Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 Ran by Tomek at 2014-10-30 17:11:51 Run:1 Running from C:\Users\Tomek\Desktop Loaded Profile: Tomek (Available profiles: Tomek & Mateusz) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: Task: {80661CB9-B627-42DD-AEAA-F09D62EEFA9A} - System32\Tasks\WinSTAT => C:\ProgramData\WinSTAT\WinSTAT.exe ShortcutWithArgument: C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1408122845&from=smt&uid=SAMSUNGXHD200HJ_S16KJDWQ806266 ShortcutWithArgument: C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1408122845&from=smt&uid=SAMSUNGXHD200HJ_S16KJDWQ806266 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File HKU\S-1-5-21-606281877-1479866930-3929170589-1000\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" BootExecute: autocheck autochk * sdnclean64.exe S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X] C:\ProgramData\WinSTAT C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP RemoveDirectory: C:\Users\Administrator Folder: C:\Users\Tomek\AppData\Roaming\tor Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80661CB9-B627-42DD-AEAA-F09D62EEFA9A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80661CB9-B627-42DD-AEAA-F09D62EEFA9A}" => Key deleted successfully. C:\Windows\System32\Tasks\WinSTAT => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinSTAT" => Key deleted successfully. C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\Mateusz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument was removed successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully. "HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully. C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found. HKU\S-1-5-21-606281877-1479866930-3929170589-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully. MSICDSetup => Service deleted successfully. NTIOLib_1_0_C => Service deleted successfully. C:\ProgramData\WinSTAT => Moved successfully. C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP => Moved successfully. "C:\Users\Administrator" => Removed successfully. ========================= Folder: C:\Users\Tomek\AppData\Roaming\tor ======================== 2014-09-07 07:03 - 2014-10-17 13:59 - 0019782 _____ () C:\Users\Tomek\AppData\Roaming\tor\cached-certs 2014-09-07 07:03 - 2014-10-17 15:10 - 1311678 _____ () C:\Users\Tomek\AppData\Roaming\tor\cached-microdesc-consensus 2014-10-17 13:58 - 2014-10-17 14:28 - 3108105 _____ () C:\Users\Tomek\AppData\Roaming\tor\cached-microdescs 2014-09-07 07:03 - 2014-10-17 14:28 - 0000000 _____ () C:\Users\Tomek\AppData\Roaming\tor\cached-microdescs.new 2014-09-07 07:03 - 2014-10-17 13:58 - 0000000 _____ () C:\Users\Tomek\AppData\Roaming\tor\lock 2014-09-07 07:03 - 2014-10-17 15:47 - 0001968 _____ () C:\Users\Tomek\AppData\Roaming\tor\state ====== End of Folder: ====== ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====