Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cannot get rid of gboxapp in my browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 4th, 2012, 1:37 am

Hello gorf,

Very good results :) but we are not finished yet...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Files
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bar.utorrent.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage-journal
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage-journal
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.cz_0.localstorage
    C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PJGYPJ5I\bar.utorrent[1].xml
    C:\Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup (1).lnk
    C:\Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup.lnk
    C:\Users\Libecek\Downloads\utorrent-setup.zip
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Battlefield 3
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal
    C:\Users\Public\Desktop\Battlefield 3.lnk
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal
    C:\Users\Libecek\Downloads\battlelog-web-plugins-1.132.0-retail-prod.exe
    C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2oa.exe
    C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2rft.exe
    C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2oa.exe.gz
    C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2rft.exe.gz
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal
    C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_CZ.xml
    C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FGSE5H6Z\youtube.conduitapps[1].xml
    C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NS24HMH5\facebook.conduitapps[1].xml
    C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\ConduitAbstractionLayer.js
    C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo-OLD.png
    C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo.png
    C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin\conduitToolBarStyle.css
    C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib\log4conduit.jsm
    C:\Windows\System32\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}
    C:\Windows\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}.job
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage-journal
    C:\Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_12d5b6a3
    C:\Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_14ca4537
    C:\Program Files\Common Files\EAInstaller\Battlefield 3
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
    C:\ProgramData\Origin\LocalContent\Battlefield 3
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Battlefield 3
    C:\Users\All Users\Origin\LocalContent\Battlefield 3
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye
    C:\Users\Libecek\AppData\Local\ArmA 2 OA\BattlEye
    C:\Program Files\Conduit
    C:\Users\Libecek\AppData\Local\Conduit
    C:\Users\Libecek\AppData\LocalLow\Conduit
    C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget
    C:\Users\Libecek\AppData\LocalLow\Incredibar.com
    C:\Users\Libecek\AppData\LocalLow\Incredibar.com\incredibar
    C:\Users\Libecek\AppData\Local\PunkBuster
    C:\Windows\System32\LogFiles\PunkBuster
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
    [HKEY_CURRENT_USER\Software\WinRAR\ArcHistory]
    "1"=-
    [-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
    [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
    @=-
    [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]
    "AppPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\WinRAR\ArcHistory]
    "1"=-
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\DefaultIcon]
    @=-
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\shell\open\command]
    @=-
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\DefaultIcon]
    @=-
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\shell\open\command]
    @=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}]
    "ConfigApplicationPath"=-
    "ConfigGDFBinaryPath"=-
    "AppExePath"=-
    "Title"=-
    "Description"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}]
    "DisplayName"=-
    "DisplayIcon"=-
    "UninstallString"=-
    "InstallLocation"=-
    "HelpLink"=-
    "Readme"=-
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\ToolboxBitmap32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D65F2511-B60B-4AA3-8563-E8DFD1303132}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33616ACD-BF93-4F0E-97EB-A2A8D3018400}\1.0\0\win32]
    @=-
    [-HKEY_CURRENT_USER\Software\Conduit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Conduit]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\0\win32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\HELPDIR]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}]
    "Path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}]
    [-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\Instl]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\Instl]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file in your next reply.

Step 4.
SystemLook
You should still have SystemLook.exe on your desktop.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:

    Code: Select all
    :filefind
    *uTorrent*
    *Battlefield*
    *Battlelog*
    *BattlEye*
    *Conduit*
    *GadgetBox*
    *gboxapp*
    
    :folderfind
    *uTorrent*
    *Battlefield*
    *BattlEye*
    *Conduit*
    *GadgetBox*
    *Incredibar*
    *PunkBuster*
    
    :Regfind
    uTorrent
    Battlefield
    Battlelog
    Conduit
    GadgetBox
    Incredibar
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
  4. Contents of the most recent OTL.txt file after fresh OTL scan
  5. Contents of the SystemLook.txt log file
  6. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 4th, 2012, 2:46 pm

Unfortunatelly I cannot start esset. http://www.eset.com/us/online-scanner/features
We are sorry, the page you requested cannot be found.

The page open, but just a general page of esset. Please let me know what should I do now. I did not continued in my work.

OTL report bellow:

All processes killed
========== FILES ==========
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bar.utorrent.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage-journal moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage-journal moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.cz_0.localstorage moved successfully.
C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PJGYPJ5I\bar.utorrent[1].xml moved successfully.
C:\Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup (1).lnk moved successfully.
C:\Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup.lnk moved successfully.
C:\Users\Libecek\Downloads\utorrent-setup.zip moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Battlefield 3 not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk not found.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal moved successfully.
C:\Users\Public\Desktop\Battlefield 3.lnk moved successfully.
File\Folder C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage not found.
File\Folder C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal not found.
C:\Users\Libecek\Downloads\battlelog-web-plugins-1.132.0-retail-prod.exe moved successfully.
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2oa.exe moved successfully.
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2rft.exe moved successfully.
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2oa.exe.gz moved successfully.
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2rft.exe.gz moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_CZ.xml moved successfully.
C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FGSE5H6Z\youtube.conduitapps[1].xml moved successfully.
C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NS24HMH5\facebook.conduitapps[1].xml moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\ConduitAbstractionLayer.js moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo-OLD.png moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo.png moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin\conduitToolBarStyle.css moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib\log4conduit.jsm moved successfully.
C:\Windows\System32\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1} moved successfully.
C:\Windows\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}.job moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage-journal moved successfully.
C:\Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_12d5b6a3 folder moved successfully.
C:\Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_14ca4537 folder moved successfully.
C:\Program Files\Common Files\EAInstaller\Battlefield 3 folder moved successfully.
File\Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 not found.
C:\ProgramData\Origin\LocalContent\Battlefield 3 folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Battlefield 3 not found.
File\Folder C:\Users\All Users\Origin\LocalContent\Battlefield 3 not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye not found.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye not found.
C:\Users\Libecek\AppData\Local\ArmA 2 OA\BattlEye folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Libecek\AppData\Local\Conduit folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Conduit folder moved successfully.
C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget\images folder moved successfully.
C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Incredibar.com\incredibar folder moved successfully.
C:\Users\Libecek\AppData\LocalLow\Incredibar.com folder moved successfully.
File\Folder C:\Users\Libecek\AppData\LocalLow\Incredibar.com\incredibar not found.
C:\Users\Libecek\AppData\Local\PunkBuster\BF3\pb\scrnshot folder moved successfully.
C:\Users\Libecek\AppData\Local\PunkBuster\BF3\pb\htm folder moved successfully.
C:\Users\Libecek\AppData\Local\PunkBuster\BF3\pb\dll folder moved successfully.
C:\Users\Libecek\AppData\Local\PunkBuster\BF3\pb folder moved successfully.
C:\Users\Libecek\AppData\Local\PunkBuster\BF3 folder moved successfully.
C:\Users\Libecek\AppData\Local\PunkBuster folder moved successfully.
C:\Windows\System32\LogFiles\PunkBuster folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\WinRAR\ArcHistory\\1 deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon\\@ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client\\AppPath deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com\ not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\WinRAR\ArcHistory\\1 not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\Applications\uTorrent.exe\ not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\DefaultIcon\\@ not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\shell\open\command\\@ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\Applications\uTorrent.exe\ not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\DefaultIcon\\@ not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\shell\open\command\\@ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}\\ConfigApplicationPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}\\ConfigGDFBinaryPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}\\AppExePath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}\\Title deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}\\DisplayName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}\\DisplayIcon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}\\UninstallString deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}\\InstallLocation deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}\\HelpLink deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}\\Readme deleted successfully.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\InprocServer32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\ToolboxBitmap32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D65F2511-B60B-4AA3-8563-E8DFD1303132}\InprocServer32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33616ACD-BF93-4F0E-97EB-A2A8D3018400}\1.0\0\win32\\@ not found.
Registry key HKEY_CURRENT_USER\Software\Conduit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Conduit\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\0\win32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\HELPDIR\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}\\Path scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\Instl\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\Instl\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Libecek
->Temp folder emptied: 543155 bytes
->Temporary Internet Files folder emptied: 193871 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 337235801 bytes
->Flash cache emptied: 602 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17414 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 322,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11042012_194010

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}\\Path scheduled to be deleted on reboot.
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 4th, 2012, 10:15 pm

Hello gorf,
Unfortunatelly I cannot start esset. http://www.eset.com/us/online-scanner/features
We are sorry, the page you requested cannot be found.

The page open, but just a general page of esset. Please let me know what should I do now. I did not continued in my work.
The link worked for me but I guess you problem related to geographic - one part of the link contains "/us" which means United State, but you are in the Czech Republic probably.

Please try this variant:

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner, then click on Online scanner in the middle of Quick Links list at the right side of opened home page of ESET.
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

If it will not work properly again, please don't worry and skip the ESET step. But I need to receive the rest in any case - the results from the SystemLook and from fresh OTL scan.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 7th, 2012, 2:07 pm

I'm sorry for quite a long time. I was out of home on the business trip. I will do complete scan today and report tomorrow.

Thank you for your understanding.
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 7th, 2012, 2:11 pm

Hello gorf,
I'm sorry for quite a long time. I was out of home on the business trip. I will do complete scan today and report tomorrow.
You are welcome! :D Thank you for notification - I will wait and respond...

pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 8th, 2012, 12:53 pm

ESET scan results:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9a661b08bc0ec34998f1593b26ac3c6e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-08 12:50:04
# local_time=2012-11-08 01:50:04 )
# country="Czech Republic"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 714860 103963107 0 0
# compatibility_mode=8192 67108863 100 0 202004 202004 0 0
# scanned=119984
# found=5
# cleaned=0
# scan_time=3887
C:\ProgramData\TheBflix\uninstall.exe Win32/Adware.MultiPlug.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\TheBflix\uninstall.exe Win32/Adware.MultiPlug.A application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox\gadgetBoxTB.dll Win32/Toolbar.GadgetBox application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox\gadgetBoxTB_new.dll Win32/Toolbar.GadgetBox application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox\searchInstaller.exe Win32/Toolbar.GadgetBox application (unable to clean) 00000000000000000000000000000000 I

OTL scan results
OTL logfile created on: 8.11.2012 17:55:26 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Libecek\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 71,23% Memory free
7,00 Gb Paging File | 5,82 Gb Available in Paging File | 83,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 77,67 Gb Free Space | 33,35% Space Free | Partition Type: NTFS
Drive D: | 1,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LIBECEK-PC | User Name: Libecek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.29 01:29:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Libecek\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.07.28 03:10:10 | 000,469,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.07.28 03:09:30 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.10.07 10:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 20:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.06 11:07:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.06.14 15:53:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\50933f0a7ece72e717ba7d17559df5ef\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 13:07:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2b07e726c1c19bb8440d82b200fb603b\System.Web.ni.dll
MOD - [2012.06.14 13:07:08 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 13:06:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\697251a50a103e3d047178c2ab710593\System.Windows.Forms.ni.dll
MOD - [2012.06.14 13:06:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 13:06:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.10 18:40:46 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.10 18:33:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 18:32:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 18:32:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012.05.10 18:32:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 18:32:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 18:32:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 18:32:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 18:32:07 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.02.17 19:55:36 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.10.07 10:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010.11.13 03:37:08 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 03:37:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:53:44 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_cs_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.11.05 02:53:33 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll


========== Services (SafeList) ==========

SRV - [2012.10.25 07:34:44 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.08 20:15:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.11 19:52:55 | 000,316,888 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01)
SRV - [2012.07.28 03:09:30 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.04 19:02:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.09.27 20:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012.11.08 02:13:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73CF112A-A546-4189-A9EB-1E1DC9AD4EC2}\MpKsl90932452.sys -- (MpKsl90932452)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.08.11 19:52:56 | 002,627,760 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01)
DRV - [2012.07.28 05:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.07.28 05:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.07.28 02:14:22 | 000,296,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.09.02 07:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 07:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 07:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.04.09 02:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010.03.04 18:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.09.30 02:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.05.13 18:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007.12.17 16:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes,DefaultScope = {F32AE9E6-5369-4DF2-A66F-C0950D694C41}
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes\{F32AE9E6-5369-4DF2-A66F-C0950D694C41}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Libecek\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Libecek\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012.10.28 20:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions
[2012.10.28 20:22:01 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012.04.04 12:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Libecek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECFB1BEF-77A9-4F72-B5C3-C37E925F5088}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5eb70a0c-e31c-11e1-94ee-001e8c7e6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{5eb70a0c-e31c-11e1-94ee-001e8c7e6c1e}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O33 - MountPoints2\{91ec2317-7b12-11e1-aebc-001e8c7e6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{91ec2317-7b12-11e1-aebc-001e8c7e6c1e}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.05 17:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.11.04 22:41:01 | 000,000,000 | ---D | C] -- C:\music
[2012.10.31 23:00:01 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Origin
[2012.10.30 19:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.10.29 01:54:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.29 01:51:46 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Libecek\Desktop\tdsskiller.exe
[2012.10.29 01:37:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.29 01:29:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Libecek\Desktop\OTL.exe
[2012.10.29 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Roaming\Malwarebytes
[2012.10.29 01:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 01:15:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.29 01:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.29 01:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.28 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\CRE
[2012.10.28 20:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.10.13 18:38:14 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Adobe
[2012.10.13 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.13 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.13 18:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.11 12:20:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.11 12:20:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.11 12:20:07 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.11 12:20:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 12:20:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 12:19:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.11 12:19:59 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012.11.08 17:45:00 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618347355-2767662451-920019664-1001UA.job
[2012.11.08 17:15:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.07 23:47:28 | 000,002,495 | ---- | M] () -- C:\Users\Libecek\Desktop\Google Chrome.lnk
[2012.11.07 20:45:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618347355-2767662451-920019664-1001Core.job
[2012.11.07 18:48:01 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 18:48:01 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 18:40:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.07 18:40:36 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.06 08:39:16 | 000,631,054 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.11.06 08:39:16 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.06 08:39:16 | 000,121,708 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.11.06 08:39:16 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.03 12:57:26 | 000,139,264 | ---- | M] () -- C:\Users\Libecek\Desktop\SystemLook.exe
[2012.11.01 22:46:40 | 000,000,000 | ---- | M] () -- C:\Users\Libecek\defogger_reenable
[2012.10.30 19:08:27 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.29 01:51:51 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Libecek\Desktop\tdsskiller.exe
[2012.10.29 01:29:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Libecek\Desktop\OTL.exe
[2012.10.29 01:15:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.13 18:37:23 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.12 16:56:36 | 000,000,216 | ---- | M] () -- C:\Users\Libecek\Desktop\XCOM Enemy Unknown.url

========== Files Created - No Company Name ==========

[2012.11.03 12:57:26 | 000,139,264 | ---- | C] () -- C:\Users\Libecek\Desktop\SystemLook.exe
[2012.11.01 22:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Libecek\defogger_reenable
[2012.10.30 19:08:27 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.10.30 19:08:22 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.10.29 01:15:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.29 00:57:40 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.10.13 18:38:36 | 001,477,337 | ---- | C] () -- C:\Users\Libecek\Desktop\XCOM_EU_PC_MANUAL_ENG.pdf
[2012.10.13 18:37:23 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.10.13 18:37:23 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.12 16:56:36 | 000,000,216 | ---- | C] () -- C:\Users\Libecek\Desktop\XCOM Enemy Unknown.url
[2012.09.23 21:37:59 | 000,138,056 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\PnkBstrK.sys
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.15 14:38:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.04.15 14:38:51 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.04.15 14:38:49 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012.04.15 14:38:49 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2012.04.15 14:38:37 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2012.04.12 20:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.03.29 23:22:03 | 000,000,600 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\winscp.rnd
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.03.08 18:24:59 | 000,087,254 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\icarus-dxdiag.xml
[2012.03.05 09:20:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.04 17:14:09 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.03.04 16:16:03 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.03.04 16:06:37 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012.03.04 15:23:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.15 03:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 03:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 8th, 2012, 1:11 pm

