Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014 Ran by Owner at 2014-10-19 14:59:34 Run:1 Running from C:\Users\Owner\Desktop Loaded Profile: Owner (Available profiles: Owner & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.all...&cc=US&unqvl=64 SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.all...&cc=US&unqvl=64 SearchScopes: HKCU - DefaultScope {B4599768-F3E0-446B-9CC6-2AF6E72456EA} URL = https://search.yahoo...p={SearchTerms} SearchScopes: HKCU - {5F0E1667-80D4-4326-9464-440EF6571D19} URL = http://search.yahoo....11,17118,0,18,0 SearchScopes: HKCU - {B4599768-F3E0-446B-9CC6-2AF6E72456EA} URL = https://search.yahoo...p={SearchTerms} BHO: NextCoup -> {a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637} -> C:\Program Files (x86)\NextCoup\pFNTkfheimkWtm.x64.dll No File BHO: NextCoup -> {e7d3ae70-f156-46d5-be16-9eebd51e86ab} -> C:\Program Files (x86)\NextCoup\i309X1EgMaRBR7.x64.dll No File BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: NextCoup -> {a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637} -> C:\Program Files (x86)\NextCoup\pFNTkfheimkWtm.dll No File BHO-x32: NextCoup -> {e7d3ae70-f156-46d5-be16-9eebd51e86ab} -> C:\Program Files (x86)\NextCoup\i309X1EgMaRBR7.dll No File FF DefaultSearchUrl: http://websearch.all...unqvl=64&l=1&q= FF Homepage: hxxp://websearch.allsearches.info/?pid=945&r=2014/10/16&hid=12827458011353005973&lg=EN&cc=US&unqvl=64 FF SearchEngineOrder.1: WebSearch FF DefaultSearchEngine: WebSearch FF SelectedSearchEngine: WebSearch FF SearchEngineOrder.1,S: WebSearch FF DefaultSearchEngine,S: WebSearch FF SelectedSearchEngine,S: WebSearch FF Keyword.URL: hxxp://websearch.allsearches.info/?pid=945&r=2014/10/16&hid=12827458011353005973&lg=EN&cc=US&unqvl=64&l=1&q= FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ixgln5xn.default\searchplugins\safesearch.xml FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2014-07-14] CHR dev: Chrome dev build detected! <======= ATTENTION CHR Extension: (NextCoup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\damjpaghdlldnhfkfjhlpkagboklfebj [2014-10-17] CHR Extension: (NextCoup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanjgonigpejjggdhaimiojpfimipeog [2014-10-17] CHR Extension: (GoSave) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkkpaahpjpiklnmonaocmhnnllpgfnda [2014-10-16] CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2014-07-14] S2 d0e87c27; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sw-boo~1\AssistantSvc.dll",service 2014-10-16 19:00 - 2014-10-17 13:23 - 00000000 ____D () C:\ProgramData\d648aeeddec485c2 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser C:\$Recycle.Bin\S-1-5-18\$0906a283eedaa414308f0a11fe85ea31 C:\$Recycle.Bin\S-1-5-21-422040510-2405641811-1513485937-1000\$0906a283eedaa414308f0a11fe85ea31 C:\Program Files (x86)\Stronghold AntiMalware C:\Program Files\Updater By SweetPacks C:\Program Files (x86)\1clickmoviedownloader.com c:\progra~2\sw-boo~1 C:\Program Files (x86)\NextCoup EmptyTemp: CMD: bitsadmin /reset /allusers ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Stronghold AntiMalware => value deleted successfully. HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. "c:\progra~2\sw-boo~1\assist~1.dll" => Value Data removed successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F0E1667-80D4-4326-9464-440EF6571D19}" => Key deleted successfully. "HKCR\CLSID\{5F0E1667-80D4-4326-9464-440EF6571D19}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4599768-F3E0-446B-9CC6-2AF6E72456EA}" => Key deleted successfully. "HKCR\CLSID\{B4599768-F3E0-446B-9CC6-2AF6E72456EA}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637}" => Key deleted successfully. "HKCR\CLSID\{a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7d3ae70-f156-46d5-be16-9eebd51e86ab}" => Key deleted successfully. "HKCR\CLSID\{e7d3ae70-f156-46d5-be16-9eebd51e86ab}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7d3ae70-f156-46d5-be16-9eebd51e86ab}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{e7d3ae70-f156-46d5-be16-9eebd51e86ab}" => Key deleted successfully. Firefox DefaultSearchUrl deleted successfully. Firefox homepage deleted successfully. Firefox SearchEngineOrder.1 deleted successfully. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. Firefox SearchEngineOrder.1,S deleted successfully. Firefox DefaultSearchEngine,S deleted successfully. Firefox SelectedSearchEngine,S deleted successfully. Firefox Keyword.URL deleted successfully. C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ixgln5xn.default\searchplugins\safesearch.xml => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\obcjlnjgjjgghcedkcohaeboelbblehc" => Key deleted successfully. "C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx" => File/Directory not found. CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\damjpaghdlldnhfkfjhlpkagboklfebj => Moved successfully. C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanjgonigpejjggdhaimiojpfimipeog => Moved successfully. C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkkpaahpjpiklnmonaocmhnnllpgfnda => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\obcjlnjgjjgghcedkcohaeboelbblehc" => Key not found. "C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx" => File/Directory not found. d0e87c27 => Service deleted successfully. C:\ProgramData\d648aeeddec485c2 => Moved successfully. C:\Users\Owner\AppData\Local\Torch => Moved successfully. C:\Users\Owner\AppData\Local\Comodo => Moved successfully. C:\Users\Owner\AppData\Local\Chromatic Browser => Moved successfully. C:\Users\HomeGroupUser$\AppData\Local\Torch => Moved successfully. C:\Users\HomeGroupUser$\AppData\Local\Google => Moved successfully. C:\Users\HomeGroupUser$\AppData\Local\Comodo => Moved successfully. C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser => Moved successfully. C:\Users\Guest\AppData\Local\Torch => Moved successfully. C:\Users\Guest\AppData\Local\Google => Moved successfully. C:\Users\Guest\AppData\Local\Comodo => Moved successfully. C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully. C:\Users\Administrator\AppData\Local\Torch => Moved successfully. C:\Users\Administrator\AppData\Local\Google => Moved successfully. C:\Users\Administrator\AppData\Local\Comodo => Moved successfully. C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully. C:\$Recycle.Bin\S-1-5-18\$0906a283eedaa414308f0a11fe85ea31 => Moved successfully. C:\$Recycle.Bin\S-1-5-21-422040510-2405641811-1513485937-1000\$0906a283eedaa414308f0a11fe85ea31 => Moved successfully. "C:\Program Files (x86)\Stronghold AntiMalware" => File/Directory not found. "C:\Program Files\Updater By SweetPacks" => File/Directory not found. "C:\Program Files (x86)\1clickmoviedownloader.com" => File/Directory not found. "c:\progra~2\sw-boo~1" => File/Directory not found. "C:\Program Files (x86)\NextCoup" => File/Directory not found. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {39F7F104-9DE3-43E4-A485-78B02C21E421}. 0 out of 1 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 4.7 GB temporary data. The system needed a reboot. ==== End of Fixlog ====