2015-04-29 00:25:11

Greetings to all of us here. I Really need some help about my computer. I'm having problems with my computer. I can't open regedit and task manager. First i've tried to enable the registry editor and search around on the internet on how to do it. I tried different steps but still I can't figured it out. Here are the steps that used to enable registry.    Enable Registry Editor using the Group Policy Editor
1. Click on Start. Go to Run. Users running Windows 8.1, Windows 8, Windows 7 or Vista, go to Search.
2. Type gpedit.msc and press Enter.
3. Navigate to User Configuration/ Administrative Templates / System.
4. In the work area, double click on "Prevent Access to registry editing tools".
5. In the popup window, encircle Disabled and click on OK.
6. Normally, Registry Editor will be immediately accessible. If it is not, restart your PC. I can't do the step 4 because i can't find the "Prevent Access to registry editing tools". So what i did, i skip that way.   Another steps.     Enable Regedit by simply running a CMD Command
1. Open Notepad.
2. Copy the code given below and paste it.
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /t Reg_dword /v DisableRegistryTools /f /d 0
3. Save the file as EnableRegistry.bat. Run this file as Administrator if you use Windows 8, Windows 7 or Windows Vista. In Windows XP, simply open the file. CMD will flash for a second and then disappear. This indicates successful execution.
4. Log Off and Log Back On. I restarted my computer but after did that thing, I tried to open the regedit but still won't work.    Visual Basic Script to Enable/ Disable Registry Editor
Doug Knox has created a VBS Script which allows users to easily enable and disable the Registry Editor. Just download regedit tools.zip, extract the VBS file and double click on it. This script reverses the current state of the Registry Editor. If registry editing is set to enabled, this script will disable it and if it is disabled, it will enable it.
I also tried this thing. But after i click the file, and disabled the scrip. And I did the same thing. But still won't work. Another problem is, after i turned my computer on, A dialog box will appear.  Can not find script file "C:\Users\FAELNAR\AppData\Local\Microsoft\CD Burning\dekstop.ini".
As what i've remember, I installed super antispyware and scan my computer and there are threats found. So what i did is i remove those threats.  The last dialog box is,  Loading script "C:\Windows\:Microsoft Office Update for Windows XP.sys" failed (The filename, directory name, or volume label syntax is incorrect. And I have no idea what's this all about. Ok guys i think that's all and please comment below. Thanks and regards. From Chris

2015-04-29 00:40:48

Forget all that other stuff, all you should have to do is go to the run menu and type regedit and hit enter if for some reason that fails, do the same and hit control shift enter which forces it as an elevated command. I've never had to do any of this enabling business to access the registry editor on any version of windows including XP 7 8, 8.1 and windows10 technical preview build 9926

Facts with Tom MacDonald, Adam Calhoun, and Dax
End racism
End division
Become united

2015-04-29 06:44:44

hi,
the task manager and regedit tools are disabled because you have malware.  The malware probably disabled it.  If you are not running windows 8.1, download and run combofix.
http://www.bleepingcomputer.com/downloa … fix/dl/12/
  Though make sure your antivirus is turned off.  That should automaticly delete most of the malware and restore the registry and task manager.  Then run a scan with malwarebytes and remove anything it finds.

A learning experience is one of those things that say, "You know that thing you just did? Don't do that."

2015-04-29 11:30:20

Ok now i've done the whole thing. I download this software and it automatically scanned my computer and remove all malware. So what happened is i've read the log and i found out this one. By the way before i for get, i tried opening the taskmgr but still it's not enable after scanning.      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-03 11:24    578240    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02    23008    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\FAELNAR\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-04-28 1443160]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-21 3829328]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"Df5serv"="Wscript.exe" [2009-07-14 141824]
"Explorer"="Wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2013-10-22 6336216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-04-01 748256]
"JAWS"="c:\program files\Freedom Scientific\JAWS\14.0\jfw.exe" [2013-01-18 7126528]
"Freedom Import Printer printing agent"="c:\program files\Freedom Scientific\Shared\Freedom Import Printer\fipagent.exe" [2011-08-05 94208]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-03 4085896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-14 157480]
"WinUpdate"="Wscript.exe" [2009-07-14 141824]
.
c:\users\FAELNAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Love Affair 1994 avi.lnk - c:\programdata\{fef66e65-f563-6a2d-fef6-66e65f56b997}\Love Affair 1994 avi.exe --startup=1 [2014-4-18 374272]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistrytools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)

2015-04-29 12:14:30

Yes! I did it. I did to solve the task manager. But the regedit, still can't access it. How can i find the prevent access registry editor tools? i can't find it after i go to local group policy/user configuration/administrative templets/system, i can't find it by pressing p. How to find that one?

2015-04-30 18:28:39

hi,
When you ran combofix, did you get any warnings?  Also, from the part of the log you posted, I can see that you still have some malware.  Aditionally, you are running an ancient version of avast (avast 5).  If you still have the combofix  log  could you post the first part of it upto the point where it says files created from xxxxx to xxxx

A learning experience is one of those things that say, "You know that thing you just did? Don't do that."

2015-05-01 01:04:35

Hi,

Are you sure that you are an admin of your computer? I know that if you are not, you will not be able to open regedit.

2015-05-03 20:07:33

hi chriss, it does sound to me as if you are defenatly not the  admin of that pc, how ever, i ahve seen malware behave in a similar fassion. i have a few pieces of advice, first off, get up to date anty virus software, secondly, download malware bites antimalware. and run it. ask if u get stuck. run a full scan, it wil take hours. but be warned, back up all important documents and files from your windows drive before u mess around with its registry. trust me on that, i lurned the very very hard way. grins. if all else fails. create a new user account with admin privelidges.  and see if that account can acces reg edet. if not. get back to us.
there's alot u can try,, but these are some randum warnings and tips. smile

There's a place for me in this universe.

2015-05-04 23:42:20

Guys i already disabled my avast because it is not accessible to me. So i think i'm gonna install the microsoft essential and now i have downloaded a malware bites but not the full version. It has 15 days trials. And by the way, i this computer don't have a password. So everyone can use it. And i only use one account here. Only the faelnar account. But how come that it has been disabled by my administrator?? I'm using the admin account.

2015-05-04 23:43:29

At ins, haha i forgot to save the combo fix log.

2015-05-05 14:26:29

hi,
you don't need to save the combofix log.  Go to computer local disk c.  In the c drive you should have a file called combofix.txt.  This is the combofix log.

A learning experience is one of those things that say, "You know that thing you just did? Don't do that."

2015-05-06 01:12:05

I'll just post it here. The whole file because i can't find where the xxxx you said is.          ComboFix 15-04-28.01 - FAELNAR 04/29/2015  17:06:11.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.3271.1940 [GMT 8:00]
Running from: d:\downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\Documents and Settings.lnk
C:\Music.lnk
c:\program files\SAlePliuis
c:\program files\SAlePliuis\Aplikasi.lnk
c:\program files\SAlePliuis\autorun.inf
c:\program files\SAlePliuis\dekstop.ini
c:\program files\SAlePliuis\Microsoft.lnk
c:\program files\SAlePliuis\Music.lnk
c:\program files\SAlePliuis\QcfEzDFU23gQHP.dat
c:\program files\SAlePliuis\QcfEzDFU23gQHP.dll
c:\program files\SAlePliuis\QcfEzDFU23gQHP.exe
c:\program files\SAlePliuis\QcfEzDFU23gQHP.tlb
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\Aplikasi.lnk
c:\program files\youtubeadblocker\autorun.inf
c:\program files\youtubeadblocker\dekstop.ini
c:\program files\youtubeadblocker\f67OhFxKuM2CDI.dat
c:\program files\youtubeadblocker\f67OhFxKuM2CDI.dll
c:\program files\YoutubeAdblocker\f67OhFxKuM2CDI.exe
c:\program files\YoutubeAdblocker\f67OhFxKuM2CDI.tlb
c:\program files\YoutubeAdblocker\Microsoft.lnk
c:\program files\youtubeadblocker\Music.lnk
c:\programdata\4733094514238228814
c:\programdata\4733094514238228814.lnk
c:\programdata\4733094514238228814\Aplikasi.lnk
c:\programdata\4733094514238228814\autorun.inf
c:\programdata\4733094514238228814\bd6413ec2b541df2f2aee561f47c63c2.ini
c:\programdata\4733094514238228814\cd5b15e575e1c3d0f2aee561f47c63c2.ini
c:\programdata\4733094514238228814\dekstop.ini
c:\programdata\4733094514238228814\eb08bbec1c735443f2aee561f47c63c2.ini
c:\programdata\4733094514238228814\Microsoft.lnk
c:\programdata\4733094514238228814\Music.lnk
c:\programdata\Microsoft\Windows\Templates\Aplikasi.lnk
c:\programdata\Microsoft\Windows\Templates\Microsoft.lnk
c:\programdata\Microsoft\Windows\Templates\Music.lnk
c:\users\Default\Cookies.lnk
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\background.html
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\content.js
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\JRQe.js
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\lsdb.js
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjbledkahnanmoekcemgbbpeihcgmbp\118\manifest.json
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efelaagnocdhjhlkmidonknipjfmgcek_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efelaagnocdhjhlkmidonknipjfmgcek_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hbojjbgonnhfgnegbgpnakmjmfijfamm_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hbojjbgonnhfgnegbgpnakmjmfijfamm_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdjbledkahnanmoekcemgbbpeihcgmbp_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdjbledkahnanmoekcemgbbpeihcgmbp_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lejfooemngidahkppcdmkbkdpbcmfppd_0.localstorage-journal
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lejfooemngidahkppcdmkbkdpbcmfppd_0.localstorage
c:\users\FAELNAR\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_ctypes.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_elementtree.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_hashlib.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_multiprocessing.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_socket.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_ssl.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\_yappi.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\hashobjs_ext.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\pyexpat.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\pysqlite2._sqlite.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\python27.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\pythoncom27.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\PyWinTypes27.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\select.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\unicodedata.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32api.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32com.shell.shell.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32crypt.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32event.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32file.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32gui.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32inet.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32pdh.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32pipe.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32process.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32profile.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32security.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\win32ts.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\windows._lib_cacheinvalidation.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._animate.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._controls_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._core_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._gdi_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._html2.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._misc_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._windows_.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wx._wizard.pyd
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxbase294u_net_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxbase294u_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_adv_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_core_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_html_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\_MEI31202\wxmsw294u_webview_vc90.dll
c:\users\FAELNAR\AppData\Local\Temp\1000\temp\liNDa ronstadt and james ingram - somewhere out there.exe
c:\users\FAELNAR\AppData\Local\Temp\Rpcqt.dll
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\bootstrap.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\chrome.manifest
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\content\bg.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\install.rdf
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\bootstrap.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\chrome.manifest
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\content\bg.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\install.rdf
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\bootstrap.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\chrome.manifest
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\content\bg.js
c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\extensions\[email protected]\install.rdf
c:\users\FAELNAR\Cookies.lnk
c:\windows\SSCE5432.DLL
c:\windows\system32\auto.exe
c:\windows\system32\Serv60d.dll
c:\windows\Tasks\autorun.inf
D:\autorun.inf
D:\Documents.lnk
D:\Music.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-28 to 2015-04-29  )))))))))))))))))))))))))))))))
.
.
2015-04-29 08:55 . 2015-04-29 08:55    7247    ----a-w-    c:\windows\system32\radDF328.tmp
2015-04-29 03:24 . 2015-04-29 03:24    7247    ----a-w-    c:\windows\system32\radFA28C.tmp
2015-04-29 00:01 . 2015-04-29 00:01    7247    ----a-w-    c:\windows\system32\rad30D82.tmp
2015-04-28 23:58 . 2015-04-28 23:58    7247    ----a-w-    c:\windows\system32\rad17F34.tmp
2015-04-28 21:28 . 2015-04-28 21:28    7247    ----a-w-    c:\windows\system32\rad3AC38.tmp
2015-04-28 09:08 . 2015-04-28 09:08    7247    ----a-w-    c:\windows\system32\rad4402B.tmp
2015-04-28 03:47 . 2015-04-28 03:47    7247    ----a-w-    c:\windows\system32\rad1E6B9.tmp
2015-04-28 03:44 . 2015-04-28 21:30    --------    d-----w-    c:\programdata\ce1964c3000045f4
2015-04-28 02:45 . 2015-04-28 02:45    7247    ----a-w-    c:\windows\system32\rad77676.tmp
2015-04-28 00:45 . 2015-04-28 00:45    7247    ----a-w-    c:\windows\system32\rad9E73A.tmp
2015-04-28 00:41 . 2015-04-28 00:41    7247    ----a-w-    c:\windows\system32\rad1A513.tmp
2015-04-28 00:40 . 2015-04-28 00:40    7247    ----a-w-    c:\windows\system32\radC95AE.tmp
2015-04-28 00:37 . 2015-04-28 00:37    7247    ----a-w-    c:\windows\system32\radE116D.tmp
2015-04-28 00:30 . 2015-04-28 00:30    7247    ----a-w-    c:\windows\system32\rad28CAA.tmp
2015-04-28 00:16 . 2015-04-28 00:16    7247    ----a-w-    c:\windows\system32\radD2269.tmp
2015-04-27 23:14 . 2015-04-04 06:39    9201616    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{90EF4447-F997-4FA7-8B7F-D9ABFD17C00E}\mpengine.dll
2015-04-27 20:02 . 2015-04-27 20:02    7247    ----a-w-    c:\windows\system32\rad0504D.tmp
2015-04-27 13:24 . 2015-04-27 13:24    7247    ----a-w-    c:\windows\system32\rad851CC.tmp
2015-04-27 08:53 . 2015-04-27 08:53    7247    ----a-w-    c:\windows\system32\radA9036.tmp
2015-04-27 07:25 . 2015-04-28 21:30    --------    d-----w-    c:\programdata\Mini - Adblocker
2015-04-27 06:25 . 2015-04-27 06:25    7247    ----a-w-    c:\windows\system32\rad759CD.tmp
2015-04-27 04:19 . 2015-04-27 04:19    7247    ----a-w-    c:\windows\system32\rad17458.tmp
2015-04-27 03:41 . 2015-04-27 03:41    --------    d-----w-    c:\users\FAELNAR\AppData\Roaming\Vgstorm.com
2015-04-27 03:15 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\radFE6C9.tmp
2015-04-27 03:15 . 2015-04-29 03:26    --------    d-----w-    c:\program files\VGStorm.com
2015-04-26 23:28 . 2015-04-26 23:28    7247    ----a-w-    c:\windows\system32\rad6517E.tmp
2015-04-26 21:21 . 2015-04-26 21:21    7247    ----a-w-    c:\windows\system32\rad64669.tmp
2015-04-26 13:39 . 2015-04-26 13:39    7247    ----a-w-    c:\windows\system32\rad695DC.tmp
2015-04-26 13:20 . 2015-04-26 13:20    7247    ----a-w-    c:\windows\system32\rad0D0B6.tmp
2015-04-26 11:29 . 2015-04-26 11:29    7247    ----a-w-    c:\windows\system32\rad4068E.tmp
2015-04-26 11:29 . 2015-04-26 11:29    7247    ----a-w-    c:\windows\system32\rad9A0E0.tmp
2015-04-26 11:29 . 2015-04-26 11:29    7247    ----a-w-    c:\windows\system32\rad867FF.tmp
2015-04-26 11:29 . 2015-04-26 11:29    7247    ----a-w-    c:\windows\system32\rad9CFDE.tmp
2015-04-26 05:47 . 2015-04-26 05:47    7247    ----a-w-    c:\windows\system32\rad57CCB.tmp
2015-04-26 01:59 . 2015-04-26 01:59    7247    ----a-w-    c:\windows\system32\rad14C30.tmp
2015-04-25 21:55 . 2015-04-25 21:55    7247    ----a-w-    c:\windows\system32\rad9C50C.tmp
2015-04-25 19:23 . 2015-04-25 19:23    7247    ----a-w-    c:\windows\system32\rad08EF8.tmp
2015-04-25 13:31 . 2015-04-25 13:31    7247    ----a-w-    c:\windows\system32\radFC1B6.tmp
2015-04-25 13:15 . 2015-04-25 13:15    7247    ----a-w-    c:\windows\system32\radC707A.tmp
2015-04-25 04:32 . 2015-04-25 04:32    7247    ----a-w-    c:\windows\system32\rad26ED7.tmp
2015-04-24 23:43 . 2015-04-24 23:43    7247    ----a-w-    c:\windows\system32\radA07A6.tmp
2015-04-24 23:39 . 2015-04-25 19:25    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2015-04-24 23:39 . 2015-04-25 19:24    --------    d-----w-    c:\program files\SUPERAntiSpyware
2015-04-24 22:01 . 2015-04-24 22:01    7247    ----a-w-    c:\windows\system32\rad68A46.tmp
2015-04-24 15:03 . 2015-04-24 15:03    7247    ----a-w-    c:\windows\system32\rad3CC2E.tmp
2015-04-24 14:51 . 2015-04-24 14:51    7247    ----a-w-    c:\windows\system32\rad93341.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\radE4D6E.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\radB8571.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\radAC353.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\radA8060.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\radF0371.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\rad394D5.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\rad2E1A9.tmp
2015-04-24 14:49 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\rad756AC.tmp
2015-04-24 14:48 . 2015-04-24 14:48    7247    ----a-w-    c:\windows\system32\rad5E5F1.tmp
2015-04-22 02:12 . 2015-04-28 03:44    --------    d-----w-    c:\program files\TrimInstance
2015-04-22 02:12 . 2015-04-25 19:24    --------    d-----w-    c:\program files\SaleePluss
2015-04-22 02:11 . 2015-04-25 19:24    --------    d-----w-    c:\programdata\dpdicfeepahjjoekbeagfdjonkjjfopb
2015-04-21 23:02 . 2015-04-25 19:24    --------    d-----w-    c:\program files\LinkMonitor
2015-04-21 22:59 . 2015-04-25 19:24    --------    d-----w-    c:\programdata\ochjmlpemmmhgmodakchpjfnbhbjacmk
2015-04-21 06:21 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\rad87052.tmp
2015-04-21 06:21 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\rad57B55.tmp
2015-04-21 06:21 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\rad4B9B3.tmp
2015-04-21 06:21 . 2006-02-04 10:30    11330    --sha-r-    c:\windows\system32\rad0C56D.tmp
2015-04-18 08:41 . 2015-04-25 19:25    --------    d-----w-    c:\programdata\{fef66e65-f563-6a2d-fef6-66e65f56b997}
2015-04-06 12:46 . 2015-04-10 04:26    --------    d-----w-    c:\users\FAELNAR\AppData\Roaming\stw
2015-04-06 12:46 . 2015-04-25 19:24    --------    d-----w-    c:\program files\Sam Tupy
2015-04-02 17:25 . 2015-04-25 19:24    --------    d-----w-    c:\program files\Set New Tab To Google
2015-04-02 17:24 . 2015-04-25 19:24    --------    d-----w-    c:\program files\SalePlus
2015-04-02 17:24 . 2015-04-25 19:24    --------    d-----w-    c:\program files\SalePlUss
2015-04-02 17:23 . 2015-04-25 19:24    --------    d-----w-    c:\programdata\klhcjfkgnlaehhkjaldjjelccmiagoga
2015-04-02 17:11 . 2015-04-25 19:25    --------    d-----w-    c:\programdata\{eae0ff25-bac1-1247-eae0-0ff25bacfc96}
2015-04-02 13:54 . 2015-03-27 00:10    122432    ----a-w-    c:\windows\system32\drivers\idmwfp.sys
2015-04-02 05:00 . 2015-04-25 19:24    --------    d-----w-    c:\program files\reality software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-29 09:15 . 2015-04-29 09:15    7247    ----a-w-    c:\windows\system32\rad50CEE.tmp
2015-04-29 08:57 . 2015-04-25 19:25    722    ----a-w-    c:\windows\Fonts\Music.lnk
2015-04-29 08:57 . 2015-04-24 14:48    730    ----a-w-    c:\windows\Fonts\Microsoft.lnk
2015-04-28 13:40 . 2014-08-07 12:21    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-04-28 13:36 . 2015-04-24 22:03    728    ----a-w-    c:\windows\Fonts\Aplikasi.lnk
2015-04-24 14:48 . 2015-04-24 14:48    246    --sha-r-    c:\windows\Fonts\autorun.inf
2015-04-15 11:55 . 2014-08-15 12:11    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-04-15 11:55 . 2014-08-15 12:11    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-23 20:23 . 2014-08-25 21:12    246920    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-03 11:24    578240    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 06:24    576840    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02    23008    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\FAELNAR\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-04-28 1443160]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-21 3829328]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"Df5serv"="Wscript.exe" [2009-07-14 141824]
"Explorer"="Wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2013-10-22 6336216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-04-01 748256]
"JAWS"="c:\program files\Freedom Scientific\JAWS\14.0\jfw.exe" [2013-01-18 7126528]
"Freedom Import Printer printing agent"="c:\program files\Freedom Scientific\Shared\Freedom Import Printer\fipagent.exe" [2011-08-05 94208]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-10-03 4085896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-14 157480]
"WinUpdate"="Wscript.exe" [2009-07-14 141824]
.
c:\users\FAELNAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Love Affair 1994 avi.lnk - c:\programdata\{fef66e65-f563-6a2d-fef6-66e65f56b997}\Love Affair 1994 avi.exe --startup=1 [2014-4-18 374272]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistrytools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-08-21 16:30    959176    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45    35736    ----a-w-    c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 16:47    31016    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
R2 Update Box Rock;Update Box Rock;c:\program files\Box Rock\updateBoxRock.exe [x]
R3 JTVNCProxy_14.0;JTVNCProxy_14.0;c:\program files\Freedom Scientific\JAWS\14.0\JTVNCProxy.exe [2012-12-07 17800]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 PowerBrl;powerBraille System Driver;c:\windows\system32\Drivers\powerbrl.sys [2012-12-07 16744]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 {0560c2c7-b36f-426f-a359-b736008b85a6}Gw;{0560c2c7-b36f-426f-a359-b736008b85a6}Gw;c:\windows\system32\drivers\{0560c2c7-b36f-426f-a359-b736008b85a6}Gw.sys [2015-01-09 43144]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-22 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-10-03 414520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-02 209408]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-04-01 276992]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2013-11-04 50432]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-03 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-03 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-03 71944]
S2 Freedom Scientific Kernel Manager {D2B4C7A7-7605-4039-89E4-DE5CC69BBE9D};Freedom Scientific Kernel Manager;c:\windows\system32\fsKMgr.dll [2011-08-05 20512]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-27 122432]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2013-07-23 239696]
S2 nvda;nvda;c:\program files\NVDA\nvda_service.exe [2014-11-27 40040]
S2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [2015-01-10 473088]
S3 fsvidmir;fsvidmir;c:\windows\system32\DRIVERS\fsvidmir.sys [2011-08-05 2944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-08-27 679128]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-14 23:48    988488    ----a-w-    c:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15 11:55]
.
2015-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-18 22:36]
.
2015-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-18 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bendot.co.nr
mStart Page = hxxp://websearch.goodforsearch.info/?pid=24387&r=2015/04/21&hid=17487166612002595778&lg=EN&cc=PH&unqvl=86
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\FAELNAR\AppData\Roaming\Mozilla\Firefox\Profiles\zxkqwvfy.default-1423252210021\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.goodforsearch.info/?pid=24387&r=2015/04/21&hid=17487166612002595778&lg=EN&cc=PH&unqvl=86&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.goodforsearch.info/?pid=24387&r=2015/04/21&hid=17487166612002595778&lg=EN&cc=PH&unqvl=86&l=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\users\FAELNAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\linda ronstadt and james ingram - Somewhere Out There.lnk - c:\programdata\{eae0ff25-bac1-1247-eae0-0ff25bacfc96}\linda ronstadt and james ingram - Somewhere Out There.exe --startup=1
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
AddRemove-FSReader2.0 - c:\program files\Freedom Scientific\FSReader\2.0\UninstallFSReader.exe
AddRemove-{1D23FD63-5756-428D-B03C-657FA3F54900}_is1 - d:\games\RTR\unins000.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\youtubeadblocker\f67OhFxKuM2CDI.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1987745807-665350631-1174593031-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,1e,d5,13,85,49,28,2e,14,32,02,4d,93,c3,b3,b2,fd,10,7b,0b,af,
   1b,9c,54,c6,0c,83,ca,79,41,85,77,52,17,19,d9,1d,c8,d0,82,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1987745807-665350631-1174593031-1000_Classes\CLSID\{f7d55177-c3c6-4767-88d3-8f61efc419e4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000161
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3176)
c:\program files\Internet Download Manager\idmmkb.dll
c:\progra~1\MICROS~1\Office12\GR0C18~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\LuckyTab\LuckyTab.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wscript.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Freedom Scientific\JAWS\14.0\fsATProxy.exe
c:\programdata\{fef66e65-f563-6a2d-fef6-66e65f56b997}\Love Affair 1994 avi.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\NVDA\nvda.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2015-04-29  17:20:01 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-29 09:20
.
Pre-Run: 42,275,000,320 bytes free
Post-Run: 42,930,081,792 bytes free
.
- - End Of File - - 141D240715B9326FCB0D851BE855DEA8
A36C5E4F47E84449FF07ED3517B43A31

2015-05-06 08:15:44

hi,
wow! your computer apparently had an insane amount of malware.  I would recommend downloading and scanning with malwarebytes to remove the rest of the infections.  You also have adware, so you might want to run adwcleaner and the junkware removal tool.

A learning experience is one of those things that say, "You know that thing you just did? Don't do that."

2015-05-06 15:24:05 (edited by Socheat 2015-05-06 15:24:40)

and you can get adware removal tools from Here

hth.

2015-05-06 16:12:22

Hi cris!
try glary utility and I think there is an option of removing malware in this utility you can do everything like cleaning registries repairing and and other stuff.
well try E set smart security not MS esential
Thanks
Ishan

life's battle do not always go to the stronger and faster man,
But sooner or later who win the one who thinks he can!

2015-05-07 01:16:54

Hi guys, thanks for all your help. And now my problem is, i can't uninstall the spy hunter. I Downloaded  a software called spy hunter and it works a little bit. But what happened is i'm done using it, now i decided to uninstall that software but i can't. But anyways, i think this is all accessible for me. The adware removal tool. Thanks to all of you. smile

2015-05-07 01:31:28

I just want to uninstall that software because it's not very accessible for us. Although i manage to use it with the NVDA and clicking some buttons using the mouse, but what i want is a software that is accessible for us. smile

2015-05-07 15:20:29

Hi,
If you can't remove the software, try using revo uninstaller and try using the fource uninstaller option... it should helps you get rid of the software...
hth

2015-05-08 00:13:06

*sigh* at last, It's over. The fight is over. I finally configured it how to activate the registry and taskmgr. Thanks guys. Thanks for helping me. smile