Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014 Ran by Toshba at 2014-07-22 16:14:19 Run:2 Running from C:\Users\Toshba\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [eqoyugxqlylnawald] => C:\Users\Toshba\AppData\Local\Temp\xifojukcwiuvhcfp.exe [614400 2014-07-22] () HKLM-x32\...\RunOnce: [pwpulsesiqyv] => eqoyugxqlylnawald.exe . HKLM-x32\...\RunOnce: [xifojukcwiuvhcfp] => C:\Users\Toshba\AppData\Local\Temp\laboncwsqgwbrqxlgglb.exe [614400 2014-07-22] () HKLM\...\Policies\Explorer\Run: [owqwowjypyhfo] => C:\Windows\ymmywkdyvkzdsqwjdcg.exe [614400 2014-07-22] ( ()) HKLM\...\Policies\Explorer\Run: [xctwlqamag] => C:\Users\Toshba\AppData\Local\Temp\laboncwsqgwbrqxlgglb.exe [614400 2014-07-22] ( ()) AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1404744618&from=smt&uid=HitachiXHTS547564A9E384_130518J2330053E41SVBX&q={searchTerms} C:\Windows\SysWOW64\bwdwbwwycyufbgtnoufbgb.dwb C:\Windows\bwdwbwwycyufbgtnoufbgb.dwb C:\Program Files (x86)\bwdwbwwycyufbgtnoufbgb.dwb C:\Windows\ymmywkdyvkzdsqwjdcg.exe C:\Windows\xifojukcwiuvhcfp.exe C:\Windows\rilabsommewdvwfvsubtul.exe C:\Windows\nazkhumgcqehvsxjca.exe C:\Windows\laboncwsqgwbrqxlgglb.exe C:\Windows\aqsggwronevbssaplmsjj.exe C:\Windows\SysWOW64\ymmywkdyvkzdsqwjdcg.exe C:\Windows\SysWOW64\rilabsommewdvwfvsubtul.exe C:\Windows\SysWOW64\nazkhumgcqehvsxjca.exeC:\Windows\SysWOW64\laboncwsqgwbrqxlgglb.exe C:\Windows\SysWOW64\aqsggwronevbssaplmsjj.exe C:\Windows\SysWOW64\xifojukcwiuvhcfp.exe C:\Windows\SysWOW64\eqoyugxqlylnawald.exe C:\Users\Toshba\AppData\Local\syqukqbodkrnukinzqmtjpvnrhnylahok.hfk C:\Users\Toshba\AppData\Local\bwdwbwwycyufbgtnoufbgb.dwb C:\Users\Toshba\Documents\Aspyr C:\Users\Toshba\AppData\Local\Aspyr C:\Windows\eqoyugxqlylnawald.exe C:\Users\Toshba\AppData\Local\Temp\*.exe C:\Users\Toshba\AppData\Local\Temp\*.dll Reboot: ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\eqoyugxqlylnawald => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM-x32\...\RunOnce: [pwpulsesiqyv] => eqoyugxqlylnawald.exe . => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM-x32\...\RunOnce: [xifojukcwiuvhcfp] => C:\Users\Toshba\AppData\Local\Temp\laboncwsqgwbrqxlgglb.exe [614400 2014-07-22] () => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\owqwowjypyhfo => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\xctwlqamag => value deleted successfully. "C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. C:\Windows\SysWOW64\bwdwbwwycyufbgtnoufbgb.dwb => Moved successfully. C:\Windows\bwdwbwwycyufbgtnoufbgb.dwb => Moved successfully. C:\Program Files (x86)\bwdwbwwycyufbgtnoufbgb.dwb => Moved successfully. C:\Windows\ymmywkdyvkzdsqwjdcg.exe => Moved successfully. C:\Windows\xifojukcwiuvhcfp.exe => Moved successfully. C:\Windows\rilabsommewdvwfvsubtul.exe => Moved successfully. C:\Windows\nazkhumgcqehvsxjca.exe => Moved successfully. C:\Windows\laboncwsqgwbrqxlgglb.exe => Moved successfully. C:\Windows\aqsggwronevbssaplmsjj.exe => Moved successfully. Could not move "C:\Windows\SysWOW64\ymmywkdyvkzdsqwjdcg.exe" => Scheduled to move on reboot. Could not move "C:\Windows\SysWOW64\rilabsommewdvwfvsubtul.exe" => Scheduled to move on reboot. "C:\Windows\SysWOW64\nazkhumgcqehvsxjca.exeC:\Windows\SysWOW64\laboncwsqgwbrqxlgglb.exe" => File/Directory not found. Could not move "C:\Windows\SysWOW64\aqsggwronevbssaplmsjj.exe" => Scheduled to move on reboot. Could not move "C:\Windows\SysWOW64\xifojukcwiuvhcfp.exe" => Scheduled to move on reboot. Could not move "C:\Windows\SysWOW64\eqoyugxqlylnawald.exe" => Scheduled to move on reboot. C:\Users\Toshba\AppData\Local\syqukqbodkrnukinzqmtjpvnrhnylahok.hfk => Moved successfully. C:\Users\Toshba\AppData\Local\bwdwbwwycyufbgtnoufbgb.dwb => Moved successfully. C:\Users\Toshba\Documents\Aspyr => Moved successfully. C:\Users\Toshba\AppData\Local\Aspyr => Moved successfully. C:\Windows\eqoyugxqlylnawald.exe => Moved successfully. Could not move "C:\Users\Toshba\AppData\Local\Temp\*.exe" => Scheduled to move on reboot. C:\Users\Toshba\AppData\Local\Temp\*.dll => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-22 16:16:32)<= C:\Windows\SysWOW64\ymmywkdyvkzdsqwjdcg.exe => Is moved successfully. C:\Windows\SysWOW64\rilabsommewdvwfvsubtul.exe => Is moved successfully. C:\Windows\SysWOW64\aqsggwronevbssaplmsjj.exe => Is moved successfully. C:\Windows\SysWOW64\xifojukcwiuvhcfp.exe => Is moved successfully. C:\Windows\SysWOW64\eqoyugxqlylnawald.exe => Is moved successfully. C:\Users\Toshba\AppData\Local\Temp\*.exe => Moved successfully. ==== End of Fixlog ====