Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cannot get rid of gboxapp in my browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

cannot get rid of gboxapp in my browser

Unread postby gorf » October 28th, 2012, 10:58 pm

Dear helpers,

I saw in archive that you have helped to one guy who had similar problem as me. I was downloading torrent and wasnt carefull enough. Installed some program and now my chrome has always this http://search.gboxapp.com/ as a home page.

I will really appreciate if you could help me. I have tried some programs to remove it without success.

Thank you in advance.

My logs:DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Libecek at 2:08:59 on 2012-10-29
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3583.2542 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Libecek\AppData\Local\Temp\156ADF11-CDE2-483D-9BD6-DD54495F65DC.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Libecek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Libecek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Users\Libecek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Libecek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.gboxapp.com/
mStart Page = hxxp://search.gboxapp.com/
uURLSearchHooks: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
EB: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
uRun: [Google Update] "c:\users\libecek\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{ECFB1BEF-77A9-4F72-B5C3-C37E925F5088} : DHCPNameServer = 10.0.0.138
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
============= SERVICES / DRIVERS ===============
.
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2012-8-11 2627760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-8-11 242240]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-28 217600]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-29 676936]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-29 399432]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-28 8758784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-28 296448]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-29 22856]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Služba úložiště;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-5 52224]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-4 1343400]
.
=============== Created Last 30 ================
.
2012-10-29 00:54:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-29 00:37:49 -------- d-----w- C:\_OTL
2012-10-29 00:16:07 -------- d-----w- c:\users\libecek\appdata\roaming\Malwarebytes
2012-10-29 00:15:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-29 00:15:50 -------- d-----w- c:\programdata\Malwarebytes
2012-10-29 00:15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-28 23:57:40 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-10-28 19:22:02 -------- d-----w- c:\users\libecek\appdata\local\CRE
2012-10-28 19:12:10 -------- d-----w- c:\programdata\Premium
2012-10-28 19:11:59 -------- d-----w- c:\programdata\GadgetBox
2012-10-28 19:11:59 -------- d-----w- c:\program files\GadgetBox
2012-10-26 21:36:19 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a7db7d3a-0cf5-41d7-a628-d9d67b550584}\mpengine.dll
2012-10-13 17:38:14 -------- d-----w- c:\users\libecek\appdata\local\Adobe
2012-10-11 11:19:59 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 11:19:59 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-29 08:04:29 -------- d-----w- c:\program files\AMD APP
.
==================== Find3M ====================
.
2012-10-08 19:15:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:15:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 08:49:06 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-30 08:48:52 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-30 08:48:52 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-30 08:48:27 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-25 15:54:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-25 15:54:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-25 15:54:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:49:44 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-23 20:37:59 138056 ----a-w- c:\users\libecek\appdata\roaming\PnkBstrK.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-11 18:52:56 2627760 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2012-08-11 18:52:55 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
2012-08-11 16:56:59 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
============= FINISH: 2:09:44,10 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4.3.2012 15:10:26
System Uptime: 29.10.2012 1:55:26 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 43,354 GiB free.
D: is CDROM (UDF)
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP292: 8.10.2012 16:43:05 - Windows Update
RP293: 8.10.2012 23:00:18 - Windows Update
RP294: 9.10.2012 15:18:14 - Windows Update
RP295: 11.10.2012 14:19:47 - Windows Update
RP297: 12.10.2012 17:15:13 - Nainstalováno rozhraní DirectX
RP298: 13.10.2012 19:36:53 - Installed Adobe Reader X (10.1.0) - Czech.
RP299: 16.10.2012 14:21:44 - Windows Update
RP300: 23.10.2012 14:31:22 - Windows Update
RP301: 26.10.2012 23:35:50 - Windows Update
RP302: 29.10.2012 1:34:23 - odstranění malware
RP303: 29.10.2012 1:43:07 - Operace obnovení
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Czech
Altap Salamander 2.54
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Software Update
ASUS VGA Driver
ATI AVIVO Codecs
AutoHotkey 1.0.48.05
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cool & Quiet
DAEMON Tools Lite
Dota 2
eReg
Fallout 3
Fraps (remove only)
GamersFirst LIVE!
Google Chrome
Guild Wars 2
Incredibar Toolbar on IE
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Logitech SetPoint 6.32
Malwarebytes Anti-Malware verze 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CSY Language Pack
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PunkBuster Services
QuickTime
RagnrokOnline
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)
Six Updater
Steam
TeamSpeak 3 Client
The KMPlayer (remove only)
TheBflix
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
Windows Live ID Sign-in Assistant
WinRAR 4.11 (32-bit)
XCOM: Enemy Unknown
.
==== End Of File ===========================
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm
Advertisement
Register to Remove

Re: cannot get rid of gboxapp in my browser

Unread postby NonSuch » October 28th, 2012, 11:23 pm

This topic is a duplicate copy of the original and therefore will be closed. The original will be left open.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 76 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware