Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 Ran by tds at 2014-02-10 18:54:00 Run:2 Running from C:\Users\tds\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Unlock: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Unlock: HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Navw32.exe HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" <==== ATTENTION IFEO\Navw32.exe: [Debugger] C:\Users\tds\Documents\315load32.exe Unlock: C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url Unlock: C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled Unlock: C:\Users\tds\Desktop\r5e0sb3w.exe Unlock: C:\Users\tds\Desktop\SecurityCheck.exe.mxdl Unlock: C:\Users\tds\Desktop\SecurityCheck(1).exe.mxdl C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled C:\Users\tds\AppData\Roaming\ATI C:\Users\tds\AppData\Roaming\QuickScan C:\Users\tds\Desktop\r5e0sb3w.exe C:\Users\tds\Desktop\SecurityCheck.exe.mxdl C:\Users\tds\Desktop\SecurityCheck(1).exe.mxdl R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-12-18] (BitDefender S.R.L.) C:\Windows\System32\DRIVERS\Trufos.sys ***************** "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" => Key unlocked successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Navw32.exe" => Error unlocking key. HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Navw32.exe => Error deleting key "C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url" => File/Diroctory unlocked successfully. "C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => File/Diroctory unlocked successfully. "C:\Users\tds\Desktop\r5e0sb3w.exe" => File/Diroctory unlocked successfully. "C:\Users\tds\Desktop\SecurityCheck.exe.mxdl" => File/Diroctory unlocked successfully. "C:\Users\tds\Desktop\SecurityCheck(1).exe.mxdl" => File/Diroctory unlocked successfully. C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url => Moved successfully. C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => Moved successfully. C:\Users\tds\AppData\Roaming\ATI => Moved successfully. C:\Users\tds\AppData\Roaming\QuickScan => Moved successfully. C:\Users\tds\Desktop\r5e0sb3w.exe => Moved successfully. C:\Users\tds\Desktop\SecurityCheck.exe.mxdl => Moved successfully. C:\Users\tds\Desktop\SecurityCheck(1).exe.mxdl => Moved successfully. Trufos => Service deleted successfully. C:\Windows\System32\DRIVERS\Trufos.sys => Moved successfully. ==== End of Fixlog ====