The last requested log

SystemLook 30.07.11 by jpshortstuff
Log created at 18:04 on 08/11/2012 by Libecek
Administrator - Elevation successful

========== filefind ==========

Searching for "*uTorrent*"
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\utorrentcontrol2.jar --a---- 713528 bytes [19:15 31/03/2012] [10:46 07/03/2012] 99BD2EF4098E97629E7B743334391221
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\uTorrent\utorrent.lng --a---- 56132 bytes [13:12 20/10/2012] [13:12 20/10/2012] 384A64A417AB98EC284C3A365A3DFEF5
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bar.utorrent.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:15 31/03/2012] CC5921EF33CF5FC94F8B7860131E41F7
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage --a---- 3072 bytes [19:22 28/10/2012] [19:23 28/10/2012] EF466D74CF7C29AEBAB324FE96C83B96
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:23 28/10/2012] 35FF8E43580DAFADE1909BE70EAD7A7D
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage --a---- 3072 bytes [19:11 28/10/2012] [19:11 28/10/2012] 031F3543DC76667732C97BD764C69D76
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage-journal --a---- 3608 bytes [19:11 28/10/2012] [19:11 28/10/2012] 736CE6578D15D039A03DD58CDB10F82B
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:22 28/10/2012] 66B0A5A8CAEF4D9807E4A23189E76462
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:22 28/10/2012] F8685EDF727D74CA02145F1F7BF943A9
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.cz_0.localstorage --a---- 3072 bytes [19:17 31/03/2012] [19:17 31/03/2012] 690B7AC843B8DF40AD6EF813498F8AF9
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PJGYPJ5I\bar.utorrent[1].xml --a---- 84 bytes [08:42 01/04/2012] [08:43 01/04/2012] F048F21F94DE74F8C0FB0290EAA91A7E
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup (1).lnk --a---- 622 bytes [19:15 31/03/2012] [19:15 31/03/2012] 61D71033488DF2F4DDB14A653702DC79
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup.lnk --a---- 512 bytes [19:13 31/03/2012] [19:19 28/10/2012] 1E06F5B901A96989A4374F156EDF4165
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\Downloads\utorrent-setup.zip --a---- 901385 bytes [19:19 28/10/2012] [19:19 28/10/2012] 8C0C3CD397975E1FABE971F45B00BF9F

Searching for "*Battlefield*"
C:\_OTL\MovedFiles\11042012_194010\C_ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Battlefield 3.lnk --a---- 1146 bytes [20:38 23/09/2012] [20:38 23/09/2012] 12B202F4FAD7F6081690F1BD4C0FA0AA
C:\_OTL\MovedFiles\11042012_194010\C_ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk --a---- 206 bytes [20:38 23/09/2012] [20:38 23/09/2012] 444F0CBDE0C9153237B26610451816C9
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage --a---- 2272256 bytes [14:38 24/09/2012] [22:10 31/10/2012] 4A709610FA788AE5508A47D7A24B7F87
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal --a---- 16384 bytes [14:38 24/09/2012] [22:10 31/10/2012] 550B4C783F19F654EE360D61CC573F72
C:\_OTL\MovedFiles\11042012_194010\C_Users\Public\Desktop\Battlefield 3.lnk --a---- 1128 bytes [20:38 23/09/2012] [20:38 23/09/2012] 78925D08FCF97DFEF051F40E5D9943E8

Searching for "*Battlelog*"
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage --a---- 2272256 bytes [14:38 24/09/2012] [22:10 31/10/2012] 4A709610FA788AE5508A47D7A24B7F87
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal --a---- 16384 bytes [14:38 24/09/2012] [22:10 31/10/2012] 550B4C783F19F654EE360D61CC573F72
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\Downloads\battlelog-web-plugins-1.132.0-retail-prod.exe --a---- 3878360 bytes [16:56 24/09/2012] [16:56 24/09/2012] 5B7641335EF419600D9CE8C77DE7E5D1

Searching for "*BattlEye*"
C:\_OTL\MovedFiles\11042012_194010\C_Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2oa.exe --a---- 3783816 bytes [07:07 13/06/2012] [07:07 13/06/2012] C089D3E9AFE1AA93C97E9303E1A26FB7
C:\_OTL\MovedFiles\11042012_194010\C_Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2rft.exe --a---- 3755144 bytes [07:07 13/06/2012] [07:07 13/06/2012] 98E55B122720B342AF5D95D225C90E96
C:\_OTL\MovedFiles\11042012_194010\C_Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2oa.exe.gz --a---- 1927733 bytes [07:07 13/06/2012] [16:06 24/04/2012] E8C9A358E9E1052FAF5BC21F203855B1
C:\_OTL\MovedFiles\11042012_194010\C_Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2rft.exe.gz --a---- 1912483 bytes [07:07 13/06/2012] [16:06 24/04/2012] 1EAC27FB99FB68D0D0D107B7D7BC7DEF

