Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014 Ran by Mary at 2014-09-11 21:11:02 Run:1 Running from C:\Users\Mary\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R2 248642b4; c:\Program Files (x86)\PC_Booster\AssistantSvc.dll [174928 2014-09-05] () [File not signed] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1080440751-1908717303-3949083742-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1080440751-1908717303-3949083742-1001\...\Run: [Google Update] => "C:\Users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe" /c AppInit_DLLs: C:\PROGRA~2\PC_BOO~1\ASSIST~2.DLL => C:\Program Files (x86)\PC_Booster\Assistant_x64.dll [4210176 2014-09-05] () AppInit_DLLs-x32: c:\progra~2\pc_boo~1\assist~1.dll => c:\Program Files (x86)\PC_Booster\Assistant.dll [4296192 2014-09-05] () HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ BHO: YoUtubeeAdBlocke -> {6a1a3bd5-ef29-4196-8140-cb246e1f5b1e} -> C:\Program Files (x86)\YoUtubeeAdBlocke\PK9mom4CKuQrgB.x64.dll () BHO: priccechop -> {fe0256e5-e211-4c2e-b8e1-34357e67d9f9} -> C:\Program Files (x86)\priccechop\ASgDxSQbDasuOG.x64.dll () BHO-x32: YoUtubeeAdBlocke -> {6a1a3bd5-ef29-4196-8140-cb246e1f5b1e} -> C:\Program Files (x86)\YoUtubeeAdBlocke\PK9mom4CKuQrgB.dll () BHO-x32: priccechop -> {fe0256e5-e211-4c2e-b8e1-34357e67d9f9} -> C:\Program Files (x86)\priccechop\ASgDxSQbDasuOG.dll () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HomePage: Default -> hxxp://search.gboxapp.com/ CHR RestoreOnStartup: Default -> "hxxp://search.gboxapp.com/" CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/" CHR Extension: (priceichop) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmpcnnimefckkkidnmmknhfcjddkkj [2014-09-05] FF user.js: detected! => C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\k3mjyevj.default\user.js FF Extension: YoUtubeeAdBlocke - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\k3mjyevj.default\Extensions\0@jX1M1.com [2014-09-05] FF Extension: priceichop - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\k3mjyevj.default\Extensions\ZlA@tP6.net [2014-09-05] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Mary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Mary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File CustomCLSID: HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mary\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mary\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mary\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mary\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {395A0030-39F2-4AE9-9E5B-D03107481B0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001UA => C:\Users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe Task: {5CD4001A-3189-48CD-9A88-9D2341161923} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {6E182D55-45E9-4C40-83CB-A8DAC22C2A43} - System32\Tasks\PC_Booster-S-493389286 => c:\programdata\trusted publisher\pc_booster\PC_Booster.exe [2013-09-05] () <==== ATTENTION Task: {7DA4A61A-A8F5-491F-8778-72F34DA59B96} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {AED66B1C-6F2A-4B42-ABD1-67D38EA8814E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001Core => C:\Users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001Core.job => C:\Users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001UA.job => C:\Users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PC_Booster-S-493389286.job => c:\programdata\trusted publisher\pc_booster\PC_Booster.exe <==== ATTENTION AlternateDataStreams: C:\Users\Mary\Cookies:l0Q46WohlQyPNK9OlZmW AlternateDataStreams: C:\Users\Mary\AppData\Local\Temp:udhlNyknuCfyHz9rBHJ79WY AlternateDataStreams: C:\Users\Mary\AppData\Local\Temporary Internet Files:GeWBZIOXi033HLcMrPSubbXWlmzhiK C:\Users\Administrator C:\Users\Gość C:\Users\HomeGroupUser$ C:\Users\Mary\AppData\Local\Comodo C:\Users\Mary\AppData\Local\Chromatic Browser C:\Users\Mary\AppData\Local\Torch ***************** Processes closed successfully. 248642b4 => Service deleted successfully. gupdate => Service deleted successfully. gupdatem => Service deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-1080440751-1908717303-3949083742-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully. HKU\S-1-5-21-1080440751-1908717303-3949083742-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully. "C:\PROGRA~2\PC_BOO~1\ASSIST~2.DLL" => Value Data removed successfully. "c:\progra~2\pc_boo~1\assist~1.dll" => Value Data removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a1a3bd5-ef29-4196-8140-cb246e1f5b1e}" => Key deleted successfully. "HKCR\CLSID\{6a1a3bd5-ef29-4196-8140-cb246e1f5b1e}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe0256e5-e211-4c2e-b8e1-34357e67d9f9}" => Key deleted successfully. "HKCR\CLSID\{fe0256e5-e211-4c2e-b8e1-34357e67d9f9}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a1a3bd5-ef29-4196-8140-cb246e1f5b1e}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6a1a3bd5-ef29-4196-8140-cb246e1f5b1e}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe0256e5-e211-4c2e-b8e1-34357e67d9f9}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{fe0256e5-e211-4c2e-b8e1-34357e67d9f9}" => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. Chrome HomePage deleted successfully. Chrome RestoreOnStartup deleted successfully. Chrome StartupUrls deleted successfully. C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\panmpcnnimefckkkidnmmknhfcjddkkj => Moved successfully. C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\k3mjyevj.default\user.js => Moved successfully. C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\k3mjyevj.default\Extensions\0@jX1M1.com => Moved successfully. C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\k3mjyevj.default\Extensions\ZlA@tP6.net => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully. "HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully. C:\Users\Mary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found. "HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully. C:\Users\Mary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found. "HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully. "HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully. "HKU\S-1-5-21-1080440751-1908717303-3949083742-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{395A0030-39F2-4AE9-9E5B-D03107481B0B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{395A0030-39F2-4AE9-9E5B-D03107481B0B}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001UA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001UA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CD4001A-3189-48CD-9A88-9D2341161923}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CD4001A-3189-48CD-9A88-9D2341161923}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E182D55-45E9-4C40-83CB-A8DAC22C2A43}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E182D55-45E9-4C40-83CB-A8DAC22C2A43}" => Key deleted successfully. C:\Windows\System32\Tasks\PC_Booster-S-493389286 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC_Booster-S-493389286" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DA4A61A-A8F5-491F-8778-72F34DA59B96}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DA4A61A-A8F5-491F-8778-72F34DA59B96}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AED66B1C-6F2A-4B42-ABD1-67D38EA8814E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AED66B1C-6F2A-4B42-ABD1-67D38EA8814E}" => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001Core => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001Core" => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001Core.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1080440751-1908717303-3949083742-1001UA.job => Moved successfully. C:\Windows\Tasks\PC_Booster-S-493389286.job => Moved successfully. "C:\Users\Mary\Cookies" => ":l0Q46WohlQyPNK9OlZmW" ADS not found. C:\Users\Mary\AppData\Local\Temp => ":udhlNyknuCfyHz9rBHJ79WY" ADS removed successfully. "C:\Users\Mary\AppData\Local\Temporary Internet Files" => ":GeWBZIOXi033HLcMrPSubbXWlmzhiK" ADS not found. C:\Users\Administrator => Moved successfully. C:\Users\Gość => Moved successfully. C:\Users\HomeGroupUser$ => Moved successfully. C:\Users\Mary\AppData\Local\Comodo => Moved successfully. C:\Users\Mary\AppData\Local\Chromatic Browser => Moved successfully. C:\Users\Mary\AppData\Local\Torch => Moved successfully. The system needed a reboot. ==== End of Fixlog ====