Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015 Ran by Krzysieq at 2015-01-29 23:06:10 Run:1 Running from F:\ Loaded Profiles: Krzysieq (Available profiles: Krzysieq) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 WINIO; \??\C:\Program Files (x86)\QMacro\hknms.sys [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Run: [] => [X] HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Policies\Explorer: [] HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-3147454950-3773726357-3176012894-1001 -> {FF9858AD-FFBA-4360-B551-CB47AB646635} URL = FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) C:\Program Files (x86)\Yahoo! C:\ProgramData\iqrjmdeq.fak C:\ProgramData\Temp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WUFI® 5 C:\Users\Krzysieq\AppData\Local\Temp0canimage.jpg C:\Users\Krzysieq\AppData\Roaming\OpenCandy C:\Users\Krzysieq\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sony PC Companion 2.1.lnk C:\Users\Krzysieq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox C:\Windows\System32\roboot64.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe CMD: C:\Windows\SysWOW64\regsvr32.exe /u /s C:\Windows\QMDispatch.dll CMD: sc config "Mobile Partner. RunOuc" start= disabled CMD: sfc /scanfile=C:\Windows\Microsoft.NET\Frameworkx86\v4.0.30319\mscorsvw.exe Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion" /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Systweak /f Reg: reg delete HKCU\Software\Systweak /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. ezSharedSvc => Service deleted successfully. WINIO => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully. HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully. HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully. HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully. HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKU\S-1-5-21-3147454950-3773726357-3176012894-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FF9858AD-FFBA-4360-B551-CB47AB646635}" => Key deleted successfully. HKCR\CLSID\{FF9858AD-FFBA-4360-B551-CB47AB646635} => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1" => Key deleted successfully. C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll => Moved successfully. C:\Program Files (x86)\Yahoo! => Moved successfully. C:\ProgramData\iqrjmdeq.fak => Moved successfully. C:\ProgramData\Temp => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WUFI® 5 => Moved successfully. C:\Users\Krzysieq\AppData\Local\Temp0canimage.jpg => Moved successfully. C:\Users\Krzysieq\AppData\Roaming\OpenCandy => Moved successfully. C:\Users\Krzysieq\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sony PC Companion 2.1.lnk => Moved successfully. C:\Users\Krzysieq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox => Moved successfully. C:\Windows\System32\roboot64.exe => Moved successfully. C:\Windows\SysWOW64\ezSharedSvcHost.exe => Moved successfully. ========= C:\Windows\SysWOW64\regsvr32.exe /u /s C:\Windows\QMDispatch.dll ========= ========= End of CMD: ========= ========= sc config "Mobile Partner. RunOuc" start= disabled ========= [SC] ChangeServiceConfig SUKCES ========= End of CMD: ========= ========= sfc /scanfile=C:\Windows\Microsoft.NET\Frameworkx86\v4.0.30319\mscorsvw.exe ========= Funkcja Ochrona zasob¢w systemu Windows nie mo¾e wykona† ¾¥danej operacji. ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Systweak /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete HKCU\Software\Systweak /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 2.4 GB temporary data. The system needed a reboot. ==== End of Fixlog 23:13:34 ====