Searching for "*Conduit*"
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\ConduitAutoCompleteSearch.js --a---- 9052 bytes [19:15 31/03/2012] [10:46 07/03/2012] AF98421711C6CFA73D6720C455D92DAC
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [19:15 31/03/2012] [10:46 07/03/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin\conduit.xml --a---- 935 bytes [19:15 31/03/2012] [10:46 07/03/2012] 9680591A24B87500B3F9FD45ACD250E8
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage --a---- 3072 bytes [19:19 31/03/2012] [19:19 31/03/2012] 0324BD9051F32C53F820E0BA755D1B52
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:23 28/10/2012] 59AD8273E24EA317475E089B265E50DA
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:23 28/10/2012] 731D705EF898EFEA193A7FBBCE8D98E0
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:23 28/10/2012] 59AD8273E24EA317475E089B265E50DA
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:23 28/10/2012] EE64025D7638FECBF61CCAA34BC052DC
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_CZ.xml --a---- 192 bytes [08:43 01/04/2012] [13:20 02/04/2012] F159884E3BCD46C383F9086F4BF788C1
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FGSE5H6Z\youtube.conduitapps[1].xml --a---- 13 bytes [08:42 01/04/2012] [08:42 01/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NS24HMH5\facebook.conduitapps[1].xml --a---- 13 bytes [08:42 01/04/2012] [08:42 01/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\ConduitAbstractionLayer.js --a---- 30362 bytes [19:22 28/10/2012] [20:10 27/08/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [19:22 28/10/2012] [20:10 27/08/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [19:22 28/10/2012] [20:10 27/08/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin\conduitToolBarStyle.css --a---- 3 bytes [19:22 28/10/2012] [20:10 27/08/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib\log4conduit.jsm --a---- 760 bytes [19:22 28/10/2012] [20:10 27/08/2012] 93898FE6A232C5FCD838D8168F65D802

Searching for "*GadgetBox*"
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox\gadgetBoxTB.dll --a---- 306688 bytes [19:11 28/10/2012] [20:33 09/12/2011] 6F781A30F3168C80D00BA0A199D1CBD9
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox\gadgetBoxTB_new.dll --a---- 306688 bytes [20:33 09/12/2011] [20:33 09/12/2011] 6F781A30F3168C80D00BA0A199D1CBD9
C:\_OTL\MovedFiles\11032012_124755\C_ProgramData\GadgetBox\js\gadgetbox.js --a---- 4284 bytes [15:27 26/12/2011] [15:27 26/12/2011] 8829C3D14E814EB1CBC393BE960E1360
C:\_OTL\MovedFiles\11042012_194010\C_Windows\System32\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1} --a---- 2734 bytes [19:12 28/10/2012] [19:12 28/10/2012] 7B80DCBD7AD151A93F12EBBC9C6809A7
C:\_OTL\MovedFiles\11042012_194010\C_Windows\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}.job --ah--- 440 bytes [19:12 28/10/2012] [12:22 04/11/2012] 00F34400D5585B61F5D96570893520ED

Searching for "*gboxapp*"
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage --a---- 3072 bytes [18:45 04/11/2012] [17:00 08/11/2012] F1668FB523CABE9C84503D35F36C116B
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage-journal --a---- 3608 bytes [18:45 04/11/2012] [17:00 08/11/2012] B092AA4292939B0B196132EFECB41C72
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage --a---- 3072 bytes [19:12 28/10/2012] [02:57 04/11/2012] 4A535865AB279BB934609544D560705F
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage-journal --a---- 3608 bytes [19:12 28/10/2012] [02:57 04/11/2012] BE1DDA33997D6DE317B967F6E7276D96

========== folderfind ==========

Searching for "*uTorrent*"
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\uTorrent d------ [19:14 31/03/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_12d5b6a3 d----c- [19:15 31/03/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_14ca4537 d----c- [19:15 31/03/2012]

Searching for "*Battlefield*"
C:\_OTL\MovedFiles\11042012_194010\C_Program Files\Common Files\EAInstaller\Battlefield 3 d--h--- [20:38 23/09/2012]
C:\_OTL\MovedFiles\11042012_194010\C_ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 d------ [20:38 23/09/2012]
C:\_OTL\MovedFiles\11042012_194010\C_ProgramData\Origin\LocalContent\Battlefield 3 d------ [16:09 22/09/2012]

Searching for "*BattlEye*"
C:\_OTL\MovedFiles\11042012_194010\C_ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye d------ [21:04 12/06/2012]
C:\_OTL\MovedFiles\11042012_194010\C_ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye d------ [06:42 13/06/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\ArmA 2 OA\BattlEye d------ [07:19 13/06/2012]

Searching for "*Conduit*"
C:\_OTL\MovedFiles\11042012_194010\C_Program Files\Conduit d------ [19:15 31/03/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\Conduit d------ [19:15 31/03/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\LocalLow\Conduit d------ [19:15 31/03/2012]

Searching for "*GadgetBox*"
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox d------ [19:11 28/10/2012]
C:\_OTL\MovedFiles\11032012_124755\C_ProgramData\GadgetBox d------ [19:11 28/10/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget d------ [19:11 28/10/2012]

