Computer cant Math? very confusing.

Okay I have the installer, I will run that later tonight sometime, I gotta do some cleaning aroudn the house and dinner making, and iv got a minecraft server up atm.
 
Turn off system restore and then turn it back on. That will purge any issues involving system restore. Please download and run the following so we can see if there is anything going on in the system.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


Please post the log.
 
ComboFix 14-08-06.02 - Kodama 08/08/2014 3:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8082.6156 [GMT -7:00]
Running from: c:\users\Kodama\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\1407318104.bdinstall.bin
c:\programdata\1407471393.bdinstall.bin
c:\users\Kodama\AppData\Local\Adobe\gccheck.exe
c:\users\Kodama\AppData\Local\Adobe\gtbcheck.exe
c:\users\Kodama\AppData\Local\Adobe\SecurityScan_Release.exe
c:\windows\capsys184523.log
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\windefendam.log
.
.
((((((((((((((((((((((((( Files Created from 2014-07-08 to 2014-08-08 )))))))))))))))))))))))))))))))
.
.
2014-08-08 10:48 . 2014-08-08 10:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-07 07:18 . 2014-08-07 07:18 -------- d-----w- c:\program files (x86)\WinDirStat
2014-08-06 09:45 . 2014-08-06 09:46 -------- d-----w- c:\programdata\BDLogging
2014-08-06 09:45 . 2013-11-04 23:47 74512 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2014-08-06 09:45 . 2007-04-11 18:11 511328 ----a-w- c:\windows\capicom.dll
2014-08-06 09:42 . 2014-08-06 10:18 74512 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2014-08-06 09:42 . 2013-11-04 23:47 84848 ----a-w- c:\windows\system32\BDSandBoxUISkin.dll
2014-08-06 09:42 . 2013-11-04 23:46 34384 ----a-w- c:\windows\system32\BDSandBoxUH.dll
2014-08-06 09:42 . 2014-08-08 10:28 -------- d-----w- c:\program files\Bitdefender
2014-08-06 09:41 . 2014-08-06 09:41 -------- d-----w- c:\users\Kodama\AppData\Roaming\QuickScan
2014-08-06 09:41 . 2014-08-08 04:18 -------- d-----w- c:\program files\Common Files\Bitdefender
2014-08-06 09:41 . 2014-08-06 09:41 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2014-08-05 10:47 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{100A3919-95A6-4F1E-90C6-04A30A59CD75}\mpengine.dll
2014-08-04 19:08 . 2014-08-04 19:08 -------- d-----w- c:\users\Kodama\.android
2014-08-04 05:57 . 2014-08-04 05:57 -------- d-----w- c:\users\Kodama\AppData\Roaming\JAM Software
2014-08-04 05:57 . 2014-08-04 05:57 -------- d-----w- c:\program files (x86)\JAM Software
2014-08-02 21:34 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-02 21:34 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-02 21:34 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-02 21:34 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-02 21:34 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-02 21:34 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-02 21:34 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-02 21:34 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-02 21:34 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 21:34 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-02 21:33 . 2014-05-14 16:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-02 21:33 . 2014-05-14 16:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-02 21:33 . 2014-05-14 16:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-02 21:33 . 2014-05-14 16:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-07-28 20:15 . 2014-08-08 10:41 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-28 20:15 . 2014-07-28 20:15 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-28 20:15 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-28 20:15 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-28 09:10 . 2014-07-28 09:11 -------- d-----w- c:\users\Kodama\AppData\Roaming\PortForward.com
2014-07-28 09:10 . 2014-07-28 09:10 -------- d-----w- c:\program files (x86)\Portforward.com
2014-07-28 08:29 . 2014-07-28 08:29 -------- d-----w- c:\users\Kodama\AppData\Roaming\Bertware
2014-07-25 01:46 . 2014-07-25 01:46 319912 ----a-w- c:\windows\system32\javaws.exe
2014-07-25 01:46 . 2014-07-25 01:46 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-25 01:46 . 2014-07-25 01:46 189352 ----a-w- c:\windows\system32\javaw.exe
2014-07-25 01:46 . 2014-07-25 01:46 189352 ----a-w- c:\windows\system32\java.exe
2014-07-25 01:46 . 2014-07-25 01:46 -------- d-----w- c:\program files\Java
2014-07-25 01:12 . 2014-08-08 08:58 -------- d-----w- c:\users\Kodama\AppData\Roaming\.minecraft
2014-07-22 20:35 . 2014-07-22 20:35 -------- d-----w- c:\users\Kodama\AppData\Local\Ubisoft
2014-07-22 17:42 . 2014-07-22 17:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-22 17:42 . 2014-07-11 10:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-20 21:29 . 2014-07-20 21:32 -------- d-----w- c:\program files (x86)\VAC System
2014-07-19 22:08 . 2014-08-03 19:30 -------- d-----w- c:\users\Kodama\AppData\Roaming\HandBrake
2014-07-19 22:08 . 2014-07-19 22:08 -------- d-----w- c:\program files\Handbrake
2014-07-19 21:44 . 2014-07-20 21:05 -------- d-----w- c:\programdata\One Voice Technologies
2014-07-19 21:43 . 2014-07-19 21:43 -------- d-----w- c:\windows\SysWow64\Adobe
2014-07-16 18:28 . 2014-07-16 18:28 -------- d-----w- c:\programdata\Riot Games
2014-07-09 22:41 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 22:41 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 22:41 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 08:46 . 2013-01-10 05:53 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 03:50 . 2013-01-10 04:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 03:50 . 2013-01-10 04:38 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 03:50 . 2014-07-09 03:50 5659136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-06 21:49 . 2013-01-11 02:49 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-06 21:27 . 2014-07-06 21:27 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-07-06 21:27 . 2013-01-11 02:49 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-06-14 16:33 . 2013-01-11 02:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-05-24 02:33 . 2014-05-24 02:33 864256 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33 . 2014-05-24 02:33 325120 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2014-05-19 06:47 . 2014-05-19 06:47 39080 ----a-w- c:\windows\system32\drivers\rzendpt.sys
2014-05-19 06:47 . 2014-05-19 06:47 155816 ----a-w- c:\windows\system32\drivers\rzudd.sys
2014-05-19 06:26 . 2014-05-19 06:26 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26 . 2014-05-19 06:26 155136 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2014-05-19 06:26 . 2014-05-19 06:26 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2014-05-17 02:35 . 2014-06-15 03:17 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2014-05-17 00:42 . 2014-05-17 00:42 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2014-05-12 14:25 . 2013-01-11 03:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 20:25 1730264 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 20:25 1730264 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 20:25 1730264 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Kodama\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Kodama\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Kodama\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-16 1753280]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-08-06 3600728]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2013-09-03 1400224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-04-03 450560]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-26 1985824]
"BrowserPlugInHelper"="c:\program files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe" [2013-12-09 1962896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-06-23 585560]
"Sound Blaster Z-Series Control Panel"="c:\program files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" [2013-02-27 735744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-07 766208]
.
c:\users\Kodama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kodama\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-5 38893000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin USB Wireless Adaptor Utility.lnk - c:\program files (x86)\Belkin\F9L1101\V1\PBN.exe [2012-10-5 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F9L1101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F9L1101\V1\wlansrv.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys;c:\windows\SYSNATIVE\drivers\UHSfiltv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CtHdaSvc;Sound Blaster Audio Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SpotfluxUpdateService;Spotflux Update Service;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cthda;Sound Blaster Audio Driver;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 cthdb;Sound Blaster Audio Controller Driver;c:\windows\system32\DRIVERS\cthdb.sys;c:\windows\SYSNATIVE\DRIVERS\cthdb.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 20:00 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-10 03:50]
.
2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 06:28]
.
2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02 06:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 20:21 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 20:21 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 20:21 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Kodama\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Kodama\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Kodama\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\Kodama\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{AC27E342-62D6-4BBF-A58A-E40F5858B0E7}: NameServer = 75.153.176.1,75.153.176.9
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Kodama\AppData\Roaming\Mozilla\Firefox\Profiles\ibol2pxv.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL -
FF - ExtSQL: !HIDDEN! 2013-12-19 08:19; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,d8,72,35,3a,f5,fd,46,a9,67,ea,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,d8,72,35,3a,f5,fd,46,a9,67,ea,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-08 03:50:33
ComboFix-quarantined-files.txt 2014-08-08 10:50
.
Pre-Run: 14,144,368,640 bytes free
Post-Run: 13,848,186,880 bytes free
.
- - End Of File - - B08F395C2A438FBE374BA688AB5DCBBB
 
Correct me if im wrong, but considering I had more bytes free before the run then after the run, it would appear that its simply my hard drive failing?
 
Have you ran an extended scan on your drive using the drive manufacture disk diagnostic program? I don't see anything unusual in the log besides that combofix shows there is no active virus program installed. If there was, it would show up in the header next to windows defender and technically windows defender is garbage. I know you said you have MB pro and bit defender but it must not be active.

I would like to see a few more logs though.

1. Navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt. Open that file and copy and paste the contents back here.

2. Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

3. Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
 
johnb35 said:
Have you ran an extended scan on your drive using the drive manufacture disk diagnostic program? I don't see anything unusual in the log besides that combofix shows there is no active virus program installed. If there was, it would show up in the header next to windows defender and technically windows defender is garbage. I know you said you have MB pro and bit defender but it must not be active.

I would like to see a few more logs though.

1. Navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt. Open that file and copy and paste the contents back here.

2. Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

3. Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.
Click to expand...

I uninstalled bit defender before running the scan, and i killed the MBPRO process before running the program as well. NOW the weirdest thing.. I deceided I would try to install kaspersky to see if maybe it could detect something that bitdefender couldnt. I tried that but the install failed and it suggested there may be a virus and to try its free recovery disk option. So I did that, got into the recovery disk and started a scan, it was taking a very long time, so I deceided to close it thinking ill just run it while i sleep tonight.

Before I closed out and restarted my computer I deceided to see what the kaspersky os would say about my c drive and right clicked and went to properties. It correctly said i had 151GB of free space out of the 465, and showed approximetly 284GB used on the drive. In my mind that was good cause i figured that meant the drive isnt failing/corrupted then.

I then restarted my computer went back to windows 7 os. Went to go see how much space its saying I have left now to see if I need to uninstall/delete something yet to give myself more time, and its now also correctly displaying that i have 151gb of free space...

So I dont know what the hell was the issue, but im gonna not do anything for today and see if that space rapidly declines again while im at work tonight, if it does I will pick up where we left off here in this thread, and run those scans. Although I have already run JRT as recommended by a different global mod earlier in this post, and it helped buy me some time by freeing up a few gigs the other day. Also just ran a windirstat scan, and it still shows 31.3GB are unknown space, but that is significantly reduced, still would like to figure out why there is even unknown space though.
 
Last edited:
Here is the log you wanted, though nothing unusual is there that I noticed.

@BIOS
µTorrent
AC3Filter 2.5b
Action!
Adobe AIR
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop Elements 12
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 11.5
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
AMD Catalyst Control Center
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoGreen B12.0206.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Battlefield 4™
Belkin USB Wireless Adaptor
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Creative System Information
DAEMON Tools Lite
DivX Setup
Dolby Digital Live Pack
Dropbox
DTS Connect Pack
Elements 12 Organizer
erLT
FINAL FANTASY XIV - A Realm Reborn
GOM Player
Google Chrome
Google Update Helper
HandBrake 0.9.9.1
Hotspot Shield 3.42
HTC Driver Installer
HTC Sync Manager
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
IPTInstaller
Java 7 Update 65
Java Auto Updater
League of Legends
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.7
Nether
NVIDIA PhysX
ON_OFF Charge B11.1102.1
Open Broadcaster Software
Origin
Pando Media Booster
Platform
PlayClaw 5
PlayClaw 5 fast codec
Port Forward Network Utilities 2.0.1
Project 64 version 2.1.0.1
PSE12 STI Installer
Razer Synapse 2.0
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype™ 6.16
SmartSound Common Data
SmartSound Quicktracks 5
Sound Blaster Tactic(3D)
Sound Blaster Tactic(3D) Sigma
Sound Blaster Z-Series
Sound Blaster Z-Series Extras
Splash Lite
Spotflux
StarCraft II
Steam
System Requirements Lab Detection
System Requirements Lab for Intel
Titanfall™
TreeSize Free V3.0.1
Unity Web Player
Uplay
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
VoiceAttack
WinDirStat 1.1.2
Wondershare Video Converter Ultimate(Build 6.7.0.10)
Xiph QuickTime Components
XSplit Broadcaster
XSplit Gamecaster
 
The only thing I'm gonna question is that you have utorrent installed. A torrent client is used mainly to download illegal/pirated software and is really easy to get infected from. If you have installed pirated software then I highly recommend for you to uninstall it or better yet, do a fresh install of windows.

You are complaining that you are losing space and I'm just trying to put 2and 2 together here. Torrenting may be the cause of your problem.
 
Okedokey said:
The space hes lost is the restore points....
Click to expand...

If he has turned system restore off and then back on again, those restore points will have been deleted. If he is losing space as fast as he says he is then its not the restore points. Sounds like maybe a file duplicator or similar.
 
johnb35 said:
If he has turned system restore off and then back on again, those restore points will have been deleted. If he is losing space as fast as he says he is then its not the restore points. Sounds like maybe a file duplicator or similar.
Click to expand...

Yes, as I have stated if done all the system restore point deltions and resetting multiple times now, I can also use windirstat to see the retore points and the hibernation.sys file and pagefile, all of those are normal and not the issue.

uTorrent I dont believe is the problem. as far as I or even you have been able to tell john, there is no virus like activity, BUT to be safe im still going to run the recovery disk tonight and have it scan while im asleep just to be sure. Also I havent torrented anything in months, nor have i installed or used anything thats been torrented in months. and this issue has only appaeared int he last week or two.

If it was infact a duplicating system then i dont think windirstat would report that there was 150GB of unknown space, because all I LITERALLY did was run the recovery disk os, stopped the scan of my system at 1% then checked what kaspersky os would say if i checked how many gigs im using and how much space I had, then restarted my computer.

If things were being duplicated and such, I dont think the space would magically disapaear over time only to just magically reappear as free space, without deletions of things or whatever.

This sounds to me more like a scanning error/issue from the harddrive, or processor to harddrive or a reporting issue from drive to cpu or something to that affect that somehow by running kaspersky os reset the report/scan of the space in my drive or something like that. To early to say In my opinion.
 
Last edited:
Kodama said:
BUT to be safe im still going to run the recovery disk tonight and have it scan while im asleep just to be sure.

because all I LITERALLY did was run the recovery disk os, stopped the scan of my system at 1%
Click to expand...

What type of recovery disk are you using? And what are you scanning for?
 
johnb35 said:
What type of recovery disk are you using? And what are you scanning for?
Click to expand...

Like I said in the post before, Kaspersky recovery disk. I put it on a usb flash drive, then booted from the usb. and scanning for virsus or whatever.

I just got home from work, and im now at 142GB so it would seem as though its still happening? just for whatever reason running the recovery disk reset whatever is happening. So at the very least I know I can keep doing that to buy myself more time to figure out what the hell the problem is.

So tonight I will run the adw thing and I will try to install kaspersky again for shits and giggles and see if my space change from tonight to tomorrow morning. As of right now i have 40GB of 'Unknown Space' and 142GB of 'Free Space'
 
Okedokey said:
http://blog.windirstat.info/20061013/unknown-space/
Click to expand...

Yeah I read that before, which is why i eliminated the system restore points from the possibilities, and also started my computer up in safe mode, and was set to admin and ran the same scan again, with the exact same results as before when i wasnt in safe mode.

Plus that doesnt explain why while doing nothing i was losing space, and while after i ran the recovery disk and deleted NOTHING, the majority of that unknown space turned back into freespace.
 
# AdwCleaner v3.304 - Report created 09/08/2014 at 03:00:17
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kodama - KODAMA-PC
# Running from : C:\Users\Kodama\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
[#] Service Deleted : AppleChargerSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Kodama\AppData\Local\Conduit
Folder Deleted : C:\Users\Kodama\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Kodama\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kodama\AppData\Roaming\hotspot shield
File Deleted : C:\Windows\System32\AppleChargerSrv.exe
File Deleted : C:\Users\Kodama\AppData\Roaming\Mozilla\Firefox\Profiles\ibol2pxv.default\searchplugins\safeguard-secure-search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Kodama\AppData\Roaming\Mozilla\Firefox\Profiles\ibol2pxv.default\prefs.js ]

Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357874348203,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365326364999,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN49943907421686227&UM=2&UP=SP1FAEEF3B-5658-4940-9552-DA1BAF18E521");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "entrusted Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN49943907421686227&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281675");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "entrusted Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("smartbar.machineId", "EM+KBAIGRCTQQKAWODGPXEM0HXH8V94BEDG5KR4H9XF3EIVFGF33YPZTQNS2MN7X7AAUJXW30KEMNVBF9FACSA");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Kodama\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321897&octid=EB_ORIGINAL_CTID&ISID=M6803F99F-430D-46B0-A569-7F6EF4D04183&SearchSource=55&CUI=&UM=5&UP=SPCF6FA90D-EB38-48A1-BE95-0775F4C3CE69&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [5624 octets] - [09/08/2014 02:59:29]
AdwCleaner[S0].txt - [5537 octets] - [09/08/2014 03:00:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5597 octets] ##########
 
no jrt.txt file was created, but I just copied what the thing said as it happened

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kodama
->Temp folder emptied: 59942109 bytes
->Temporary Internet Files folder emptied: 2103198 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 271579517 bytes
->Flash cache emptied: 726 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5228 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 318.00 mb
 
You must log in or register to reply here.
Back
Top