Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 Ran by tds at 2014-02-10 19:54:36 Run:3 Running from C:\Users\tds\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Unlock: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\currentversion\Image File Execution Options Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{153C567D-5801-4AC7-9309-909CCB0C91B3} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{153C567D-5801-4AC7-9309-909CCB0C91B3} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CF082BA-25C8-47FF-90F5-B44287A44E0B} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60F1EE96-E658-42FE-A33B-D3B64BF9D520} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F1EE96-E658-42FE-A33B-D3B64BF9D520} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30BAEE5F-1CEA-497F-B993-4B7305662A75} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD012ADB-3D30-4607-83E5-C59F1A8BE699} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD012ADB-3D30-4607-83E5-C59F1A8BE699} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2337871059-3691734657-1116950341-1000 Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C27BEE03-344F-4F03-A401-4683E643187D} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27BEE03-344F-4F03-A401-4683E643187D} Unlock: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-2337871059-3691734657-1116950341-1000 IFEO\Navw32.exe: [Debugger] C:\Users\tds\Documents\315load32.exe Reg: reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{153C567D-5801-4AC7-9309-909CCB0C91B3}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{153C567D-5801-4AC7-9309-909CCB0C91B3}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CF082BA-25C8-47FF-90F5-B44287A44E0B}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60F1EE96-E658-42FE-A33B-D3B64BF9D520}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F1EE96-E658-42FE-A33B-D3B64BF9D520}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30BAEE5F-1CEA-497F-B993-4B7305662A75}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD012ADB-3D30-4607-83E5-C59F1A8BE699}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD012ADB-3D30-4607-83E5-C59F1A8BE699}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2337871059-3691734657-1116950341-1000" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C27BEE03-344F-4F03-A401-4683E643187D}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27BEE03-344F-4F03-A401-4683E643187D}" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-2337871059-3691734657-1116950341-1000" /f C:\ProgramData\BullGuard C:\ProgramData\Norton C:\Users\tds\AppData\Roaming\BullGuard C:\Windows\Tasks\Launch BullGuard.job C:\Windows\system32\config\afw_hm.conf C:\Windows\system32\config\afw_db.conf ***************** "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\currentversion\Image File Execution Options" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{153C567D-5801-4AC7-9309-909CCB0C91B3}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{153C567D-5801-4AC7-9309-909CCB0C91B3}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CF082BA-25C8-47FF-90F5-B44287A44E0B}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60F1EE96-E658-42FE-A33B-D3B64BF9D520}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F1EE96-E658-42FE-A33B-D3B64BF9D520}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30BAEE5F-1CEA-497F-B993-4B7305662A75}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD012ADB-3D30-4607-83E5-C59F1A8BE699}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD012ADB-3D30-4607-83E5-C59F1A8BE699}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2337871059-3691734657-1116950341-1000" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C27BEE03-344F-4F03-A401-4683E643187D}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27BEE03-344F-4F03-A401-4683E643187D}" => Key unlocked successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-2337871059-3691734657-1116950341-1000" => Key unlocked successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Navw32.exe => Key deleted successfully. ========= reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{153C567D-5801-4AC7-9309-909CCB0C91B3}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{153C567D-5801-4AC7-9309-909CCB0C91B3}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6CF082BA-25C8-47FF-90F5-B44287A44E0B}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60F1EE96-E658-42FE-A33B-D3B64BF9D520}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60F1EE96-E658-42FE-A33B-D3B64BF9D520}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{30BAEE5F-1CEA-497F-B993-4B7305662A75}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99A5140B-1B88-4FF1-910D-4AFF9103F9BF}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD012ADB-3D30-4607-83E5-C59F1A8BE699}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD012ADB-3D30-4607-83E5-C59F1A8BE699}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2337871059-3691734657-1116950341-1000" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C27BEE03-344F-4F03-A401-4683E643187D}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27BEE03-344F-4F03-A401-4683E643187D}" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-2337871059-3691734657-1116950341-1000" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= C:\ProgramData\BullGuard => Moved successfully. C:\ProgramData\Norton => Moved successfully. C:\Users\tds\AppData\Roaming\BullGuard => Moved successfully. C:\Windows\Tasks\Launch BullGuard.job => Moved successfully. C:\Windows\system32\config\afw_hm.conf => Moved successfully. C:\Windows\system32\config\afw_db.conf => Moved successfully. ==== End of Fixlog ====