Searching for "*Incredibar*"
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\LocalLow\Incredibar.com d------ [01:09 29/10/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\LocalLow\Incredibar.com\incredibar d------ [01:09 29/10/2012]

Searching for "*PunkBuster*"
C:\_OTL\MovedFiles\11042012_194010\C_Users\Libecek\AppData\Local\PunkBuster d------ [17:02 24/09/2012]
C:\_OTL\MovedFiles\11042012_194010\C_Windows\System32\LogFiles\PunkBuster d------ [20:37 23/09/2012]

========== Regfind ==========

Searching for "uTorrent"
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""

Searching for "Battlefield"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
@="{0.0.0.00000000}.{56df8135-814c-4a11-887e-b9aae5dbb8e5}|\Device\HarddiskVolume1\Program Files\Origin Games\Battlefield 3\bf3.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
@="{0.0.0.00000000}.{56df8135-814c-4a11-887e-b9aae5dbb8e5}|\Device\HarddiskVolume1\Program Files\Origin Games\Battlefield 3\bf3.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "Battlelog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\InprocServer32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\ToolboxBitmap32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D65F2511-B60B-4AA3-8563-E8DFD1303132}\InprocServer32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33616ACD-BF93-4F0E-97EB-A2A8D3018400}\1.0\0\win32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"

Searching for "GadgetBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\0\win32]
@="C:\Program Files\GadgetBox\gadgetBoxTB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\HELPDIR]
@="C:\Program Files\GadgetBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}]
"Path"="\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}"

Searching for "Incredibar"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 9th, 2012, 2:15 am

Hello gorf,

Very good! :) Let continue our treatment...

Important: Please keep sequence of steps below!

Step 1.
Upload File/Files for testing
  1. Please go to jotti.org or Virustotal
  2. Copy/Paste the following files to upload them one by one for scanning:
    C:\ProgramData\TheBflix\uninstall.exe
    C:\Users\All Users\TheBflix\uninstall.exe
  3. Press Submit - this will submit the file for testing.
    Note: If you will see a message "File already analysed", please click on "Reanalyse" button.
  4. Please wait for all the scanners to finish.
  5. Then copy and paste every permalink (web address) in your next response.
    Example of web address:
    Image

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    [2012.10.28 20:22:01 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    
    :Files
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage
    C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage-journal
    
    :Reg
    [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
    @=""
    [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\shell\open\command]
    @=""
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\DefaultIcon]
    @=""
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\shell\open\command]
    @=""
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
    @=""
    [HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\ToolboxBitmap32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D65F2511-B60B-4AA3-8563-E8DFD1303132}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33616ACD-BF93-4F0E-97EB-A2A8D3018400}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}]
    "Path"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech]
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
Please uninstall Google Chrome, restart your computer, download and install a clean copy of Google Chrome.

Step 4.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total.
  3. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  4. Contents of the most recent OTL.txt file after fresh OTL scan
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 10th, 2012, 6:21 am

Hello,

I have problem with first step where you want me to go to jotti.org or Virustotal.

I didn't find any of this files C:\ProgramData\TheBflix\uninstall.exe
C:\Users\All Users\TheBflix\uninstall.exe in my pc.

Here is report after fix in OTL.

All processes killed
========== OTL ==========
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\modules folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\META-INF folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults\preferences folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\sl folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\core folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\404 folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\images folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\api folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\res folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468 folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} folder moved successfully.
========== FILES ==========
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage moved successfully.
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage-journal moved successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\DefaultIcon\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\shell\open\command\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0\\@|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\ToolboxBitmap32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D65F2511-B60B-4AA3-8563-E8DFD1303132}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33616ACD-BF93-4F0E-97EB-A2A8D3018400}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}\\Path scheduled to be deleted on reboot.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Libecek
->Temp folder emptied: 262478 bytes
->Temporary Internet Files folder emptied: 2378622 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 352075136 bytes
->Flash cache emptied: 602 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72032 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 338,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11102012_111633

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}\\Path scheduled to be deleted on reboot.
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 10th, 2012, 6:48 am

Chrome uninstalled and installed again and below is report from OTL scan


OTL logfile created on: 10.11.2012 11:41:10 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Libecek\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 73,30% Memory free
7,00 Gb Paging File | 5,73 Gb Available in Paging File | 81,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 78,52 Gb Free Space | 33,72% Space Free | Partition Type: NTFS
Drive D: | 1,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LIBECEK-PC | User Name: Libecek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.29 01:29:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Libecek\Desktop\OTL.exe
PRC - [2012.10.25 07:34:44 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.08.04 07:47:09 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012.07.28 03:10:10 | 000,469,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.07.28 03:09:30 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.10.07 10:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 20:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.25 07:34:44 | 020,317,008 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012.10.25 07:34:43 | 001,099,616 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012.10.25 07:34:43 | 000,902,480 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012.10.25 07:34:43 | 000,190,816 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012.10.25 07:34:43 | 000,123,232 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012.08.06 11:07:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.06.14 15:53:22 | 001,880,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
MOD - [2012.06.14 15:53:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\50933f0a7ece72e717ba7d17559df5ef\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 13:07:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2b07e726c1c19bb8440d82b200fb603b\System.Web.ni.dll
MOD - [2012.06.14 13:07:08 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 13:06:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\697251a50a103e3d047178c2ab710593\System.Windows.Forms.ni.dll
MOD - [2012.06.14 13:06:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 13:06:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.06.13 22:33:33 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.13 22:31:41 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012.06.13 22:31:39 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.05.10 18:41:49 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\fd866b4158c3bd2a26c875f2896c5573\dfsvc.ni.exe
MOD - [2012.05.10 18:40:46 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.10 18:33:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 18:32:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 18:32:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012.05.10 18:32:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 18:32:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 18:32:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 18:32:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 18:32:07 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.10 13:51:08 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
MOD - [2012.05.10 13:51:06 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.10 13:51:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.10 13:50:57 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.10 13:50:52 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.02.17 19:55:36 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.10.07 10:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010.11.13 03:37:08 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 03:37:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:53:44 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_cs_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.11.05 02:53:33 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll


========== Services (SafeList) ==========

SRV - [2012.10.25 07:34:44 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.08 20:15:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.11 19:52:55 | 000,316,888 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01)
SRV - [2012.07.28 03:09:30 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.04 19:02:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.09.27 20:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.08.11 19:52:56 | 002,627,760 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01)
DRV - [2012.07.28 05:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.07.28 05:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.07.28 02:14:22 | 000,296,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.09.02 07:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 07:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 07:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.04.09 02:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010.03.04 18:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.09.30 02:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.05.13 18:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007.12.17 16:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes,DefaultScope = {F32AE9E6-5369-4DF2-A66F-C0950D694C41}
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes\{F32AE9E6-5369-4DF2-A66F-C0950D694C41}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012.10.28 20:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions
[2012.04.04 12:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Disk Google = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: uTorrentControl_v2 = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: TheBflix = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\joifgdlkhokekeaenpkaehbnjhncglbh\5.0_0\
CHR - Extension: Gmail = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECFB1BEF-77A9-4F72-B5C3-C37E925F5088}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5eb70a0c-e31c-11e1-94ee-001e8c7e6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{5eb70a0c-e31c-11e1-94ee-001e8c7e6c1e}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O33 - MountPoints2\{91ec2317-7b12-11e1-aebc-001e8c7e6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{91ec2317-7b12-11e1-aebc-001e8c7e6c1e}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.10 11:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.10 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.11.10 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Deployment
[2012.11.10 11:30:22 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Apps
[2012.11.05 17:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.11.04 22:41:01 | 000,000,000 | ---D | C] -- C:\music
[2012.10.31 23:00:01 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Origin
[2012.10.30 19:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.10.29 01:54:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.29 01:51:46 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Libecek\Desktop\tdsskiller.exe
[2012.10.29 01:37:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.29 01:29:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Libecek\Desktop\OTL.exe
[2012.10.29 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Roaming\Malwarebytes
[2012.10.29 01:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 01:15:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.29 01:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.29 01:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.28 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\CRE
[2012.10.28 20:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.10.13 18:38:14 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Adobe
[2012.10.13 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.13 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.13 18:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.11 12:20:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.11 12:20:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.11 12:20:07 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.11 12:20:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 12:20:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 12:19:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.11 12:19:59 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012.11.10 11:36:44 | 000,002,235 | ---- | M] () -- C:\Users\Libecek\Desktop\Google Chrome.lnk
[2012.11.10 11:35:03 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 11:35:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.10 11:32:15 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 11:32:15 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 11:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.10 11:24:43 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.10 11:15:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.06 08:39:16 | 000,631,054 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.11.06 08:39:16 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.06 08:39:16 | 000,121,708 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.11.06 08:39:16 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.03 12:57:26 | 000,139,264 | ---- | M] () -- C:\Users\Libecek\Desktop\SystemLook.exe
[2012.11.01 22:46:40 | 000,000,000 | ---- | M] () -- C:\Users\Libecek\defogger_reenable
[2012.10.30 19:08:27 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.29 01:51:51 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Libecek\Desktop\tdsskiller.exe
[2012.10.29 01:29:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Libecek\Desktop\OTL.exe
[2012.10.29 01:15:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.13 18:37:23 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.12 16:56:36 | 000,000,216 | ---- | M] () -- C:\Users\Libecek\Desktop\XCOM Enemy Unknown.url

========== Files Created - No Company Name ==========

[2012.11.10 11:36:44 | 000,002,235 | ---- | C] () -- C:\Users\Libecek\Desktop\Google Chrome.lnk
[2012.11.10 11:30:49 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 11:30:48 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.03 12:57:26 | 000,139,264 | ---- | C] () -- C:\Users\Libecek\Desktop\SystemLook.exe
[2012.11.01 22:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Libecek\defogger_reenable
[2012.10.30 19:08:27 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.10.30 19:08:22 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.10.29 01:15:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.29 00:57:40 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.10.13 18:38:36 | 001,477,337 | ---- | C] () -- C:\Users\Libecek\Desktop\XCOM_EU_PC_MANUAL_ENG.pdf
[2012.10.13 18:37:23 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.10.13 18:37:23 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.12 16:56:36 | 000,000,216 | ---- | C] () -- C:\Users\Libecek\Desktop\XCOM Enemy Unknown.url
[2012.09.23 21:37:59 | 000,138,056 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\PnkBstrK.sys
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.15 14:38:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.04.15 14:38:51 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.04.15 14:38:49 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012.04.15 14:38:49 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2012.04.15 14:38:37 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2012.04.12 20:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.03.29 23:22:03 | 000,000,600 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\winscp.rnd
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.03.08 18:24:59 | 000,087,254 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\icarus-dxdiag.xml
[2012.03.05 09:20:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.04 17:14:09 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.03.04 16:16:03 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.03.04 16:06:37 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012.03.04 15:23:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.15 03:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 03:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 10th, 2012, 12:15 pm

