Solved fake You are currently browsing the web with Google Chrome and your Video Player might be outdated

Nightshade · Aug 24, 2014

My operating system is windows 8.1 Please can someone help me get rid of this malware once and for all. Thanx

TwinHeadedEagle · Aug 24, 2014

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
Please attach all report using

button below. Doing this, you make it easier for me to analyze and fix your problem.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Nightshade · Aug 25, 2014

Hi Twinheaded Eagel

Thank you so much for agreing to help me. I have run the program you asked me too, the results are...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by NIGHTSHADE31UK (administrator) on MARCONMACCA on 25-08-2014 12:04:27
Running from C:\Users\NIGHTSHADE31UK\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Radialpoint Inc.) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-30] (AVAST Software)
HKLM-x32\...\Run: [ServiceManager.exe] => C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe [4371768 2011-03-25] (Virgin Media)
HKLM-x32\...\Run: [DHSClient.exe] => C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe [2033944 2014-01-06] (Virgin Media)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-448967375-642718620-1550321189-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-21] (CyberLink Corp.)
Startup: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM13/2
SearchScopes: HKLM - {D5BF3D39-6B3A-4A07-B419-0E30BBC6E364} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {E2C4BDB2-8F12-4D8C-8D78-FAF2EE8F7F50} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKCU: hp.com/HPDetect -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]

Chrome:
=======
CHR HomePage: hxxp://www.virginmedia.com/
CHR StartupUrls: "hxxp://www.virginmedia.com/"
CHR Extension: (Voucher Codes From My Favourite Voucher Codes) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajbafjeagfjflajipdfbcfeipnghejec [2014-04-01]
CHR Extension: (Angry Birds) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-01]
CHR Extension: (TV) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-04-01]
CHR Extension: (Hot UK Deals - Never Miss a Deal Again!) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbjfidkkeojolopmhmioopfpbaapifi [2014-04-01]
CHR Extension: (Facebook Secret Emoticons) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2014-04-01]
CHR Extension: (Adblock Plus) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01]
CHR Extension: (Solitaire Games) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo [2014-04-01]
CHR Extension: (AdBlock) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-01]
CHR Extension: (News Ticker Remover) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak [2014-08-14]
CHR Extension: (Google Wallet) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-17] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 HsdService; C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [1407256 2014-01-06] (Virgin Media)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-24] (Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
R2 ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [689464 2011-03-25] (Radialpoint Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-03-24] (Intel Corporation)
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-04] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-06-23] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-24] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 12:04 - 2014-08-25 12:04 - 00018372 _____ () C:\Users\NIGHTSHADE31UK\Downloads\FRST.txt
2014-08-25 12:04 - 2014-08-25 12:04 - 00000000 ____D () C:\FRST
2014-08-25 12:02 - 2014-08-25 12:02 - 02103296 _____ (Farbar) C:\Users\NIGHTSHADE31UK\Downloads\FRST64.exe
2014-08-18 13:47 - 2014-08-18 13:48 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 13:47 - 2014-08-18 13:47 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-18 13:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-18 13:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-18 13:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-18 13:45 - 2014-08-18 13:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NIGHTSHADE31UK\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-18 01:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-18 01:05 - 2014-08-18 01:08 - 00000000 ____D () C:\AdwCleaner
2014-08-18 01:00 - 2014-08-18 01:00 - 01361671 _____ () C:\Users\NIGHTSHADE31UK\Downloads\adwcleaner_3.307.exe
2014-08-18 00:59 - 2014-08-18 01:00 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide)_files
2014-08-18 00:59 - 2014-08-18 00:59 - 00074877 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide).htm
2014-08-18 00:43 - 2014-08-18 00:43 - 00532480 _____ (Trend Micro Incorporated) C:\Users\NIGHTSHADE31UK\Downloads\cwshredder.exe
2014-08-17 19:45 - 2014-08-18 01:09 - 00001540 _____ () C:\WINDOWS\PFRO.log
2014-08-17 19:20 - 2014-08-17 19:20 - 04813544 _____ (Piriform Ltd) C:\Users\NIGHTSHADE31UK\Downloads\ccsetup416.exe
2014-08-14 16:00 - 2014-08-06 23:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-14 16:00 - 2014-08-02 06:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-14 16:00 - 2014-08-02 04:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-14 15:35 - 2014-06-13 02:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-14 15:35 - 2014-06-13 02:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-14 15:35 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-14 15:35 - 2014-06-06 12:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-14 15:34 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-14 15:34 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-14 15:34 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-14 15:34 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-14 15:34 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-14 15:34 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-14 15:34 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-14 15:34 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-14 15:34 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-14 15:34 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-14 15:34 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:34 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-14 15:34 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-14 15:34 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-14 15:34 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-14 15:34 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-14 15:34 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-14 15:34 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-14 15:34 - 2014-07-25 12:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-14 15:34 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:34 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-14 15:34 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-14 15:34 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-14 15:34 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-14 15:34 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-14 15:34 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-14 15:34 - 2014-07-25 12:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-14 15:34 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-14 15:34 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-14 15:34 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-14 15:34 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-14 15:34 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-14 15:34 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 15:34 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-14 15:34 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-14 15:33 - 2014-06-20 02:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-14 15:33 - 2014-06-20 00:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-14 15:28 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-14 15:28 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-14 15:27 - 2014-08-07 03:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-14 15:27 - 2014-08-06 23:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-14 15:27 - 2014-08-02 04:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-14 15:27 - 2014-07-15 19:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-14 15:27 - 2014-07-15 09:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-14 15:27 - 2014-07-15 09:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-14 15:27 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-14 15:27 - 2014-07-12 05:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-14 15:27 - 2014-06-04 10:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-14 15:27 - 2014-06-04 06:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-14 15:27 - 2014-06-04 06:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-14 15:27 - 2014-06-04 05:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-14 15:27 - 2014-06-04 05:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-14 15:27 - 2014-06-04 03:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-14 15:27 - 2014-06-04 03:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-05 23:29 - 2014-08-20 06:57 - 00000000 ___RD () C:\Users\NIGHTSHADE31UK\Dropbox
2014-08-05 23:29 - 2014-08-14 15:28 - 00001105 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Dropbox.lnk
2014-07-27 00:50 - 2014-07-27 00:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 12:04 - 2014-08-25 12:04 - 00018372 _____ () C:\Users\NIGHTSHADE31UK\Downloads\FRST.txt
2014-08-25 12:04 - 2014-08-25 12:04 - 00000000 ____D () C:\FRST
2014-08-25 12:02 - 2014-08-25 12:02 - 02103296 _____ (Farbar) C:\Users\NIGHTSHADE31UK\Downloads\FRST64.exe
2014-08-25 12:02 - 2014-03-24 11:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-448967375-642718620-1550321189-1001
2014-08-25 12:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-25 11:58 - 2014-04-28 09:14 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\Documents\Youcam
2014-08-25 11:58 - 2014-03-24 11:34 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6CF90B90-D060-45C8-93EE-874DF67A8BF6}
2014-08-25 11:56 - 2014-03-24 21:20 - 00000000 __RDO () C:\Users\NIGHTSHADE31UK\SkyDrive
2014-08-25 11:56 - 2014-03-24 11:54 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 11:54 - 2014-03-24 21:13 - 01668082 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-24 15:21 - 2014-06-11 19:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-24 15:20 - 2014-03-24 11:54 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 19:41 - 2014-03-24 12:59 - 00000499 _____ () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Burnley FC News - Clarets Mad.website
2014-08-23 19:39 - 2014-03-24 12:55 - 00000411 _____ () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\burnleyfc.com.website
2014-08-23 17:08 - 2014-03-24 23:44 - 00003224 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForNIGHTSHADE31UK
2014-08-23 17:08 - 2014-03-24 23:44 - 00000392 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForNIGHTSHADE31UK.job
2014-08-21 13:40 - 2014-03-26 16:32 - 00128000 ___SH () C:\Users\NIGHTSHADE31UK\Desktop\Thumbs.db
2014-08-20 06:57 - 2014-08-05 23:29 - 00000000 ___RD () C:\Users\NIGHTSHADE31UK\Dropbox
2014-08-20 06:49 - 2014-07-04 01:18 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox
2014-08-19 13:40 - 2014-03-24 22:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-08-18 13:48 - 2014-08-18 13:47 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 13:47 - 2014-08-18 13:47 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-18 13:46 - 2014-08-18 13:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NIGHTSHADE31UK\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-18 10:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-18 01:09 - 2014-08-17 19:45 - 00001540 _____ () C:\WINDOWS\PFRO.log
2014-08-18 01:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-18 01:09 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-18 01:08 - 2014-08-18 01:05 - 00000000 ____D () C:\AdwCleaner
2014-08-18 01:00 - 2014-08-18 01:00 - 01361671 _____ () C:\Users\NIGHTSHADE31UK\Downloads\adwcleaner_3.307.exe
2014-08-18 01:00 - 2014-08-18 00:59 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide)_files
2014-08-18 00:59 - 2014-08-18 00:59 - 00074877 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide).htm
2014-08-18 00:43 - 2014-08-18 00:43 - 00532480 _____ (Trend Micro Incorporated) C:\Users\NIGHTSHADE31UK\Downloads\cwshredder.exe
2014-08-18 00:16 - 2014-06-06 15:33 - 00069632 ___SH () C:\Users\NIGHTSHADE31UK\Downloads\Thumbs.db
2014-08-17 19:21 - 2014-03-24 11:58 - 00000801 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-17 19:21 - 2014-03-24 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-17 19:21 - 2014-03-24 11:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-17 19:20 - 2014-08-17 19:20 - 04813544 _____ (Piriform Ltd) C:\Users\NIGHTSHADE31UK\Downloads\ccsetup416.exe
2014-08-17 15:13 - 2014-03-24 11:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-08-17 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-15 14:59 - 2013-08-22 15:44 - 00335952 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 16:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-14 16:12 - 2014-03-24 14:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 16:08 - 2014-03-24 14:27 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-14 16:04 - 2014-07-12 13:14 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-14 15:28 - 2014-08-05 23:29 - 00001105 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Dropbox.lnk
2014-08-14 15:28 - 2014-07-04 01:20 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 15:20 - 2014-06-25 19:50 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 15:20 - 2014-04-11 12:56 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 15:20 - 2014-04-11 12:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 15:19 - 2014-06-25 19:49 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 15:19 - 2014-04-12 11:59 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 15:19 - 2014-04-12 11:54 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 15:19 - 2014-04-11 12:56 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 15:19 - 2014-04-11 12:46 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 15:19 - 2014-04-11 12:46 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 15:19 - 2014-04-11 12:46 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-07 03:12 - 2014-08-14 15:27 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-06 23:39 - 2014-08-14 15:27 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-06 23:38 - 2014-08-14 16:00 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-05 23:29 - 2014-03-24 21:01 - 00000000 ____D () C:\Users\NIGHTSHADE31UK
2014-08-02 06:44 - 2014-08-14 16:00 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 04:56 - 2014-08-14 15:27 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 04:11 - 2014-08-14 16:00 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 01:17 - 2013-08-22 16:38 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 01:17 - 2013-08-22 16:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-31 00:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-29 09:45 - 2013-11-14 13:45 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-27 00:50 - 2014-07-27 00:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-27 00:50 - 2014-03-24 11:33 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\NIGHTSHADE31UK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0gn3_t.dll
C:\Users\NIGHTSHADE31UK\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 10:07

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by NIGHTSHADE31UK at 2014-08-25 12:05:36
Running from C:\Users\NIGHTSHADE31UK\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.6.7225 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.6.3728 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5108 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.5108 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
eMule (HKLM-x32\...\eMule) (Version: - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{8C1ADF61-4F87-44BC-804C-C20FC70D98BB}) (Version: 1.4.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Radialpoint Security Advisor 2.5.23 (x32 Version: 2.5.23 - Radialpoint SafeCare Inc.) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Rapport (x32 Version: 3.5.1307.93 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.1 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virgin Media Digital Home Support 2.1.27 (HKLM-x32\...\RadialpointHomeSecurityDashboard_is1) (Version: 2.1.27 - Virgin Media)
Virgin Media Service Manager 3.7.47 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 3.7.47 - Virgin Media)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-448967375-642718620-1550321189-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

04-08-2014 11:00:39 Scheduled Checkpoint
11-08-2014 18:37:10 Scheduled Checkpoint
18-08-2014 13:17:20 Removed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0AE3BB73-CFAA-4CEA-A0C4-87B3A6C414D5} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0DC8DD86-2F7E-4109-91D9-0CFB07F24EAC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-24] (Synaptics Incorporated)
Task: {0FE86B56-921F-4E6A-8E91-358EE1CED001} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {15C78ECA-72E2-47CD-9324-8EEAC9EE46C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {180AD654-80E7-4DD8-9555-D173119715F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3FD1C87F-BD6C-45B3-91BB-55317485C6BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4D849C21-0C27-4C2C-A53A-5E2A3CFA6F70} - System32\Tasks\HPCeeScheduleForNIGHTSHADE31UK => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {53F336FB-28DD-47EC-85EB-0D122006563A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8DA85447-2EFF-4BED-8BB6-64883BD7EA99} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {94B28005-D3E7-4E38-BD5A-5ECEB841CFB2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {97F05E71-1A8A-44B0-A238-E0BE23F67C06} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-03-04] (Realtek Semiconductor)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A0ACE456-2A2D-48FE-9B82-D97F632C31C5} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {A390E851-0DC3-48E3-9740-487CA701823E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {B1D02232-0B85-4C64-BC4A-5ECE24105972} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {B2C73561-7C52-4B15-B780-CE9ADF706092} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B2CECB98-C00B-4D80-A7CC-C4C80124615A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D80B0EF1-6E34-4E5D-BA17-38BF8965EA69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DAA2DABA-D230-4FC5-B606-3F69189231CF} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F745F0D7-47C8-4699-AF56-4E5866DD4CA2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {FA6B66E1-E648-494E-BF71-2BE0A56E19A6} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNIGHTSHADE31UK.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-08-05 23:08 - 2014-08-05 23:08 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-16 10:22 - 2013-09-16 10:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-27 02:34 - 2014-07-04 01:15 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-07-04 01:08 - 2014-07-04 01:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-17 23:46 - 2014-08-17 23:46 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081701\algo.dll
2014-08-23 18:07 - 2014-08-23 18:07 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082302\algo.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-07-04 01:08 - 2014-07-04 01:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-04 21:37 - 2011-03-25 13:25 - 00158208 _____ () C:\Program Files (x86)\Virgin Media\Service Manager\Windows7Features.dll
2014-08-16 12:23 - 2014-08-07 04:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-16 12:23 - 2014-08-07 04:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-16 12:23 - 2014-08-07 04:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-16 12:23 - 2014-08-07 04:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-16 12:23 - 2014-08-07 04:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-16 12:23 - 2014-08-07 04:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\NIGHTSHADE31UK\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_2PeopleFav1370390283
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_3SkyDriveFav-324886575
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_4OLFavIE91410631431

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "Power2GoExpress8"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2014 01:47:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7859

Error: (08/23/2014 01:47:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7859

Error: (08/23/2014 01:47:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2014 01:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6718

Error: (08/23/2014 01:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6718

Error: (08/23/2014 01:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2014 01:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5390

Error: (08/23/2014 01:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5390

Error: (08/23/2014 01:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2014 01:47:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4047

System errors:
=============
Error: (08/21/2014 01:24:55 PM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B}

Error: (08/16/2014 05:28:28 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.3 with the system
having network hardware address 7C-61-93-2D-53-61. Network operations on this system may
be disrupted as a result.

Error: (08/10/2014 00:38:30 PM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/10/2014 00:38:05 PM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/10/2014 00:38:04 PM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (08/10/2014 00:38:04 PM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/09/2014 11:09:02 AM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/09/2014 11:09:02 AM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/09/2014 11:08:58 AM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4

Error: (08/09/2014 01:09:52 AM) (Source: DCOM) (EventID: 10010) (User: MARCONMACCA)
Description: {7379F0FF-EA46-4536-BEF5-68B6B5E54F9B}

Microsoft Office Sessions:
=========================
Error: (08/23/2014 01:47:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7859

Error: (08/23/2014 01:47:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7859

Error: (08/23/2014 01:47:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2014 01:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6718

Error: (08/23/2014 01:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6718

Error: (08/23/2014 01:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2014 01:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5390

Error: (08/23/2014 01:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5390

Error: (08/23/2014 01:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/23/2014 01:47:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4047

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 33%
Total physical RAM: 6033.27 MB
Available physical RAM: 4004.08 MB
Total Pagefile: 6993.27 MB
Available Pagefile: 4773.53 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:677.84 GB) (Free:630.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.58 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:7.53 GB) (Free:6.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 2C6B7369)
No partition Table on disk 1.

==================== End Of Log ============================

TwinHeadedEagle · Aug 25, 2014

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Nightshade · Aug 25, 2014

Both files, FRST and fixlist.txt are on my desktop. I have run the fix. However the

Fix with Farbar Recovery Scan Tool is located in my download folder and i originally ran it as administrator from there. I do hope i haven't messed this up for you? Maybe i need to do it agsain? The results of the fix it.....

ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM13/2
SearchScopes: HKLM - {D5BF3D39-6B3A-4A07-B419-0E30BBC6E364} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {E2C4BDB2-8F12-4D8C-8D78-FAF2EE8F7F50} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
CHR HomePage: hxxp://www.virginmedia.com/
CHR StartupUrls: "hxxp://www.virginmedia.com/"
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
emptytemp:
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_2PeopleFav1370390283
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_3SkyDriveFav-324886575
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_4OLFavIE91410631431
cmd: ipconfig /flushdns

TwinHeadedEagle · Aug 25, 2014

This is not Fixlog.txt you should attach, this is just my Fixlist.txt.

Nightshade · Aug 25, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by NIGHTSHADE31UK at 2014-08-25 14:42:55 Run:1
Running from C:\Users\NIGHTSHADE31UK\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM13/2
SearchScopes: HKLM - {D5BF3D39-6B3A-4A07-B419-0E30BBC6E364} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {E2C4BDB2-8F12-4D8C-8D78-FAF2EE8F7F50} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
CHR HomePage: hxxp://www.virginmedia.com/
CHR StartupUrls: "hxxp://www.virginmedia.com/"
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
emptytemp:
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_0OLFavIE91284348923
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_1OCalFavIE91545382048
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_2PeopleFav1370390283
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_3SkyDriveFav-324886575
AlternateDataStreams: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website:TASKICON_4OLFavIE91410631431
cmd: ipconfig /flushdns
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5BF3D39-6B3A-4A07-B419-0E30BBC6E364}" => Key deleted successfully.
"HKCR\CLSID\{D5BF3D39-6B3A-4A07-B419-0E30BBC6E364}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2C4BDB2-8F12-4D8C-8D78-FAF2EE8F7F50}" => Key deleted successfully.
"HKCR\CLSID\{E2C4BDB2-8F12-4D8C-8D78-FAF2EE8F7F50}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
AthBTPort => Service deleted successfully.
BTATH_A2DP => Service deleted successfully.
btath_avdt => Service deleted successfully.
BTATH_HCRP => Service deleted successfully.
BTATH_LWFLT => Service deleted successfully.
BTATH_RCP => Service deleted successfully.
C:\Users\NIGHTSHADE31UK\SkyDrive => ":ms-properties" ADS removed successfully.
C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_0OLFavIE91284348923" ADS removed successfully.
C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_1OCalFavIE91545382048" ADS removed successfully.
C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_2PeopleFav1370390283" ADS removed successfully.
C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_3SkyDriveFav-324886575" ADS removed successfully.
C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Outlook.website => ":TASKICON_4OLFavIE91410631431" ADS removed successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 462.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

TwinHeadedEagle · Aug 25, 2014

How is the situation now?

Nightshade · Aug 25, 2014

It seems ok but i haven't done much surfing yet.

TwinHeadedEagle · Aug 25, 2014

Okay, let me know

Nightshade · Aug 25, 2014

Just got another background page opening

Nightshade · Aug 25, 2014

Resource Limit Is Reached
The website is temporarily unable to service your request as it exceeded resource limit. Please try again later

Nightshade · Aug 25, 2014

Currently on facebook typing a status update and my font is changing colour as i type!!! Weird

TwinHeadedEagle · Aug 25, 2014

You could try to reset your internet router.

Nightshade · Aug 25, 2014

Okay, cheers

Nightshade · Aug 25, 2014

Got betting pages opening up now

TwinHeadedEagle · Aug 25, 2014

So everything is ok?

Nightshade · Aug 25, 2014

NO fraid not, still getting pages opening in the background and my facebook is playing up by changing the colour of my font in status box?

TwinHeadedEagle · Aug 25, 2014

Does this happens in all browsers?

Run FRST again, and attach fresh Scan report.

Nightshade · Aug 25, 2014

I only really use Chrome

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by NIGHTSHADE31UK (administrator) on MARCONMACCA on 25-08-2014 18:25:09
Running from C:\Users\NIGHTSHADE31UK\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Radialpoint Inc.) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
(Virgin Media) C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-30] (AVAST Software)
HKLM-x32\...\Run: [ServiceManager.exe] => C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe [4371768 2011-03-25] (Virgin Media)
HKLM-x32\...\Run: [DHSClient.exe] => C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe [2033944 2014-01-06] (Virgin Media)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-448967375-642718620-1550321189-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-21] (CyberLink Corp.)
Startup: C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKCU: hp.com/HPDetect -> C:\Users\NIGHTSHADE31UK\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-24]

Chrome:
=======
CHR HomePage: hxxp://www.virginmedia.com/
CHR StartupUrls: "hxxp://www.virginmedia.com/"
CHR Extension: (Voucher Codes From My Favourite Voucher Codes) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajbafjeagfjflajipdfbcfeipnghejec [2014-04-01]
CHR Extension: (Angry Birds) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-01]
CHR Extension: (TV) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-04-01]
CHR Extension: (Hot UK Deals - Never Miss a Deal Again!) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbjfidkkeojolopmhmioopfpbaapifi [2014-04-01]
CHR Extension: (Facebook Secret Emoticons) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2014-04-01]
CHR Extension: (Adblock Plus) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-01]
CHR Extension: (Solitaire Games) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo [2014-04-01]
CHR Extension: (AdBlock) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-01]
CHR Extension: (News Ticker Remover) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak [2014-08-14]
CHR Extension: (Google Wallet) - C:\Users\NIGHTSHADE31UK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-17] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 HsdService; C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [1407256 2014-01-06] (Virgin Media)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-24] (Intel Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-03-04] (Realtek Semiconductor)
R2 ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [689464 2011-03-25] (Radialpoint Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-03-24] (Intel Corporation)
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-04] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-06-23] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-05-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-24] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 14:41 - 2014-08-25 14:41 - 00037749 _____ () C:\Users\NIGHTSHADE31UK\Desktop\FRST.txt
2014-08-25 14:41 - 2014-08-25 14:41 - 00031136 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Addition.txt
2014-08-25 14:40 - 2014-08-25 14:40 - 00002782 _____ () C:\Users\NIGHTSHADE31UK\Desktop\fixlist.txt
2014-08-25 12:05 - 2014-08-25 12:06 - 00031136 _____ () C:\Users\NIGHTSHADE31UK\Downloads\Addition.txt
2014-08-25 12:04 - 2014-08-25 18:25 - 00016820 _____ () C:\Users\NIGHTSHADE31UK\Downloads\FRST.txt
2014-08-25 12:04 - 2014-08-25 18:25 - 00000000 ____D () C:\FRST
2014-08-25 12:02 - 2014-08-25 12:02 - 02103296 _____ (Farbar) C:\Users\NIGHTSHADE31UK\Downloads\FRST64.exe
2014-08-18 13:47 - 2014-08-18 13:48 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 13:47 - 2014-08-18 13:47 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-18 13:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-18 13:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-18 13:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-18 13:45 - 2014-08-18 13:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NIGHTSHADE31UK\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-18 01:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-18 01:05 - 2014-08-18 01:08 - 00000000 ____D () C:\AdwCleaner
2014-08-18 01:00 - 2014-08-18 01:00 - 01361671 _____ () C:\Users\NIGHTSHADE31UK\Downloads\adwcleaner_3.307.exe
2014-08-18 00:59 - 2014-08-18 01:00 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide)_files
2014-08-18 00:59 - 2014-08-18 00:59 - 00074877 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide).htm
2014-08-18 00:43 - 2014-08-18 00:43 - 00532480 _____ (Trend Micro Incorporated) C:\Users\NIGHTSHADE31UK\Downloads\cwshredder.exe
2014-08-17 19:45 - 2014-08-25 14:44 - 00001886 _____ () C:\WINDOWS\PFRO.log
2014-08-17 19:20 - 2014-08-17 19:20 - 04813544 _____ (Piriform Ltd) C:\Users\NIGHTSHADE31UK\Downloads\ccsetup416.exe
2014-08-14 16:00 - 2014-08-06 23:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-14 16:00 - 2014-08-02 06:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-14 16:00 - 2014-08-02 04:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-14 15:35 - 2014-06-13 02:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-14 15:35 - 2014-06-13 02:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-14 15:35 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-14 15:35 - 2014-06-06 12:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-14 15:34 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-14 15:34 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-14 15:34 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-14 15:34 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-14 15:34 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-14 15:34 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-14 15:34 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-14 15:34 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-14 15:34 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-14 15:34 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-14 15:34 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-14 15:34 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-14 15:34 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-14 15:34 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-14 15:34 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-14 15:34 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-14 15:34 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-14 15:34 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-14 15:34 - 2014-07-25 12:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-14 15:34 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 15:34 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-14 15:34 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-14 15:34 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-14 15:34 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-14 15:34 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-14 15:34 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-14 15:34 - 2014-07-25 12:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-14 15:34 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-14 15:34 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-14 15:34 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-14 15:34 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-14 15:34 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-14 15:34 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 15:34 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-14 15:34 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-14 15:33 - 2014-06-20 02:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-14 15:33 - 2014-06-20 00:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-14 15:28 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-14 15:28 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-14 15:27 - 2014-08-07 03:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-14 15:27 - 2014-08-06 23:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-14 15:27 - 2014-08-02 04:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-14 15:27 - 2014-07-15 19:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-14 15:27 - 2014-07-15 09:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-14 15:27 - 2014-07-15 09:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-14 15:27 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-14 15:27 - 2014-07-12 05:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-14 15:27 - 2014-06-04 10:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-14 15:27 - 2014-06-04 06:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-14 15:27 - 2014-06-04 06:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-14 15:27 - 2014-06-04 05:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-14 15:27 - 2014-06-04 05:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-14 15:27 - 2014-06-04 03:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-14 15:27 - 2014-06-04 03:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-05 23:29 - 2014-08-20 06:57 - 00000000 ___RD () C:\Users\NIGHTSHADE31UK\Dropbox
2014-08-05 23:29 - 2014-08-14 15:28 - 00001105 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Dropbox.lnk
2014-07-27 00:50 - 2014-07-27 00:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 18:25 - 2014-08-25 12:04 - 00016820 _____ () C:\Users\NIGHTSHADE31UK\Downloads\FRST.txt
2014-08-25 18:25 - 2014-08-25 12:04 - 00000000 ____D () C:\FRST
2014-08-25 18:23 - 2014-04-28 09:14 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\Documents\Youcam
2014-08-25 18:23 - 2014-03-24 11:54 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 18:22 - 2014-03-24 21:20 - 00000000 __RDO () C:\Users\NIGHTSHADE31UK\SkyDrive
2014-08-25 18:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-25 16:44 - 2014-03-24 11:34 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6CF90B90-D060-45C8-93EE-874DF67A8BF6}
2014-08-25 16:35 - 2014-03-26 16:32 - 00138752 ___SH () C:\Users\NIGHTSHADE31UK\Desktop\Thumbs.db
2014-08-25 16:31 - 2014-03-24 21:13 - 01718234 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-25 16:21 - 2014-06-11 19:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-25 16:20 - 2014-03-24 11:54 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 16:16 - 2014-03-24 11:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-448967375-642718620-1550321189-1001
2014-08-25 16:07 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-25 16:06 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-25 14:44 - 2014-08-17 19:45 - 00001886 _____ () C:\WINDOWS\PFRO.log
2014-08-25 14:41 - 2014-08-25 14:41 - 00037749 _____ () C:\Users\NIGHTSHADE31UK\Desktop\FRST.txt
2014-08-25 14:41 - 2014-08-25 14:41 - 00031136 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Addition.txt
2014-08-25 14:40 - 2014-08-25 14:40 - 00002782 _____ () C:\Users\NIGHTSHADE31UK\Desktop\fixlist.txt
2014-08-25 12:06 - 2014-08-25 12:05 - 00031136 _____ () C:\Users\NIGHTSHADE31UK\Downloads\Addition.txt
2014-08-25 12:02 - 2014-08-25 12:02 - 02103296 _____ (Farbar) C:\Users\NIGHTSHADE31UK\Downloads\FRST64.exe
2014-08-23 19:41 - 2014-03-24 12:59 - 00000499 _____ () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Burnley FC News - Clarets Mad.website
2014-08-23 19:39 - 2014-03-24 12:55 - 00000411 _____ () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\burnleyfc.com.website
2014-08-23 17:08 - 2014-03-24 23:44 - 00003224 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForNIGHTSHADE31UK
2014-08-23 17:08 - 2014-03-24 23:44 - 00000392 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForNIGHTSHADE31UK.job
2014-08-20 06:57 - 2014-08-05 23:29 - 00000000 ___RD () C:\Users\NIGHTSHADE31UK\Dropbox
2014-08-20 06:49 - 2014-07-04 01:18 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Dropbox
2014-08-19 13:40 - 2014-03-24 22:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-08-18 13:48 - 2014-08-18 13:47 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 13:47 - 2014-08-18 13:47 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 13:47 - 2014-08-18 13:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-18 13:46 - 2014-08-18 13:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NIGHTSHADE31UK\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-18 10:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-18 01:08 - 2014-08-18 01:05 - 00000000 ____D () C:\AdwCleaner
2014-08-18 01:00 - 2014-08-18 01:00 - 01361671 _____ () C:\Users\NIGHTSHADE31UK\Downloads\adwcleaner_3.307.exe
2014-08-18 01:00 - 2014-08-18 00:59 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide)_files
2014-08-18 00:59 - 2014-08-18 00:59 - 00074877 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Remove Adcash.com pop-up ads (Virus Removal Guide).htm
2014-08-18 00:43 - 2014-08-18 00:43 - 00532480 _____ (Trend Micro Incorporated) C:\Users\NIGHTSHADE31UK\Downloads\cwshredder.exe
2014-08-18 00:16 - 2014-06-06 15:33 - 00069632 ___SH () C:\Users\NIGHTSHADE31UK\Downloads\Thumbs.db
2014-08-17 19:21 - 2014-03-24 11:58 - 00000801 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-17 19:21 - 2014-03-24 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-17 19:21 - 2014-03-24 11:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-17 19:20 - 2014-08-17 19:20 - 04813544 _____ (Piriform Ltd) C:\Users\NIGHTSHADE31UK\Downloads\ccsetup416.exe
2014-08-17 15:13 - 2014-03-24 11:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-08-17 13:54 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-15 14:59 - 2013-08-22 15:44 - 00335952 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-08-14 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 16:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-14 16:12 - 2014-03-24 14:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 16:08 - 2014-03-24 14:27 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-14 16:04 - 2014-07-12 13:14 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-14 15:28 - 2014-08-05 23:29 - 00001105 _____ () C:\Users\NIGHTSHADE31UK\Desktop\Dropbox.lnk
2014-08-14 15:28 - 2014-07-04 01:20 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 15:20 - 2014-06-25 19:50 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 15:20 - 2014-04-11 12:56 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 15:20 - 2014-04-11 12:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 15:19 - 2014-06-25 19:49 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 15:19 - 2014-04-12 11:59 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 15:19 - 2014-04-12 11:54 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 15:19 - 2014-04-11 12:56 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 15:19 - 2014-04-11 12:46 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 15:19 - 2014-04-11 12:46 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 15:19 - 2014-04-11 12:46 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 15:19 - 2014-04-11 12:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-07 03:12 - 2014-08-14 15:27 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-06 23:39 - 2014-08-14 15:27 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-06 23:38 - 2014-08-14 16:00 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-05 23:29 - 2014-03-24 21:01 - 00000000 ____D () C:\Users\NIGHTSHADE31UK
2014-08-02 06:44 - 2014-08-14 16:00 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 04:56 - 2014-08-14 15:27 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 04:11 - 2014-08-14 16:00 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 01:17 - 2013-08-22 16:38 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 01:17 - 2013-08-22 16:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-31 00:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-29 09:45 - 2013-11-14 13:45 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-27 00:50 - 2014-07-27 00:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-27 00:50 - 2014-03-24 11:33 - 00000000 ____D () C:\Users\NIGHTSHADE31UK\AppData\Local\Packages

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-18 10:07

==================== End Of Log ============================

Solved fake You are currently browsing the web with Google Chrome and your Video Player might be outdated

New Member

Level 41

New Member

Level 41

Attachments

New Member

Level 41

New Member

Level 41

New Member

Level 41

New Member

New Member

New Member

Level 41

New Member

New Member

Level 41

New Member

Level 41

New Member

Similar threads