Disk space going up and down randomly

Recently, i have noticed taht my disk space have been going up and down randomly, i not sure what caused it. can anyone help?

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\TP-LINK\COMMON\TWCU.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TP-LINK Wireless Client Utility.lnk = C:\Program Files\TP-LINK\COMMON\TWCU.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TpMediaServer - Unknown owner - C:\Program Files\TP-LINK\COMMON\RaMediaServer.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Hi Dave,

Did a complete scan on using both application. no virus/malware founds. any idea what caused the hard disk problem?

I would like to see the DDS logs. There should be two of them once you complete the scan.

Superdave wrote:

I would like to see the DDS logs. There should be two of them once you complete the scan.

Sure

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 04-Apr-12 7:23:55 PM
System Uptime: 16-Jul-12 7:11:00 PM (1 hours ago)
.
Motherboard: Intel Corporation | | DG33BU
Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz | CPU1 | 2997/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 9.522 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 1.481 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Service:
.
==== System Restore Points ===================
.
RP101: 12-Jul-12 11:47:23 PM - Scheduled Checkpoint
RP102: 14-Jul-12 10:50:27 AM - Installed HiJackThis
RP103: 15-Jul-12 11:45:59 AM - Removed AVG 2012
RP104: 15-Jul-12 11:49:03 AM - Removed AVG 2012
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuditionSEA
AVG Security Toolbar
BitTorrent
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
D3DX10
Defraggler
Dota 2
FileZilla Client 3.5.3
Free Download Manager 3.8
Garena - BlackShot
Garena Plus
GOM Player
Google Chrome
Google Update Helper
Hamster Free Video Converter
High-Definition Video Playback
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 15.3.68.0
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 33
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
MapleStorySEA
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 301.42
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.8.15
NVIDIA Update Components
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Speccy
Spybot - Search & Destroy
Steam
SuddenAttackSEA
swMSM
TP-LINK Wireless Client Utility
TSST OEM Content
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Warcraft III
Warcraft III: All Products
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
16-Jul-12 7:13:30 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
16-Jul-12 7:13:30 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
12-Jul-12 6:48:19 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by James at 20:14:49 on 2012-07-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2030.1115 [GMT 8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\TP-LINK\COMMON\TWCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\common\TWCU.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F2E3388-C965-4C61-8D15-ADDBC46B87E5} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F2E3388-C965-4C61-8D15-ADDBC46B87E5}\14868656E676 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F2E3388-C965-4C61-8D15-ADDBC46B87E5}\3594E4744554C4D263831343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A270F56E-5A38-4DA9-ADE7-140D113696B3} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-3-9 163328]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\tp-link\common\RaRegistry.exe [2012-4-22 374112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-5 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-16 935480]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\netr28u.sys [2012-4-22 1174880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-15 1262400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-3-9 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-3-9 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-6 86032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-4 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-4-4 15872]
S3 TpMediaServer;TpMediaServer;c:\program files\tp-link\common\RaMediaServer.exe [2012-4-22 619872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-4 52224]
.
=============== Created Last 30 ================
.
2012-07-16 12:09:29 -------- d-----w- c:\users\james\appdata\local\{F8B5A9F5-5859-4D8F-B71A-EC465D702A71}
2012-07-16 12:09:18 -------- d-----w- c:\users\james\appdata\local\{4C622850-312A-45BF-80FC-DA66CFBEBE23}
2012-07-15 03:49:48 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes
2012-07-15 03:48:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 03:48:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 03:48:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-15 03:43:55 -------- d-----w- c:\users\james\appdata\roaming\SUPERAntiSpyware.com
2012-07-15 03:43:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-15 03:08:13 -------- d-----w- c:\users\james\appdata\local\{087BFDA0-8805-4DA4-9A09-15F7A3CAB744}
2012-07-15 03:08:01 -------- d-----w- c:\users\james\appdata\local\{45ABE607-BE3A-4BAE-9338-4CCA28B60BBB}
2012-07-14 13:27:33 -------- d-----w- c:\users\james\appdata\local\{F452D0F9-A10F-46C9-9209-7743AF4C254E}
2012-07-14 13:27:21 -------- d-----w- c:\users\james\appdata\local\{99B9E4EA-1449-42C9-9A25-357D0D26CB58}
2012-07-14 02:50:55 388096 ----a-r- c:\users\james\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-14 02:50:54 -------- d-----w- c:\program files\Trend Micro
2012-07-14 01:26:54 -------- d-----w- c:\users\james\appdata\local\{63704BDC-1BF5-42F2-8AD7-148225F115D0}
2012-07-14 01:26:42 -------- d-----w- c:\users\james\appdata\local\{28D32C0B-E2F9-492F-B79D-DC279FB64FBA}
2012-07-13 10:07:38 -------- d-----w- c:\users\james\appdata\local\{EFDA3CC5-C1F7-4428-A667-EFB4E5AAA929}
2012-07-13 10:07:27 -------- d-----w- c:\users\james\appdata\local\{86CE98E9-7406-4B6A-857E-59E24523F3BD}
2012-07-12 10:02:07 -------- d-----w- c:\users\james\appdata\local\{255CFA76-332C-4EDA-A1B4-C319B3A5862C}
2012-07-12 10:01:54 -------- d-----w- c:\users\james\appdata\local\{813159A8-BE64-4109-9FD5-5821C6403734}
2012-07-11 12:06:37 -------- d-----w- c:\users\james\appdata\local\{6E6B34BF-B28E-4388-83FB-5219A9A53FE7}
2012-07-11 12:06:25 -------- d-----w- c:\users\james\appdata\local\{5C98E184-561B-41F5-81C4-8E5F64E117A8}
2012-07-11 00:06:10 -------- d-----w- c:\users\james\appdata\local\{9E051EDC-6ED2-4FAC-91E1-8ED338966B74}
2012-07-11 00:05:58 -------- d-----w- c:\users\james\appdata\local\{26274F66-F989-475E-B5F3-AF7B523D07E6}
2012-07-10 10:11:12 -------- d-----w- c:\users\james\appdata\local\{2A6EE577-7C4E-423C-9EF3-ADEFC4C0B0B5}
2012-07-10 10:11:00 -------- d-----w- c:\users\james\appdata\local\{8C6A5DEB-7B94-4BB2-A24F-22AB00A1A958}
2012-07-09 09:55:46 -------- d-----w- c:\users\james\appdata\local\{2B08A302-0513-47B0-B4FD-5C838804C48A}
2012-07-09 09:55:34 -------- d-----w- c:\users\james\appdata\local\{F29F06C1-DD23-4899-8641-B47DD9A53107}
2012-07-08 14:42:42 -------- d-----w- c:\users\james\appdata\local\{CC3FE88B-D4B9-4DD5-8F23-2837232085E7}
2012-07-08 14:42:29 -------- d-----w- c:\users\james\appdata\local\{2AD58418-6394-4C29-9889-7B240278451B}
2012-07-08 02:42:00 -------- d-----w- c:\users\james\appdata\local\{88394601-1783-4033-BCBA-BA90A0741EBE}
2012-07-08 02:41:46 -------- d-----w- c:\users\james\appdata\local\{FEC90B69-76C5-46A5-9745-0DEC32A59FE8}
2012-07-07 14:41:04 -------- d-----w- c:\users\james\appdata\local\{721EA8A3-259D-4C3D-8FEE-06FFB34D9EA8}
2012-07-07 14:40:48 -------- d-----w- c:\users\james\appdata\local\{CB09BB40-E9F9-4629-9287-B12A64D34FA3}
2012-07-07 02:40:15 -------- d-----w- c:\users\james\appdata\local\{3E76A4AF-A392-4DAE-BFD3-B7D5358ABA51}
2012-07-07 02:40:03 -------- d-----w- c:\users\james\appdata\local\{CD30C610-9336-44A3-BEB5-9AD7A4479C6B}
2012-07-06 09:59:11 -------- d-----w- c:\users\james\appdata\local\{F13CC04B-4949-4B33-9C25-D7B38307DCC1}
2012-07-06 09:59:00 -------- d-----w- c:\users\james\appdata\local\{F42BBA08-7EB8-4CE5-8436-B23AF8D9EC2E}
2012-07-05 15:04:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-05 15:04:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-05 10:00:03 -------- d-----w- c:\users\james\appdata\local\{6647839E-FF2B-4B1E-8C48-EDA927EAF3C9}
2012-07-05 09:59:51 -------- d-----w- c:\users\james\appdata\local\{741529A1-4102-438C-8129-B2A29BCF2D12}
2012-07-04 10:04:19 -------- d-----w- c:\users\james\appdata\local\{6ABB7275-9E8C-47DC-A213-8A57B04612B4}
2012-07-04 10:04:07 -------- d-----w- c:\users\james\appdata\local\{8DF087BB-296F-431A-9739-1BD2BC32F8D7}
2012-07-03 09:55:50 -------- d-----w- c:\users\james\appdata\local\{757C2C15-5EF5-4701-9257-E45400C4D6CD}
2012-07-03 09:55:39 -------- d-----w- c:\users\james\appdata\local\{341132D7-73DE-4294-ABB8-84585C3D2BF2}
2012-07-02 10:04:58 -------- d-----w- c:\users\james\appdata\local\{9C261B52-0AF1-4FE1-97EB-DFAF0BD232EA}
2012-07-02 10:04:46 -------- d-----w- c:\users\james\appdata\local\{615C7B31-A85E-4A48-8D33-82660068781C}
2012-07-01 04:14:52 -------- d-----w- c:\users\james\appdata\local\{4E06ED5B-54CB-401F-83CF-9EE7FF556BD3}
2012-07-01 04:14:40 -------- d-----w- c:\users\james\appdata\local\{D29B3A81-E430-4A04-95FB-E59A306FCD0B}
2012-06-30 15:05:40 -------- d-----w- c:\users\james\appdata\local\{AB5269F0-44C2-48A1-9321-E9F8E2010BDE}
2012-06-30 15:05:17 -------- d-----w- c:\users\james\appdata\local\{95A4306C-14B4-4D47-9561-F5AFA90319E8}
2012-06-30 03:53:41 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 03:04:31 -------- d-----w- c:\users\james\appdata\local\{B6EF527F-D325-4FAC-8586-B0619C891728}
2012-06-30 03:04:18 -------- d-----w- c:\users\james\appdata\local\{15DD3ED4-8C4B-474A-88A2-5436EA04561D}
2012-06-29 09:55:29 -------- d-----w- c:\users\james\appdata\local\{2079BF1B-7131-498A-AF8A-7D4C17077958}
2012-06-29 09:55:17 -------- d-----w- c:\users\james\appdata\local\{1B59A93E-67BC-4BA2-99FA-09603E99F053}
2012-06-28 12:29:19 -------- d-----w- c:\users\james\appdata\local\{98ED4B0A-70AB-4101-8D2E-9C4AD92E2AD7}
2012-06-28 12:29:07 -------- d-----w- c:\users\james\appdata\local\{97CDC963-CD06-43F2-B742-7D65B9319EDB}
2012-06-28 00:10:25 -------- d-----w- c:\users\james\appdata\local\{E6EF1DD1-3FE5-426F-8CD2-82EF6F3C4CA9}
2012-06-28 00:10:12 -------- d-----w- c:\users\james\appdata\local\{627EA1D0-3908-4805-BBDA-1C004212CE2B}
2012-06-27 04:23:04 -------- d-----w- c:\users\james\appdata\local\{2E598FB2-531E-4F30-A5C7-E0E5111DCF91}
2012-06-27 04:22:53 -------- d-----w- c:\users\james\appdata\local\{659BA70E-1079-41B7-9C4B-4038F89C775E}
2012-06-26 10:03:14 -------- d-----w- c:\users\james\appdata\local\{388E96A1-4062-49FF-8AA9-79B110BAEAE5}
2012-06-26 10:03:02 -------- d-----w- c:\users\james\appdata\local\{16FDE2FE-5090-44B2-A275-B26A548C08D0}
2012-06-25 10:00:39 -------- d-----w- c:\users\james\appdata\local\{CBAABDD1-A041-46D4-B7BF-C02065DE6AB0}
2012-06-25 10:00:28 -------- d-----w- c:\users\james\appdata\local\{CAA69B30-D0B7-42F8-BCF6-DC680EE35914}
2012-06-24 12:13:39 -------- d-----w- c:\users\james\appdata\local\{53704C4A-10DC-49ED-AD07-FDF9A3ED76DD}
2012-06-24 12:13:28 -------- d-----w- c:\users\james\appdata\local\{02DC529D-C72E-4233-AC3F-9A49DFBF03ED}
2012-06-23 17:47:05 -------- d-----w- c:\users\james\appdata\local\{6C43B0BB-E097-4674-AE94-3B2963AA9E49}
2012-06-23 17:46:54 -------- d-----w- c:\users\james\appdata\local\{0F1BF7C0-5195-4388-8D3E-6B72AC27D216}
2012-06-23 03:36:41 -------- d-----w- c:\users\james\appdata\local\{74CA1350-6B1D-416D-884C-51C4C530C2DA}
2012-06-23 03:36:27 -------- d-----w- c:\users\james\appdata\local\{17BF1F73-754C-4115-9808-8522723A5D7F}
2012-06-22 14:22:04 -------- d-----w- c:\users\james\appdata\local\{198AA95C-EBDA-4DD9-9C9F-913BD9B114D7}
2012-06-22 14:21:52 -------- d-----w- c:\users\james\appdata\local\{9636381C-DA82-4E6F-96F3-744D205B7BA0}
2012-06-21 22:39:54 -------- d-----w- c:\users\james\appdata\local\{F8532086-1693-4676-8499-E90A0BED1194}
2012-06-21 04:18:30 -------- d-----w- c:\users\james\appdata\local\{DD8BCC0B-DDD5-4A0D-B839-E9113FFB651B}
2012-06-21 04:18:17 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:18:11 -------- d-----w- c:\users\james\appdata\local\{8622F2C2-2A47-4E27-9602-04A56E63959E}
2012-06-21 04:17:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:17:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 04:17:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 14:58:49 -------- d-----w- c:\users\james\appdata\local\{BB06F12A-710A-4210-8D73-136900134E9F}
2012-06-20 00:14:17 -------- d-----w- c:\users\james\appdata\local\{BB030044-13BE-4345-A435-FA609FCCEEB8}
2012-06-20 00:14:06 -------- d-----w- c:\users\james\appdata\local\{B2CA3596-5D2D-48A2-B2D0-794B407F0058}
2012-06-19 12:13:14 -------- d-----w- c:\users\james\appdata\local\{2F1A3F9F-2F19-4C3A-9413-E918BC2AE7C9}
2012-06-19 12:12:57 -------- d-----w- c:\users\james\appdata\local\{06FD31F0-1B30-4C19-901E-17507BC16EC3}
2012-06-19 00:12:37 -------- d-----w- c:\users\james\appdata\local\{EE5E3C74-CB51-44D7-A9CE-45EB06FCEF8F}
2012-06-19 00:12:26 -------- d-----w- c:\users\james\appdata\local\{31326E22-4CC2-47D0-B2E9-C4E5623CF45B}
2012-06-18 09:55:22 -------- d-----w- c:\users\james\appdata\local\{F694790B-A4FE-4792-BAD1-7CB091E01DFA}
2012-06-17 04:50:16 -------- d-----w- c:\users\james\appdata\local\{7A597DA7-D4F7-48D7-8DFC-D219DC5503CD}
2012-06-16 15:26:19 -------- d-----w- c:\users\james\appdata\local\{80D17C77-1938-4D33-9D16-2D206DFCBAD7}
.
==================== Find3M ====================
.
2012-07-12 11:11:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:11:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 03:53:27 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 17:25:12 4598224 ----a-w- c:\windows\system32\GameMon.des
2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26:00 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26:00 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26:00 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26:00 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26:00 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26:00 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-14 18:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-04-23 16:05:48 2829 ----a-w- c:\windows\War3Unin.pif
2012-04-23 16:05:47 139264 ----a-w- c:\windows\War3Unin.exe
2012-04-18 12:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 20:15:36.39 ===============

Any problem found?

Any problem found?

I did see one thing that is weird.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

ComboFix 12-07-16.01 - James 17-Jul-12 18:21:51.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2030.905 [GMT 8:00]
Running from: c:\users\James\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 10:29 . 2012-07-17 10:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-17 10:29 . 2012-07-17 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 10:17 . 2012-07-17 10:17 -------- d-----w- c:\program files\BabylonToolbar
2012-07-17 10:17 . 2012-07-17 10:17 1521 ----a-w- C:\user.js
2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\James\AppData\Roaming\Babylon
2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\programdata\Babylon
2012-07-17 10:12 . 2012-07-17 10:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE3F5AF3-AA1B-463D-A170-8B6B4502C584}\offreg.dll
2012-07-15 03:49 . 2012-07-15 03:49 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes
2012-07-15 03:48 . 2012-07-15 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-15 03:48 . 2012-07-15 03:48 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 03:48 . 2012-07-03 05:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 03:43 . 2012-07-15 03:43 -------- d-----w- c:\users\James\AppData\Roaming\SUPERAntiSpyware.com
2012-07-15 03:43 . 2012-07-15 03:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-14 02:50 . 2012-07-14 02:50 388096 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-14 02:50 . 2012-07-14 02:50 -------- d-----w- c:\program files\Trend Micro
2012-07-05 15:04 . 2012-07-07 14:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-05 15:04 . 2012-07-05 15:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-01 12:07 . 2012-07-07 14:40 -------- d-----w- c:\users\James\AppData\Roaming\FileZilla
2012-07-01 12:07 . 2012-07-01 12:07 -------- d-----w- c:\program files\FileZilla FTP Client
2012-06-30 03:53 . 2012-06-30 03:53 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 03:51 . 2012-06-30 03:51 -------- d-----w- c:\programdata\McAfee
2012-06-21 04:18 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 04:18 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 04:18 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 04:18 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 04:17 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 04:17 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 04:17 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 04:17 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 04:17 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:11 . 2012-04-06 19:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:11 . 2012-04-06 19:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 03:53 . 2012-04-07 08:43 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 17:25 . 2012-04-22 14:22 4598224 ----a-w- c:\windows\system32\GameMon.des
2012-06-14 12:14 . 2012-04-05 11:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-14 11:04 . 2012-04-05 11:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-14 11:04 . 2012-04-05 11:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-04 14:42 . 2012-05-08 13:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-04 13:31 . 2012-05-08 12:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-04 13:31 . 2012-05-07 07:03 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-21 12:21 . 2012-04-05 11:46 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-15 10:26 . 2012-05-23 12:12 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-05-23 12:12 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-05-23 12:12 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-05-23 12:12 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-05-23 12:12 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-05-23 12:12 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2012-04-14 18:07 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-04-14 18:07 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2012-04-14 18:07 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2009-07-13 22:09 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2009-06-10 21:19 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 09:28 . 2012-04-14 18:08 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2012-04-14 18:08 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2012-04-14 18:08 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2012-04-14 18:08 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2012-04-14 18:08 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-14 18:21 . 2012-05-14 18:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-14 14:42 . 2012-05-08 12:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-24 11:42 . 2012-04-24 11:42 45056 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3B2AB4A9-AD8A-4E1D-B200-D8C8807160AD}\launcher.exe211_3B2AB4A9AD8A4E1DB200D8C8807160AD.exe
2012-04-24 11:42 . 2012-04-24 11:42 45056 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{3B2AB4A9-AD8A-4E1D-B200-D8C8807160AD}\launcher.exe21_3B2AB4A9AD8A4E1DB200D8C8807160AD.exe
2012-04-23 16:05 . 2012-04-23 15:59 2829 ----a-w- c:\windows\War3Unin.pif
2012-04-23 16:05 . 2012-04-23 15:59 139264 ----a-w- c:\windows\War3Unin.exe
2012-04-22 14:04 . 2011-03-28 10:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 12:56 . 2012-04-18 12:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 12:56 . 2012-04-18 12:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 12:55 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-05-21 6380400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-14 9726568]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-03-22 1406248]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Client Utility.lnk - c:\program files\TP-LINK\COMMON\TWCU.exe [2012-4-22 10918400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 10:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-07-09 12:55 1107552 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TpMediaServer;TpMediaServer;c:\program files\TP-LINK\COMMON\RaMediaServer.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\DRIVERS\netr28u.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 04:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:11]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 14:04]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=111434&tt=2912_6&babsrc=HP_ss&mntrId=3c4390ff00000000000090f65209d641
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-17 18:31:43
ComboFix-quarantined-files.txt 2012-07-17 10:31
.
Pre-Run: 10,099,752,960 bytes free
Post-Run: 9,640,624,128 bytes free
.
- - End Of File - - 0209A99FDA098E5269CEAAFB0C24D819

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 33
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Anything wrong?

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.
I would recommend MicroSoft Security Essentials.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**************************************************
Please uninstall BabylonToolbar. It is a useless toolbar that gets installed by other software.

P2P - I see you have P2P software installed on your machine. (BitTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 19:04:03
-----------------------------
19:04:03.794 OS Version: Windows 6.1.7601 Service Pack 1
19:04:03.794 Number of processors: 2 586 0xF0B
19:04:03.794 ComputerName: USER-PC UserName: James
19:04:04.170 Initialize success
19:04:04.225 AVAST engine defs: 12072500
19:04:54.069 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-8
19:04:54.077 Disk 0 Vendor: WDC_WD2000JS-00MHB0 02.01C03 Size: 190782MB BusType: 11
19:04:54.092 Disk 0 MBR read successfully
19:04:54.092 Disk 0 MBR scan
19:04:54.092 Disk 0 Windows 7 default MBR code
19:04:54.100 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:04:54.116 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
19:04:54.139 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 38154 MB offset 312578048
19:04:54.139 Disk 0 scanning sectors +390717440
19:04:54.202 Disk 0 scanning C:\Windows\system32\drivers
19:05:04.670 Service scanning
19:05:23.783 Modules scanning
19:05:29.433 Disk 0 trace - called modules:
19:05:29.441 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
19:05:29.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a82550]
19:05:29.449 3 CLASSPNP.SYS[88f8959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP6T0L0-8[0x855993d0]
19:05:29.904 AVAST engine scan C:\Windows
19:05:31.820 AVAST engine scan C:\Windows\system32
19:07:36.250 AVAST engine scan C:\Windows\system32\drivers
19:07:46.184 AVAST engine scan C:\Users\James
19:09:56.208 AVAST engine scan C:\ProgramData
19:10:27.859 Scan finished successfully
20:18:37.853 Disk 0 MBR has been saved successfully to "C:\Users\James\Documents\MBR.dat"
20:18:37.853 The log file has been saved successfully to "C:\Users\James\Documents\aswMBR.txt"

Sorry for late reply.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

I am unable to open the progam as it keep crash and create a report

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x00429d13
Attempt to write to address: 0x0136a000

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Did a scan, no threat found. i finally find out why the disk space going out and down. is due to system restore which i never switch it off

Ok. We can so some cleanup. Which AV did you install?

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

******************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*******************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!