Hello gorf,
I have problem with first step where you want me to go to jotti.org or Virustotal.
I didn't find any of this files C:\ProgramData\TheBflix\uninstall.exe
C:\Users\All Users\TheBflix\uninstall.exe in my pc.
It is OK. We will try to resolve this problem...

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Then please check the existence of those files again - if you can see them please run the Step 2. If not - simply let me know.

Step 2.
Upload File/Files for testing
  1. Please go to jotti.org or Virustotal
  2. Copy/Paste the following files to upload them one by one for scanning:
    C:\ProgramData\TheBflix\uninstall.exe
    C:\Users\All Users\TheBflix\uninstall.exe
  3. Press Submit - this will submit the file for testing.
    Note: If you will see a message "File already analysed", please click on "Reanalyse" button.
  4. Please wait for all the scanners to finish.
  5. Then copy and paste every permalink (web address) in your next response.
    Example of web address:
    Image

I need to know although the current status of "gboxapp" original problem in your browsers.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links after online file scan by Virus Total.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 11th, 2012, 1:20 pm

Hope this is what you mean.

http://virusscan.jotti.org/en/scanresul ... 31a10f3bd4
http://virusscan.jotti.org/en/scanresul ... ff144660f0

What I have noticed is that my OS is much faster now and you have solved problem with my browser. I cannot see any problem with my pc again and everything running smoothly.

FYI: I'm leaving on business trip tomorrow and will be back on friday next week so I will not be able to continue in what we have started right after your reply. I will jump on it right after my arrival, if there are any other steps we need to do.

Thanks for all your help. Very proffesional and I'm really surprised that there is someone helping other ppl for free. Not really common nowadays.

Thanks again.
Regards,
Gorf
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 13th, 2012, 2:40 pm

Hello gorf,
FYI: I'm leaving on business trip tomorrow and will be back on friday next week so I will not be able to continue in what we have started right after your reply. I will jump on it right after my arrival, if there are any other steps we need to do.
Thank you for notification! Please take your time - the topic will be left open. There a few things should be done - so let continue...

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click on Entry below, if it exists, choose Uninstall, and give permission to Continue:
    TheBflix
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    CHR - Extension: uTorrentControl_v2 = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
    
    :Files
    C:\ProgramData\TheBflix
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
Malwarebytes' Anti-Malware (MBAM) Rerun
You should still have MBAM on your desktop.
  1. Please start MBAM again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab. Then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent MBAM Log file.
  4. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 18th, 2012, 7:02 am

Hello again and thanks for waiting.

I've done all you have asked and had no problems. PC runs smoothly, and do not have that shit in my browser anymore, but that progress is since previous repair steps. So now I do not notice any changes in behavior of my pc.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.18.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Libecek :: LIBECEK-PC [administrátor]

18.11.2012 11:16:32
mbam-log-2012-11-18 (11-16-32).txt

Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 294739
Uplynulý čas: 34 minut,

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)



All processes killed
========== OTL ==========
File C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0 not found.
========== FILES ==========
C:\ProgramData\TheBflix\data folder moved successfully.
C:\ProgramData\TheBflix folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Libecek
->Temp folder emptied: 1219424 bytes
->Temporary Internet Files folder emptied: 4749259 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 364990530 bytes
->Flash cache emptied: 602 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24283978 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 377,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11172012_153526
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 18th, 2012, 1:20 pm

Hello gorf,
PC runs smoothly, and do not have that shit in my browser anymore, but that progress is since previous repair steps. So now I do not notice any changes in behavior of my pc.
I am glad to help you! :D

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps

Step 1.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u9) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x86 Offline, click on the associated file name, then save the file to your Desktop.

REMOVE OLD JAVA
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Java Auto Updater
    Java(TM) 7 Update 7
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From Desktop please right-click on jre-7u9-windows-i586.exe select "Run As Administrator..." to install the newest version.
  3. Follow the on-screen directions. When installation is completed successfully, please reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Advanced tab and find the JRE Auto-Download sub-menu.
  3. CHECK "Never Auto-Download". (You can check for updates manually.)
  4. Press Apply and OK, then close the Java Control Panel and exit Control Panel.

Step 2.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
Defogger
Enable Drivers
You should still have this program on your desktop, just ignore the download instructions, provided for convenience.
Please download DeFogger... by jpshortstuff. Save it to your desktop.
To enable your Emulation drivers again, only when instructed to do so by your helper.
  1. Right click DeFogger and select "Run as administrator..." to run the tool. The application window will appear.
  2. Click the Re-enable button to re-enable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK
  4. Click OK when DeFogger asks to reboot the machine.
Your Emulation drivers are now enabled.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Step 4.
OTL-Cleanup
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Then:
Please don't forget to enable all your defense software!

Finally, please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware