13:57 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Malwarebytes
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 17:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/14 17:03:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/14 17:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\SpeedyPC Software
[2012/08/11 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\DriverCure
[2012/08/11 19:56:06 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/08/11 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/11 19:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/08/11 19:19:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/11 19:08:51 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Local\PackageAware
[2012/08/09 11:28:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/08/09 11:28:02 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/08/09 11:28:02 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/09 11:28:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/08/09 11:28:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/09 11:28:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/08/09 11:28:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/08/09 11:28:02 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/08/09 11:28:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/08/09 11:28:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/09 11:28:01 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/08/09 11:28:01 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/08/09 11:28:01 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/09 11:28:01 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/09 11:28:01 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/08/09 11:28:01 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/08/09 11:28:01 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/09 11:28:01 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/08/09 11:28:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/09 11:28:01 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/08/09 11:28:01 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/08/09 11:28:01 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/08/09 11:28:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/08/09 11:28:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/08/09 11:28:01 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/08/09 11:28:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/08/09 11:28:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/08/09 11:28:01 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/08/09 11:28:01 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/08/09 11:28:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/08/09 11:28:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/08/09 11:28:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/09 11:28:01 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/09 11:28:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/08/09 11:28:01 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/09 11:28:01 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/08/09 11:28:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/09 11:28:01 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/08/09 11:28:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/08/09 11:28:01 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/08/09 11:28:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/08/09 11:28:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/09 11:28:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/09 11:28:01 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/08/09 11:28:01 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/08/09 11:28:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/08/09 11:28:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/09 11:28:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/09 11:28:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/08/09 11:28:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/08/09 11:28:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/08/09 11:28:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/08/09 11:28:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/08/09 11:28:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/09 11:28:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/09 11:28:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/09 11:28:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/09 11:28:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/08/09 11:28:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/07 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Alawar Entertainment
[2012/08/06 19:49:41 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Sanna
[2012/08/06 19:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\The Legend of Sanna - Rise of a Great Colony
[2012/08/04 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Dereza
[2012/07/30 17:41:33 | 000,000,000 | ---D | C] -- C:\Users\Erik The Red\AppData\Roaming\Boolat Games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/20 17:11:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 17:11:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/20 17:04:38 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/20 17:04:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/20 17:04:19 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job
[2012/08/20 17:04:18 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job
[2012/08/20 17:04:06 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/20 17:04:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/20 17:04:00 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 16:47:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/19 16:47:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 11:21:02 | 000,125,403 | ---- | M] () -- C:\Users\Erik The Red\Desktop\screenshot.png
[2012/08/19 10:19:59 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\Erik The Red\Desktop\ComboFix.exe
[2012/08/19 10:14:37 | 000,001,154 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
[2012/08/19 10:13:20 | 066,398,616 | ---- | M] () -- C:\Users\Erik The Red\Desktop\snagit.exe
[2012/08/19 10:06:26 | 000,006,008 | ---- | M] () -- C:\Users\Erik The Red\Documents\Fixit50388.reg
[2012/08/19 07:33:38 | 000,000,512 | ---- | M] () -- C:\Users\Erik The Red\Desktop\MBR.dat
[2012/08/19 07:18:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Erik The Red\Desktop\aswMBR.exe
[2012/08/17 18:08:53 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/17 14:51:18 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/16 17:12:38 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Erik The Red\Desktop\tdsskiller.exe
[2012/08/15 17:40:14 | 000,165,376 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/15 17:34:58 | 000,429,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 06:53:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 06:53:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 06:53:42 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/08/14 17:14:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik The Red\Desktop\OTL.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/13 21:29:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/08/12 10:38:44 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/12 10:38:44 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | M] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/09 11:28:02 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/08/09 11:28:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/08/09 11:28:02 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/08/09 11:28:02 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/08/09 11:28:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/08/09 11:28:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/08/09 11:28:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/08/09 11:28:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/08/09 11:28:02 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/08/09 11:28:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/08/09 11:28:02 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/08/09 11:28:01 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/08/09 11:28:01 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/08/09 11:28:01 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/09 11:28:01 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/09 11:28:01 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/08/09 11:28:01 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/08/09 11:28:01 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/08/09 11:28:01 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/08/09 11:28:01 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/08/09 11:28:01 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/08/09 11:28:01 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/08/09 11:28:01 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/08/09 11:28:01 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/08/09 11:28:01 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/08/09 11:28:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/08/09 11:28:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/08/09 11:28:01 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/08/09 11:28:01 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/08/09 11:28:01 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/08/09 11:28:01 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/08/09 11:28:01 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/08/09 11:28:01 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/08/09 11:28:01 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/08/09 11:28:01 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/08/09 11:28:01 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/08/09 11:28:01 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/08/09 11:28:01 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/08/09 11:28:01 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/08/09 11:28:01 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/08/09 11:28:01 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/08/09 11:28:01 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/08/09 11:28:01 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/08/09 11:28:01 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/08/09 11:28:01 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/08/09 11:28:01 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/08/09 11:28:01 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/08/09 11:28:01 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/09 11:28:01 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/08/09 11:28:01 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/08/09 11:28:01 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/08/09 11:28:01 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/08/09 11:28:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/08/09 11:28:01 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/08/09 11:28:01 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/08/09 11:28:01 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/08/09 11:28:01 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/08/09 11:28:01 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/08/09 11:28:01 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/08/07 15:38:22 | 000,002,622 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/07/29 10:42:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 10:42:05 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 10:42:05 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 11:21:02 | 000,125,403 | ---- | C] () -- C:\Users\Erik The Red\Desktop\screenshot.png
[2012/08/19 10:26:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/19 10:26:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/19 10:26:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/19 10:26:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/19 10:26:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/19 10:14:37 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
[2012/08/19 10:13:13 | 066,398,616 | ---- | C] () -- C:\Users\Erik The Red\Desktop\snagit.exe
[2012/08/19 10:06:21 | 000,006,008 | ---- | C] () -- C:\Users\Erik The Red\Documents\Fixit50388.reg
[2012/08/19 07:33:38 | 000,000,512 | ---- | C] () -- C:\Users\Erik The Red\Desktop\MBR.dat
[2012/08/15 17:40:14 | 000,165,376 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SystemLook_x64.exe
[2012/08/14 17:03:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 19:56:12 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/08/11 19:56:06 | 000,001,203 | ---- | C] () -- C:\Users\Erik The Red\Desktop\SpeedyPC Pro.lnk
[2012/08/11 19:56:05 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/08/11 19:56:05 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/08/11 19:56:04 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/11 19:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/11 19:09:01 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\iMeshNAG.job
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/09 11:28:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/29 16:22:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/16 17:38:01 | 000,000,089 | ---- | C] () -- C:\Windows\ka.ini
[2011/07/11 20:10:22 | 000,001,121 | ---- | C] () -- C:\Users\Erik The Red\Documents - Shortcut.lnk
[2011/02/09 20:59:56 | 000,000,060 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/27 20:41:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/05 07:53:08 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/09/05 04:59:03 | 000,000,194 | ---- | C] () -- C:\Windows\QUICKEN.INI

< End of report >
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Cypher » August 21st, 2012, 11:04 am

Hi,
Ok it looks like you have picked up a fairly new piece of malware, one that the usual scans are not detecting yet.
There are a few things to do here so just take your time, and follow the instructions carefully.


Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

click start, type cmd into the Search box, right-click cmd.exe and select 'Run as Administrator')
Next, type or copy/paste the following command into the command prompt window.
sc config bProtector start= disabled

Now hit Enter.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    bProtect.exe
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=114022&ba ... 262d2f231c
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21419~1.7\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll ()
    
    :reg
    [-HKEY_CURRENT_USER\Software\bProtector]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
    "LastKey"=-
    [HKEY_CURRENT_USER\Software\mozilla\Firefox\Extensions]
    "{b64982b1-d112-42b5-b1e4-d3867c4533f8}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector]
    [-HKEY_USERS\.DEFAULT\Software\bProtector]
    [-HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector]
    [HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
    "LastKey"=-
    [HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\mozilla\Firefox\Extensions]
    "{b64982b1-d112-42b5-b1e4-d3867c4533f8}"=-
    [-HKEY_USERS\S-1-5-18\Software\bProtector]
    [-HKEY_CURRENT_USER\Software\bProtector\2.1.419.7]
    [-HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector\2.1.419.7]
    
    :files
    C:\ProgramData\bProtectorForWindows
    C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7VB1E4JL\remove-babylon-search-engine-browser[1].htm
    C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data 
    C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

click start, type cmd into the Search box, right-click cmd.exe and select 'Run as Administrator')
Next, type or copy/paste the following command into the command prompt window.
sc delete bprotector

Now hit Enter.

Next

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :service
    bProtector
    
    :filefind
     *bProtector*
    
    :folderfind
    *bProtector*
    
    :Regfind
     bProtector

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next.

Run OTL again and post the resulting log.
Right click on OTL.exe And select Run as administrator to run it.

Logs/Information to Post in your Next Reply

  • SystemLook.txt.
  • OTL log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 21st, 2012, 9:42 pm

All processes killed
========== PROCESSES ==========
Process bProtect.exe killed successfully!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\bprote~1\21419~1.7\protec~1.dll deleted successfully.
File move failed. c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\bProtector\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\\LastKey deleted successfully.
Registry value HKEY_CURRENT_USER\Software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bProtector\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bProtector\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bProtector\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\bProtector\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector\ not found.
Registry value HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\\LastKey not found.
Registry value HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\bProtector\ not found.
Registry key HKEY_CURRENT_USER\Software\bProtector\2.1.419.7\ not found.
Registry key HKEY_USERS\S-1-5-21-3381887738-3530347792-3204921399-1001\Software\bProtector\2.1.419.7\ not found.
========== FILES ==========
C:\ProgramData\bProtectorForWindows\2.1.419.7\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.1.419.7 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7VB1E4JL\remove-babylon-search-engine-browser[1].htm moved successfully.
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data moved successfully.
C:\Users\Erik The Red\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Erik The Red\Desktop\cmd.bat deleted successfully.
C:\Users\Erik The Red\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Erik The Red
->Temp folder emptied: 1305136 bytes
->Temporary Internet Files folder emptied: 231918200 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1451 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3662810 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38731 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 125403 bytes

Total Files Cleaned = 226.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08212012_193754

Files\Folders moved on Reboot...
File move failed. c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.1.419.7 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.1.419.7 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
C:\Users\Erik The Red\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\~DF0151D0B0216781B4.TMP not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Temp\~DF7E4BF40A361ED0E0.TMP not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J5CJSH5Y\blue-jays-chad-jenkins-making-the-most-of-chance-in-bullpen[1].htm not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J5CJSH5Y\like[1].htm not found!
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J5CJSH5Y\like[2].htm not found!
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F1LZDK24\iframe[1].htm moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F1LZDK24\postsanlig-webfont[1].eot moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F1LZDK24\postserif-light-webfont[1].eot moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3OLPG77\IcoMoon[1].eot moved successfully.
File\Folder C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3OLPG77\like[1].htm not found!
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...
[2012/06/29 16:21:38 | 002,004,472 | ---- | M] () c:\ProgramData\bProtectorForWindows\2.1.419.7\protector.dll : Unable to obtain MD5
File C:\ProgramData\bProtectorForWindows\2.1.419.7 not found!
File C:\ProgramData\bProtectorForWindows not found!
File C:\Users\Erik The Red\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Erik The Red\AppData\Local\Temp\~DF0151D0B0216781B4.TMP not found!
File C:\Users\Erik The Red\AppData\Local\Temp\~DF7E4BF40A361ED0E0.TMP not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J5CJSH5Y\blue-jays-chad-jenkins-making-the-most-of-chance-in-bullpen[1].htm not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J5CJSH5Y\like[1].htm not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J5CJSH5Y\like[2].htm not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F1LZDK24\iframe[1].htm not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F1LZDK24\postsanlig-webfont[1].eot not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F1LZDK24\postserif-light-webfont[1].eot not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3OLPG77\IcoMoon[1].eot not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3OLPG77\like[1].htm not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Erik The Red\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm

Re: Hjacked by Search.gboxapp.com

Unread postby Erikthered » August 21st, 2012, 9:45 pm

When typing: sc delete bprotector it says it failed. The specified service does not exist as an installed service

I'm wondering if I am in the wrong directory. For some reason it is a different directory now when I type cmd and run as administrator.

It's under windows\system32
Erikthered
Regular Member
 
Posts: 72
Joined: August 11th, 2012, 10:17 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware