Hitman Pro resulting in a black screen after scanning for Ukash virus

Ihatemalware · Mar 30, 2013

After scanning using Hitman Pro in an attempt to remove the Ukash virus my computer is displaying a black screen. Restarting it reveals the virus is still there and that after scanning there is still a black screen (though the cursor is still there). Please advise me on how to fix this problem.

Fiery · Mar 30, 2013

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <>e:\frst64</> and press <>Enter</>
<>Note:</> Replace letter <>e</> with the drive letter of your flash drive.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>

Ihatemalware · Mar 30, 2013

Wow such a quick response! My apologies for not responding sooner.

I followed your steps up until selecting Repair your computer. However instead of coming with your next step the following has appeared:

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Start Windows Normally

Fiery · Mar 30, 2013

Are you able to enter safe mode or safe mode with networking?

Ihatemalware · Mar 30, 2013

Yes both options are available.

Fiery · Mar 30, 2013

Go into Safe mode with networking

Download OTL by Old Timer from here and save it to your Desktop.

Double click on OTL.exe to run it.
Click the Scan All Users checkbox.
Check the boxes beside LOP Check and Purity Check
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

Ihatemalware · Mar 30, 2013

I can't get onto my desktop because of the Ukash virus. Even with Safe Mode with networking.

Fiery · Mar 30, 2013

Please print these instruction out so that you know what you are doing. You will need a CD for this. If you don't have a CD, let me know.

Download OTLPE to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Download List Parts and save it to the flash drive also.
Ensure that you have a blank CD in the drive
Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
Wait for the CD to detect your hardware and load the operating system
Your system should now display a Reatogo desktop
Note : as you are running from CD it is not exactly speedy
Insert the USB with FRST
Locate the flash drive with FRST and double click
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press the Run Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Next click List Parts and then click Scan
It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

Ihatemalware · Mar 30, 2013

I'll need to look around for a CD but it's late and I'm getting increasingly tired. Would it be acceptable if I continued tomorrow? Would my computer be fine if I leave it turned off?

Fiery · Mar 30, 2013

Yes it will be fine if you turn it off. Don't connect it to the internet. If you don't have a CD, use the USB method of burning OTLPE.

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

- Download OTLPE.iso from one of the following links and save it to your Desktop mirror1 or mirror2
- Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
- Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
Once you have 7-zip install, decompress OTLPE.iso by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop
Please also decompress eeepcfr to your systemroot (usually C:\).
Empty the flash drive you want to install OTLPE on.
Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
Press any key when asked to in the black window that opens.
As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
For Drive Label: type in OTLPE.
Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
Finally check Enable File Copy.
Click on Start, accept the disclaimers and wait for the program to finish.

Reboot your system using the bootable flash drive you just created.
Note : If you do not know how to set your computer to boot from Flash drive follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
Select the Windows folder of the infected drive if it asks for a location.
Ensure the box "Automatically Load All Remaining Users" is checked
and press OK
OTL should now start.
Select the Windows folder of the infected drive if it asks for a location.
When asked Do you wish to load the remote registry, select Yes.
When asked Do you wish to load remote user profile(s) for scanning, select Yes.
Ensure the box Automatically Load All Remaining Users is checked and press OK.
OTL should now start
Check the boxes beside LOP Check and Purity Check
Press the Run Scan button
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to a USB drive if you do not have internet connection on the system.
Please attach the content of OTL.txt in your next reply.

Ihatemalware · Mar 31, 2013

The download links for OTLPE.iso are not working for me. Is there somewhere else I can download them?

Ihatemalware · Mar 31, 2013

I managed to use Hitman Pro to remove the RansomWare and delete the other malware on my PC myself. However there are still two programmes that Hitman is flagging as being malware which I can't remove due to Hitman Pro stopping to work whenever it finishes a scan. Is there a way to fix this or should I use different software?

Fiery · Mar 31, 2013

Are you able to enter normal mode or safe mode now after using hitmanpro?

Ihatemalware · Mar 31, 2013

Yes I can enter both.

Fiery · Mar 31, 2013

Enter safe mode with networking

Download OTL by Old Timer from here and save it to your Desktop.

Double click on OTL.exe to run it.
Click the Scan All Users checkbox.
Change Standard Registry to All
Check the boxes beside LOP Check and Purity Check
Click on Quick Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Ihatemalware · Mar 31, 2013

OTL logfile created on: 31/03/2013 19:42:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.95 Gb Total Physical Memory | 6.70 Gb Available Physical Memory | 84.36% Memory free
15.89 Gb Paging File | 14.66 Gb Available in Paging File | 92.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 225.08 Gb Free Space | 48.34% Space Free | Partition Type: NTFS
Drive E: | 29.76 Gb Total Space | 29.74 Gb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: ADAMC-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/31 19:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/03/31 11:24:49 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/26 06:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/24 09:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/19 18:57:45 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/28 00:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 05:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/19 05:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/18 20:29:28 | 000,968,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 04:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/31 19:32:23 | 000,032,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/02/27 00:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/18 20:29:28 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/14 04:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 05:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 05:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 05:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 05:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 05:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/09/04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/14 17:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 17:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/08/23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 10:33:54 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 19:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 19:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/12/16 04:06:46 | 000,047,232 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/25 04:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 88 06 1F FD 8D CD 01 [binary data]
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={39BAF947-BF3C-4976-838A-5CDFE1E8FF83}&mid=37bfb6f3c6eb4fa38737222e8d86742f-a558085abb6a06aeffdde10e15ed9da4693d4898&lang=en&ds=AVG&pr=pr&d=2012-09-10 17:19:01&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 20:29:32 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={39BAF947-BF3C-4976-838A-5CDFE1E8FF83}&mid=37bfb6f3c6eb4fa38737222e8d86742f-a558085abb6a06aeffdde10e15ed9da4693d4898&lang=en&ds=AVG&pr=pr&d=2012-09-10 17:19:01&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: PriceGong (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.7_0\plugins/npPriceGong_CH.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: http://www.google.co.uk/ = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghejcmaiefeefmcdbmpkdjmfiphepccj\2012.10.13.37306_0\
CHR - Extension: Wajam = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000..\Run: [Steam] C:\Games\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91A01F03-1BE3-4192-AD01-5C526F217C7F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1074510163-3954435094-2825708771-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/31 19:30:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2013/03/31 12:51:16 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Oblivion Mods
[2013/03/30 22:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/03/30 22:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/03/30 22:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/03/30 21:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\xyawp
[2013/03/30 13:46:02 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\New vegas backup
[2013/03/29 19:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/03/29 19:43:52 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/03/29 19:40:59 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\NVIDIA
[2013/03/19 18:59:56 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\The Inheritance version 1 dot 1-49012-1-1
[2013/03/19 18:57:41 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Downloads Disposal
[2013/03/19 18:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2013/03/31 19:39:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/31 19:38:59 | 2104,496,127 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/31 19:35:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 19:35:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 19:33:10 | 000,805,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/31 19:33:10 | 000,185,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/31 19:33:10 | 000,006,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/31 19:32:23 | 000,032,152 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/03/31 19:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2013/03/31 19:29:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/31 12:33:53 | 000,000,490 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/03/31 12:28:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/31 11:50:14 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/03/30 22:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/30 19:53:46 | 000,001,359 | ---- | M] () -- C:\Users\Adam\Desktop\fnv4gb - Shortcut.lnk
[2013/03/30 17:31:12 | 000,843,648 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/30 14:28:50 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/29 19:39:57 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/03/26 17:49:22 | 000,000,200 | ---- | M] () -- C:\Users\Adam\Desktop\BioShock Infinite.url
[2013/03/15 06:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/03/13 17:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

========== Files Created - No Company Name ==========

[2013/03/31 19:32:23 | 000,032,152 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/03/31 12:33:53 | 000,000,490 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/03/31 11:45:06 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/03/30 19:53:46 | 000,001,359 | ---- | C] () -- C:\Users\Adam\Desktop\fnv4gb - Shortcut.lnk
[2013/03/29 19:39:57 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/03/26 17:49:22 | 000,000,200 | ---- | C] () -- C:\Users\Adam\Desktop\BioShock Infinite.url
[2012/09/19 18:38:59 | 000,843,648 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/16 13:40:47 | 000,007,605 | ---- | C] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg
[2012/09/08 15:02:47 | 000,040,591 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/09/08 15:02:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/08 15:02:23 | 000,028,896 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/10 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\AVG2013
[2013/03/29 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Bioshock
[2013/01/20 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\enchant
[2012/12/11 20:15:01 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SystemRequirementsLab
[2013/03/30 21:37:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TP-LINK
[2012/09/10 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TuneUp Software
[2013/03/30 21:37:46 | 000,000,000 | ---D | M] -- C:\Users\AdamC\AppData\Roaming\AVG2013
[2013/03/31 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\AdamC\AppData\Roaming\TP-LINK
[2012/09/22 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/09/22 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/09/22 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 31/03/2013 19:42:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.95 Gb Total Physical Memory | 6.70 Gb Available Physical Memory | 84.36% Memory free
15.89 Gb Paging File | 14.66 Gb Available in Paging File | 92.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 225.08 Gb Free Space | 48.34% Space Free | Partition Type: NTFS
Drive E: | 29.76 Gb Total Space | 29.74 Gb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: ADAMC-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1074510163-3954435094-2825708771-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F1DE6BC-0BF1-4929-A9D8-A373D7C831DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40860380-904B-4582-9F6E-ECF254F5E46C}" = lport=445 | protocol=6 | dir=in | app=system |
"{42493C61-F0B7-45C6-B5E2-69C26EB811F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{446DB481-3F64-45D0-B78B-17AD3FE88208}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{48E71AD6-4C6A-4355-8851-937D173919E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B0F7078-46B9-4FF6-97C5-1502E3A22E1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{557E84FA-071B-49EE-BC7A-177F93C584EE}" = rport=139 | protocol=6 | dir=out | app=system |
"{56537055-E9DE-42D5-9A74-C3B303D710E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CF2B475-29D2-459C-9D4A-BC4DD1BB5CBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79CA9041-54CF-49F1-A1CE-69A18867843C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B1C4186-FCB7-48A4-8C70-13B68619D5AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C70789F-59B3-40D0-AE85-1A9ED08315EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E65F7B6-107A-4C8A-81AF-F9DE0423F5FF}" = rport=137 | protocol=17 | dir=out | app=system |
"{9596C1B9-900B-43BA-A4D3-72F72DE98C94}" = lport=138 | protocol=17 | dir=in | app=system |
"{9677A88F-E365-4BE8-A6E2-E7E46A84F974}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C83E69F-5798-4C54-BFB3-942A851C3753}" = rport=445 | protocol=6 | dir=out | app=system |
"{A4C56CF1-5CE5-41E7-8611-F226F8AAC096}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8296259-66CE-4006-8C63-8D24CCCFF2AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C113A974-1654-40B4-81C3-D35B8CBE9D02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E75C1439-31F8-4D2F-8F7A-63C87079E44F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDF29357-3065-4737-B45A-5A2B89F234F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E71933-480F-42F9-BB8A-F007DCA8D9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1493A700-D757-455F-B4A6-3116D7F39176}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{1CD8056C-6D8E-464E-A22A-11A763EC7225}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1F92942F-EB2E-4F4D-AE3F-9F0DF602865F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{1FE04DEE-93C0-4C59-A398-A0F0DB1A23AC}" = protocol=6 | dir=in | app=c:\games\steamapps\common\morrowind\morrowind launcher.exe |
"{2267E8DE-A45F-4EFB-B1F9-A9244506D8DB}" = protocol=6 | dir=in | app=c:\games\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{23B2F7C9-AE3F-4BF3-8974-455C9C44C1EF}" = protocol=17 | dir=in | app=c:\games\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{23CB67F1-3AAF-44A0-A700-C576C2F18785}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{26279116-EBDF-41EE-B391-97D96C28A513}" = protocol=17 | dir=in | app=c:\games\steamapps\common\alpha protocol\aplauncher.exe |
"{284E4E60-CBBD-447E-9D14-1E98AA6C8B1C}" = protocol=17 | dir=in | app=c:\games\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{349D56ED-CB5B-4463-A79F-7AB53CEE9F7F}" = protocol=17 | dir=in | app=c:\games\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{3EE3A604-A343-4DA9-B427-62146556BEB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{405CE256-6216-42B9-9C6E-49D1AC90574D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45F9DF8B-7296-4B68-8621-B264E363A35C}" = protocol=17 | dir=in | app=c:\games\steamapps\common\metro 2033\metro2033.exe |
"{51240AD1-3535-43D3-B244-FB48F4EBB9A1}" = protocol=17 | dir=in | app=c:\games\steamapps\common\bioshock\builds\release\bioshock.exe |
"{53D451D9-1685-4059-A3E6-51C80B9A21E9}" = protocol=17 | dir=in | app=c:\games\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{5B5F4FAC-B127-4A86-9721-26F6276220F7}" = protocol=6 | dir=in | app=c:\games\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{5EBF3E86-09D4-4013-A01A-78A249A47434}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F57EC0F-63D7-4A08-A88C-66BEA3D935E5}" = protocol=6 | dir=in | app=c:\games\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{6227CBE3-D434-4C4B-866C-4710F62CBA9B}" = protocol=6 | dir=in | app=c:\games\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{630799CC-0C99-4958-BC51-0AF0C42BBA9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65112CAF-AA67-4E97-82E1-54F7F55A316E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{67DA648C-2123-4E7D-BFAC-5D4CCDFEFD9A}" = protocol=17 | dir=in | app=c:\games\steamapps\common\swkotor\swkotor.exe |
"{697A72C4-5365-42DE-952B-0F8FF4F2FF26}" = protocol=6 | dir=in | app=c:\games\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{7507660F-EA68-4E0F-9FD1-A0BD3DD6DE29}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76A48E36-1FA8-42B5-87B9-2F25A49E20C5}" = protocol=6 | dir=in | app=c:\games\steamapps\common\alpha protocol\aplauncher.exe |
"{774667EA-BC47-4C69-A5B8-9133F43DCAB4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{776A667C-BAF5-4430-A0B2-176B2223329C}" = protocol=6 | dir=in | app=c:\games\steamapps\common\metro 2033\metro2033.exe |
"{7A6CE402-15C6-4426-ADF9-D9281819664B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CE9085A-748D-4378-BCCD-AAFC714C0918}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8074E059-45F3-47EF-811F-8C0064E2DD86}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83C7481D-2319-4A03-AAA2-3A5D54522D39}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{875AB4B8-127A-462B-B640-D2B5B47E3BF9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8845F62B-1C12-4313-A1D5-FC921DBF9E63}" = protocol=17 | dir=in | app=c:\games\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{8ABA889F-4F38-4BBC-AD68-A07D3482B2ED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F46F6C9-90B7-4C92-9B98-C5C7CCABA74B}" = protocol=6 | dir=in | app=c:\games\steamapps\common\bioshock\builds\release\bioshock.exe |
"{90E195A7-816A-45FE-8DC9-C2CB6D03D217}" = protocol=17 | dir=in | app=c:\games\steam.exe |
"{925D0095-69CE-4537-9E2E-CBDF021E87A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{940611FF-76A7-4D8B-BE1B-04D800E69084}" = protocol=17 | dir=in | app=c:\games\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{9D67B7E8-3175-487B-91D9-3C4D20B26929}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{9DA9A0A8-FB22-41CE-B219-235F7D4ADC72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6311A93-8AAD-4764-BA42-24FE6EDDF5B2}" = protocol=6 | dir=in | app=c:\games\steamapps\common\swkotor\swkotor.exe |
"{A6411252-E0DF-440E-A35B-801422A85D13}" = protocol=6 | dir=in | app=c:\games\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{B2C098DF-0E9F-4EDB-8FDA-920696854B39}" = protocol=6 | dir=in | app=c:\games\steamapps\common\borderlands\binaries\borderlands.exe |
"{BE2DCA24-03D9-404C-89BE-631491B61A54}" = protocol=17 | dir=in | app=c:\games\steamapps\common\morrowind\morrowind launcher.exe |
"{BEC4F536-1BBA-4612-8501-753B408FB1B5}" = protocol=6 | dir=in | app=c:\games\steam.exe |
"{C12E390F-A803-49D7-A01D-D762600A9E6D}" = protocol=17 | dir=in | app=c:\games\steamapps\common\borderlands\binaries\borderlands.exe |
"{C26D8BAB-BA97-4D31-890F-930B54CAABFD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C803AEF8-B861-4CCF-AE02-64343A3E1851}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{D151FC0E-8C3F-409F-9DAA-C97C62E95801}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{DA38DF69-AB37-4B3C-AC05-A4C3665528A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB1ABD89-C604-4E28-9C63-001795FC89A4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DC03D024-39E2-4F50-9D66-EEF70303E598}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{DFA9A858-9A19-4F4C-89DC-71A81E5D1AFB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E1363DE6-FA80-4777-AFCF-BDA3B8DAB1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E247F854-823F-4D1B-B297-61E009EBB0BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E30A7D1C-32F5-4545-8F88-B2EF6D5D01CE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E422F5AA-18DE-466D-8EA5-8164D5D33C14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E887576C-DCAF-4D0E-9164-7F9FF508219A}" = protocol=6 | dir=out | app=system |
"{ED009685-8EFF-4E09-8F80-5F824FB9F3A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EDE7AEB1-EE96-48C8-8725-6C47293D9E57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F85B8EEE-5188-4AEE-90E3-73EBE550FD04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{45ABEF88-3864-41F5-8189-BB80F2C5A75C}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A39D1D51-E8DE-4B07-016D-73C232E1E1D8}" = ATI Catalyst Install Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 3.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F2CD25EB-2FC9-4D58-812A-32BBFBF06186}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{297C7552-BA68-4F73-AB83-82510777421D}_is1" = Fallout 3 - Unofficial Fallout 3 Patch
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{387164CF-826B-44FF-8B5C-EDF7793C0581}" = FaceGen Exchange v0.5b
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TL-WN851ND Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-zip" = 7-zip v9.20
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG Secure Search" = AVG Security Toolbar
"BOSS" = BOSS
"BurnInTest_is1" = BurnInTest v7.0 Pro
"Fallout 2" = Fallout 2
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 22380" = Fallout: New Vegas
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 34010" = Alpha Protocol
"Steam App 43110" = Metro 2033
"Steam App 7670" = BioShock
"Steam App 8850" = BioShock 2
"Steam App 8870" = BioShock Infinite
"Steam App 8980" = Borderlands
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1074510163-3954435094-2825708771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/03/2013 14:28:50 | Computer Name = AdamC-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/03/2013 14:49:35 | Computer Name = AdamC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.4gb, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: nvse_1_4.dll, version: 0.2.0.12, time stamp:
0x4ea5434b Exception code: 0xc0000005 Fault offset: 0x0001a5c7 Faulting process id:
0xd54 Faulting application start time: 0x01ce2d7499d5269c Faulting application path:
C:\Games\SteamApps\common\Fallout New Vegas\FalloutNV.4gb Faulting module path:
C:\Games\SteamApps\common\Fallout New Vegas\nvse_1_4.dll Report Id: 90535ab2-996a-11e2-aef7-10bf487e0c44

Error - 30/03/2013 16:05:40 | Computer Name = AdamC-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/03/2013 16:32:32 | Computer Name = AdamC-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/03/2013 16:39:22 | Computer Name = AdamC-PC | Source = System Restore | ID = 8210
Description =

Error - 30/03/2013 16:40:30 | Computer Name = AdamC-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/03/2013 17:00:22 | Computer Name = AdamC-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/03/2013 17:24:25 | Computer Name = AdamC-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/03/2013 17:29:22 | Computer Name = AdamC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: HitmanPro_x64.exe, version: 3.7.3.192,
time stamp: 0x51535e0a Faulting module name: HitmanPro_x64.exe, version: 3.7.3.192,
time stamp: 0x51535e0a Exception code: 0xc0000005 Fault offset: 0x0000000000027819
Faulting
process id: 0xca0 Faulting application start time: 0x01ce2d8cd447c7e2 Faulting application
path: E:\HitmanPro_x64.exe Faulting module path: E:\HitmanPro_x64.exe Report Id:
e294f48a-9980-11e2-a468-10bf487e0c44

Error - 30/03/2013 17:37:20 | Computer Name = AdamC-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 13/10/2012 08:31:12 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 13:31:08 - Error connecting to the internet. 13:31:08 - Unable
to contact server..

Error - 22/10/2012 13:40:30 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 18:40:30 - Error connecting to the internet. 18:40:30 - Unable
to contact server..

Error - 22/10/2012 13:40:40 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 18:40:35 - Error connecting to the internet. 18:40:35 - Unable
to contact server..

Error - 22/10/2012 14:45:06 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 19:45:06 - Failed to retrieve MCEClientUX (Error: The operation has
timed out)

Error - 22/10/2012 14:45:10 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 19:45:06 - Failed to retrieve Broadband (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 22/10/2012 15:45:15 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 20:45:15 - Error connecting to the internet. 20:45:15 - Unable
to contact server..

Error - 27/10/2012 07:09:21 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 12:09:21 - Error connecting to the internet. 12:09:21 - Unable
to contact server..

Error - 04/11/2012 07:37:52 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 11:37:52 - Error connecting to the internet. 11:37:52 - Unable
to contact server..

Error - 04/11/2012 07:38:01 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 11:37:57 - Error connecting to the internet. 11:37:57 - Unable
to contact server..

Error - 11/11/2012 15:42:19 | Computer Name = AdamC-PC | Source = MCUpdate | ID = 0
Description = 19:42:15 - Error connecting to the internet. 19:42:15 - Unable
to contact server..

[ System Events ]
Error - 31/03/2013 07:13:47 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%31

Error - 31/03/2013 07:13:48 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver Avgldx64 discache spldr Wanarpv6

Error - 31/03/2013 07:13:48 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 31/03/2013 07:13:49 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 31/03/2013 07:13:49 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 31/03/2013 07:13:49 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 31/03/2013 07:13:49 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 31/03/2013 07:13:49 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 31/03/2013 07:22:26 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 31/03/2013 07:23:01 | Computer Name = AdamC-PC | Source = Service Control Manager | ID = 7043
Description = The AVGIDSAgent service did not shut down properly after receiving
a preshutdown control.

< End of report >

Fiery · Mar 31, 2013

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

:Files
C:\Program Files (x86)\Yontoo
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Post the log afterwards.

Download TDSSkiller from here

Double-Click on TDSSKiller.exe to run the application
When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
click Start scan .
If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Ihatemalware · Mar 31, 2013

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.
========== FILES ==========
C:\Program Files (x86)\Yontoo folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Adam\Desktop\cmd.bat deleted successfully.
C:\Users\Adam\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 3725445830 bytes
->Temporary Internet Files folder emptied: 252924701 bytes
->Java cache emptied: 393320 bytes
->Google Chrome cache emptied: 381309893 bytes
->Flash cache emptied: 9153 bytes

User: AdamC
->Temp folder emptied: 10745510 bytes
->Temporary Internet Files folder emptied: 6630733 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 470808654 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 69483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,624.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03312013_200729

Files\Folders moved on Reboot...
C:\Users\Adam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\846CM56Y\index[2].htm moved successfully.
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\846CM56Y\i[1] moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I couldn't find a log for TDSS and MBAR said I didn't need to cleanup.

Fiery · Mar 31, 2013

Did TDSSkiller find any detections? The TDSS log should be in the C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
Click delete
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select Run as Administrator to start
Wait until Prescan has finished, then click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click delete and wait until it saids deleting finished
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
When it prompts you to try their 30-day trail, click decline
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Ihatemalware · Apr 1, 2013

# AdwCleaner v2.115 - Logfile created 04/01/2013 at 20:41:25
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Adam - ADAMC-PC
# Boot Mode : Normal
# Running from : C:\Users\Adam\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.30] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.33] : keyword = "isearch.avg.com",
Deleted [l.37] : search_url = "hxxp://isearch.avg.com/search?cid={39BAF947-BF3C-4976-838A-5CDFE1E8FF83}&mid=37[...]

*************************

AdwCleaner[S1].txt - [316 octets] - [01/04/2013 20:32:06]
AdwCleaner[S2].txt - [351 octets] - [01/04/2013 20:40:52]
AdwCleaner[S3].txt - [5753 octets] - [01/04/2013 20:41:25]

########## EOF - C:\AdwCleaner[S3].txt - [5813 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Adam [Admin rights]
Mode : Remove -- Date : 04/01/2013 20:50:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Nvtmru ("C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat") [-] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM0 02-1BD142 SATA Disk Device +++++
--- User ---
[MBR] a900a8820e58f49bf8858a93721edf37
[BSP] 56020fcfc49fd65337e476d1b997c48d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04012013_02d2050.txt >>
RKreport[1]_S_04012013_02d2050.txt ; RKreport[2]_D_04012013_02d2050.txt

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: ADAMC-PC [administrator]

Protection: Enabled

01/04/2013 20:54:20
mbam-log-2013-04-01 (20-54-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254237
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hitman Pro resulting in a black screen after scanning for Ukash virus

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

Similar threads