Macon

Awesome! Thank you so much, gringo. Paypal donation on its way....

Hello Gringo. I did what you suggested with Hijack This. The Eset Online Scanner didn't find anything.

All done. Thank you so much for your help. MBAM quick scan log here:- Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.30.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Nick :: MEDION-PC [administrator] 30/12/2012 22:12:07 mbam-log-2012-12-30 (22-12-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 253054 Time elapsed: 3 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Hijack This log:- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:21:34, on 30/12/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Game Booster\gbtray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Nick\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://notthetalk.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4444;https=127.0.0.1:4445 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} (FuturemarkSystemInfoX Class) - http://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12826 bytes *** The big change I notice is that new tabs clearly open faster in IE9 now.

The reboot went fine. (This may not be an absolute guarantee that everything is normal, as I didn't have problems EVERY time previously...) But it's looking promising, right?

It hasn't been restarted since I started your cleaning process. But immediately prior to it, i would say. (I've noticed that IE9 is now running like lightning for me: it's been slow for quite a long time - much, much earlier than the point when I downloaded iLivid and I knew I had a problem)

OK - here we are. Again, it didn't require a reboot. Everything seems fine at present: previously my problems occured when rebooting - typically, I get a blue screen followed by an instruction to try auto recovery followed by a black screen after the Windows login (which is eventually reolved by rebooting a couple more times. The log:- ComboFix 12-12-30.01 - Nick 30/12/2012 20:38:33.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4013.1999 [GMT 0:00] Running from: c:\users\Nick\Desktop\ComboFix.exe Command switches used :: c:\users\Nick\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 ))))))))))))))))))))))))))))))) . . 2012-12-30 20:43 . 2012-12-30 20:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-30 20:43 . 2012-12-30 20:43 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-12-30 20:43 . 2012-12-30 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-30 20:06 . 2012-12-30 20:06 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8B53114-0354-4C7D-9F4E-141619D43E14}\offreg.dll 2012-12-30 17:35 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-30 07:40 . 2012-12-30 07:40 -------- d-----w- c:\users\Nick\AppData\Local\Programs 2012-12-30 07:35 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8B53114-0354-4C7D-9F4E-141619D43E14}\mpengine.dll 2012-12-23 01:04 . 2012-06-27 19:26 773968 ----a-w- c:\windows\system32\msvcr100.dll 2012-12-23 01:03 . 2012-12-23 01:03 -------- d-----w- c:\programdata\Wincert 2012-12-22 23:54 . 2012-12-23 00:21 -------- d-----w- c:\users\Nick\AppData\Roaming\FileZilla 2012-12-22 23:54 . 2012-12-22 23:54 -------- d-----w- c:\program files (x86)\FileZilla FTP Client . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-17 17:45 . 2012-04-03 16:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-17 17:45 . 2011-05-17 16:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 16:49 . 2012-09-05 23:23 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-18 19:11 . 2010-09-24 22:48 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-30 22:51 . 2011-03-08 17:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-03-08 17:36 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-03-08 17:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-03-08 17:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2011-03-08 17:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-03-08 17:36 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-03-08 17:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-03-08 17:36 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-18 18:25 . 2012-11-16 17:06 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-10-08 12:19 . 2012-11-18 19:13 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-10-08 11:42 . 2012-11-18 19:13 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-10-08 11:31 . 2012-11-18 19:13 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 11:24 . 2012-11-18 19:13 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-10-08 11:23 . 2012-11-18 19:13 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 11:22 . 2012-11-18 19:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 11:22 . 2012-11-18 19:13 237056 ----a-w- c:\windows\system32\url.dll 2012-10-08 11:20 . 2012-11-18 19:13 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-10-08 11:18 . 2012-11-18 19:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 11:17 . 2012-11-18 19:13 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 11:17 . 2012-11-18 19:13 816640 ----a-w- c:\windows\system32\jscript.dll 2012-10-08 11:15 . 2012-11-18 19:13 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-10-08 11:15 . 2012-11-18 19:13 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-10-08 11:13 . 2012-11-18 19:13 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-10-08 11:13 . 2012-11-18 19:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-08 11:09 . 2012-11-18 19:13 248320 ----a-w- c:\windows\system32\ieui.dll 2012-10-08 07:56 . 2012-11-18 19:13 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-10-08 07:48 . 2012-11-18 19:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-10-08 07:47 . 2012-11-18 19:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44 . 2012-11-18 19:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43 . 2012-11-18 19:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-10-08 07:40 . 2012-11-18 19:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-10-02 22:21 . 2012-10-19 03:03 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-02 22:21 . 2012-10-19 03:03 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-02 22:21 . 2012-10-19 03:03 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-02 22:21 . 2012-10-19 03:03 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-02 22:21 . 2012-10-19 03:03 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-02 22:21 . 2012-10-19 03:03 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-02 22:21 . 2012-10-19 03:03 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-02 22:21 . 2012-10-19 03:03 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-02 22:21 . 2012-10-19 03:03 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-02 22:21 . 2012-10-19 03:03 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-02 22:21 . 2012-10-19 03:03 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-02 22:21 . 2012-10-19 03:03 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-19 03:03 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-02 22:21 . 2012-10-19 03:03 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-19 03:03 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-02 22:21 . 2012-10-19 03:03 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-02 22:21 . 2012-03-15 20:05 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-02 22:21 . 2011-12-03 09:12 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-02 22:21 . 2010-09-24 10:53 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-02 22:21 . 2010-09-24 10:53 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-02 22:21 . 2010-09-24 10:53 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-02 19:51 . 2010-08-02 02:00 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2010-08-02 02:00 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2010-08-02 02:00 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:50 . 2010-08-02 02:00 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2010-08-02 02:00 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:50 . 2010-08-02 02:00 2557800 ----a-w- c:\windows\system32\nvsvcr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-07-19 2482176] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1100320] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 14:41] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 14:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-14 11465832] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-14 2122344] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://notthetalk.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:4444;https=127.0.0.1:4445 uInternet Settings,ProxyOverride = *.local;<local> IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 TCP: DhcpNameServer = 192.168.2.1 DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3234406922-1430347133-979619519-1000\Software\SecuROM\License information*] "datasecu"=hex:b2,9d,53,e3,ce,c5,bc,e1,2e,c8,ed,14,8b,30,f3,f0,db,87,a0,22,f0, ec,05,27,ee,1a,96,1e,73,72,db,86,e3,72,3f,5f,e2,90,22,ec,84,93,c9,9d,4d,e4,\ "rkeysecu"=hex:08,8c,87,ee,df,0c,38,8d,33,bf,53,db,a6,8d,b5,99 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-30 20:45:31 ComboFix-quarantined-files.txt 2012-12-30 20:45 ComboFix2.txt 2012-12-30 20:11 . Pre-Run: 221,379,997,696 bytes free Post-Run: 221,074,362,368 bytes free . - - End Of File - - F5431A04225EA58F97B899984E26DDD9

Oh - it looks like I didn't turn Windows Defender off. Do I need to run again?

Done; Combofix didn't do any re-boots. PC behaving normally, I think.... ComboFix 12-12-30.01 - Nick 30/12/2012 20:00:48.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4013.2517 [GMT 0:00] Running from: c:\users\Nick\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 ))))))))))))))))))))))))))))))) . . 2012-12-30 20:08 . 2012-12-30 20:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-30 20:08 . 2012-12-30 20:08 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-12-30 20:08 . 2012-12-30 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-30 20:06 . 2012-12-30 20:06 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8B53114-0354-4C7D-9F4E-141619D43E14}\offreg.dll 2012-12-30 17:35 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-30 07:40 . 2012-12-30 07:40 -------- d-----w- c:\users\Nick\AppData\Local\Programs 2012-12-30 07:35 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8B53114-0354-4C7D-9F4E-141619D43E14}\mpengine.dll 2012-12-23 01:04 . 2012-06-27 19:26 773968 ----a-w- c:\windows\system32\msvcr100.dll 2012-12-23 01:03 . 2012-12-23 01:03 -------- d-----w- c:\programdata\Wincert 2012-12-22 23:54 . 2012-12-23 00:21 -------- d-----w- c:\users\Nick\AppData\Roaming\FileZilla 2012-12-22 23:54 . 2012-12-22 23:54 -------- d-----w- c:\program files (x86)\FileZilla FTP Client . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-17 17:45 . 2012-04-03 16:48 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-17 17:45 . 2011-05-17 16:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 16:49 . 2012-09-05 23:23 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-18 19:11 . 2010-09-24 22:48 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-30 22:51 . 2011-03-08 17:36 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-03-08 17:36 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-03-08 17:36 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-03-08 17:36 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2011-03-08 17:36 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-03-08 17:36 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-03-08 17:36 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-03-08 17:36 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-18 18:25 . 2012-11-16 17:06 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-10-08 12:19 . 2012-11-18 19:13 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-10-08 11:42 . 2012-11-18 19:13 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-10-08 11:31 . 2012-11-18 19:13 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 11:24 . 2012-11-18 19:13 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-10-08 11:23 . 2012-11-18 19:13 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 11:22 . 2012-11-18 19:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 11:22 . 2012-11-18 19:13 237056 ----a-w- c:\windows\system32\url.dll 2012-10-08 11:20 . 2012-11-18 19:13 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-10-08 11:18 . 2012-11-18 19:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 11:17 . 2012-11-18 19:13 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 11:17 . 2012-11-18 19:13 816640 ----a-w- c:\windows\system32\jscript.dll 2012-10-08 11:15 . 2012-11-18 19:13 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-10-08 11:15 . 2012-11-18 19:13 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-10-08 11:13 . 2012-11-18 19:13 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-10-08 11:13 . 2012-11-18 19:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-10-08 11:09 . 2012-11-18 19:13 248320 ----a-w- c:\windows\system32\ieui.dll 2012-10-08 07:56 . 2012-11-18 19:13 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-10-08 07:48 . 2012-11-18 19:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-10-08 07:47 . 2012-11-18 19:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44 . 2012-11-18 19:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43 . 2012-11-18 19:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-10-08 07:40 . 2012-11-18 19:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-10-02 22:21 . 2012-10-19 03:03 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-02 22:21 . 2012-10-19 03:03 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-02 22:21 . 2012-10-19 03:03 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-02 22:21 . 2012-10-19 03:03 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-02 22:21 . 2012-10-19 03:03 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-02 22:21 . 2012-10-19 03:03 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-02 22:21 . 2012-10-19 03:03 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-02 22:21 . 2012-10-19 03:03 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-02 22:21 . 2012-10-19 03:03 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-02 22:21 . 2012-10-19 03:03 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-02 22:21 . 2012-10-19 03:03 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-02 22:21 . 2012-10-19 03:03 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-19 03:03 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-02 22:21 . 2012-10-19 03:03 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-02 22:21 . 2012-10-19 03:03 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-02 22:21 . 2012-10-19 03:03 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-02 22:21 . 2012-03-15 20:05 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-10-02 22:21 . 2011-12-03 09:12 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-02 22:21 . 2010-09-24 10:53 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-02 22:21 . 2010-09-24 10:53 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-02 22:21 . 2010-09-24 10:53 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-02 19:51 . 2010-08-02 02:00 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2010-08-02 02:00 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2010-08-02 02:00 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:50 . 2010-08-02 02:00 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2010-08-02 02:00 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:50 . 2010-08-02 02:00 2557800 ----a-w- c:\windows\system32\nvsvcr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-07-19 2482176] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1100320] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 14:41] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 14:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-14 11465832] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-14 2122344] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://notthetalk.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:4444;https=127.0.0.1:4445 uInternet Settings,ProxyOverride = *.local;<local> IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 TCP: DhcpNameServer = 192.168.2.1 DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab . - - - - ORPHANS REMOVED - - - - . SafeBoot-BsScanner HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-3234406922-1430347133-979619519-1000\Software\SecuROM\License information*] "datasecu"=hex:b2,9d,53,e3,ce,c5,bc,e1,2e,c8,ed,14,8b,30,f3,f0,db,87,a0,22,f0, ec,05,27,ee,1a,96,1e,73,72,db,86,e3,72,3f,5f,e2,90,22,ec,84,93,c9,9d,4d,e4,\ "rkeysecu"=hex:08,8c,87,ee,df,0c,38,8d,33,bf,53,db,a6,8d,b5,99 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-30 20:11:33 ComboFix-quarantined-files.txt 2012-12-30 20:11 . Pre-Run: 221,231,767,552 bytes free Post-Run: 221,320,347,648 bytes free . - - End Of File - - 8F6AAE001CD9E61BF0E31B22A1536E6B

OK - all done. (The reboot after running AdwCleaner went smoothly). 1) Security Check log:- Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 21 Java version out of Date! Adobe Flash Player 11.2.202.235 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` 2) AdwCleaner log:- # AdwCleaner v2.104 - Logfile created 12/30/2012 at 19:26:35 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Nick - MEDION-PC # Boot Mode : Normal # Running from : C:\Users\Nick\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\search results toolbar Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\Nick\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f} ***** [Registry] ***** Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\AppDataLow\Software\Headlight Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\ilividtoolbarguid Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Headlight Key Deleted : HKLM\Software\iLividSRTB Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468} Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3908 octets] - [30/12/2012 19:25:36] AdwCleaner[s1].txt - [3788 octets] - [30/12/2012 19:26:35] ########## EOF - C:\AdwCleaner[s1].txt - [3848 octets] ########## 3) RogueKiller log:- RogueKiller V8.4.1 [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Nick [Admin rights] Mode : Remove -- Date : 12/30/2012 19:32:46 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] SansaDispatch.exe -- C:\Users\Nick\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Nick\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> DELETED [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:4444;hxxps=127.0.0.1:4445) -> NOT REMOVED, USE PROXYFIX [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ SMENU] HKLM\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM641JI +++++ --- User --- [MBR] a6980556b219be531ce1999b1ffbc0c3 [bSP] be87d67e4a2182beadf6f4ea8a6854da : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 547912 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1122330624 | Size: 61440 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1248159744 | Size: 1026 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_12302012_02d1932.txt >> RKreport[1]_S_12302012_02d1932.txt ; RKreport[2]_D_12302012_02d1932.txt

Great - thanks, Gringo. Will get started on these, and post my findings as soon as I can

Hi there, Just before Christmas, I inadvertently downloaded iLivid. My browser was hijacked to nusearch. Using malwarebytes, I've got rid of the nusearch redirect, and unistalled iLivid - but I am now having blue screens on startup, failures to launch Windows normally, and the occasional warning that my copy of Windows is not genuine. A quickscan with malwarenytes continues to find registry entries for PUP. DATAMNGR. It appears to have deleted them successfully - but they just keep coming back.... Requested logs attached:- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by Nick at 18:12:15 on 2012-12-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4013.2456 [GMT 0:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\IObit\Game Booster\gbtray.exe C:\Windows\Explorer.EXE C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\System Control Manager\MSIService.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Nick\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://notthetalk.com/ uProxyServer = hxxp=127.0.0.1:4444;https=127.0.0.1:4445 mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IE to GetRight Helper: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\GetRight\xx2gr.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [sansaDispatch] C:\Users\Nick\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.co...72741-17534-1/4 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v4120.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{CD9CA7A7-9C78-4760-8970-2C5CCCC2BE85} : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{D30BB5F7-A2B3-4836-82E0-E54A40A93DCE} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D30BB5F7-A2B3-4836-82E0-E54A40A93DCE}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{D30BB5F7-A2B3-4836-82E0-E54A40A93DCE}\742756164702541637475627E6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{D30BB5F7-A2B3-4836-82E0-E54A40A93DCE}\C4F6E6769647574656 : DHCPNameServer = 192.168.1.254 AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-8 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-8 370288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-8 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-8 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-30 44808] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-25 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-15 398184] R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-9-25 160768] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-5 24176] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-1 1100320] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-15 682344] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-9-24 52264] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-25 35104] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-10-21 136896] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2010-9-25 290920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-19 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-10-21 14544] . =============== Created Last 30 ================ . 2012-12-30 17:35:29 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-12-30 07:40:12 -------- d-----w- C:\Users\Nick\AppData\Local\Programs 2012-12-30 07:35:30 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8B53114-0354-4C7D-9F4E-141619D43E14}\mpengine.dll 2012-12-23 01:04:04 773968 ----a-w- C:\Windows\System32\msvcr100.dll 2012-12-23 01:03:52 -------- d-----w- C:\ProgramData\Wincert 2012-12-23 01:03:37 -------- d-----w- C:\ProgramData\boost_interprocess 2012-12-23 01:03:36 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar . ==================== Find3M ==================== . 2012-12-17 17:45:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-17 17:45:24 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-30 22:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-10-30 22:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll 2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll . ============= FINISH: 18:12:25.74 =============== And here's the second log:- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 06/12/2010 14:41:44 System Uptime: 30/12/2012 17:56:27 (1 hours ago) . Motherboard: MEDION | | X681X Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz | CPU 1 | 2534/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 535 GiB total, 206.165 GiB free. D: is FIXED (NTFS) - 60 GiB total, 42.726 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP279: 16/12/2012 04:46:29 - Windows Update RP280: 23/12/2012 05:55:31 - Windows Update RP281: 30/12/2012 08:48:43 - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 (x64 edition) Acrobat.com Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin 64-bit Adobe Reader 9.5.2 MUI Amazon MP3 Downloader 1.0.9 Apple Application Support Apple Mobile Device Support Apple Software Update Assassin's Creed Brotherhood AudibleManager avast! Free Antivirus Batman: Arkham City™ BBC iPlayer Desktop Bonjour Broken Sword II: The Smoking Mirror calibre Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Cities XL 2012 Crusader Kings II CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD Copy CyberLink YouCam Dual-Core Optimizer Endless Space Fallout 3 - Game of the Year Edition FileZilla Client 3.6.0.2 FMRTE FMRTE 5.2.5 Football Manager 2012 Editor Football Manager 2012 Resource Archiver Football Manager 2013 Futuremark SystemInfo Game Booster 3 GetRight Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel® Rapid Storage Technology iTunes Java Auto Updater Java™ 6 Update 21 Java™ 6 Update 21 (64-bit) Java™ 7 Update 3 (64-bit) Junk Mail filter update Just Cause 2 Lego Star Wars Saga Malwarebytes Anti-Malware version 1.70.0.1100 Medion Home Cinema Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Reader Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mount and Blade Warband - Demo MSVCRT MSXML 4.0 SP2 (KB973688) New Star Soccer 5 v1.09 Nexus Mod Manager NVIDIA Control Panel 306.97 NVIDIA Display Control Panel NVIDIA Graphics Driver 306.97 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0604 NVIDIA Update 1.10.8 NVIDIA Update Components OpenAL PlayReady PC Runtime amd64 Portal: First Slice PunkBuster Services QuickTime Reader Library by Sony Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver REALTEK Wireless LAN Driver Renesas Electronics USB 3.0 Host Controller Driver Ridge Racer™ Unbounded Demo Rome: Total War Gold Edition Sansa Updater Search-Results Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sid Meier's Civilization V SkyrimMap SpaceChem - Demo Spelling Dictionaries Support For Adobe Reader 9 Steam Synaptics Pointing Device Driver System Control Manager System Requirements Lab System Requirements Lab CYRI System Requirements Lab for Intel The Elder Scrolls V: Skyrim The Longest Journey The Lord of the Rings Online™ The Lord of the Rings Online™ v03.07.01.8015 Ubisoft Game Launcher Unofficial Oblivion Patch v3.2.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Ventrilo Client VLC media player 1.1.5 WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Writer WinRAR 4.00 beta 3 (32-bit) World of Warcraft XCOM: Enemy Unknown . ==== Event Viewer Messages From Past Week ======== . 30/12/2012 18:00:16, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 30/12/2012 18:00:16, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 30/12/2012 17:58:12, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 30/12/2012 17:58:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect. 30/12/2012 17:58:01, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 30/12/2012 17:50:38, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800830f7c0, 0xfffffa800830faa0, 0xfffff800035cf460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123012-42541-01. 30/12/2012 17:11:29, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 30/12/2012 13:27:51, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 30/12/2012 13:16:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050031, 0x00000000000006f8, 0xfffff80003382ecf). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123012-43976-01. 30/12/2012 13:11:56, Error: volmgr [46] - Crash dump initialization failed! 30/12/2012 07:35:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 30/12/2012 07:35:01, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 30/12/2012 07:34:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. 30/12/2012 07:34:00, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect. 30/12/2012 07:31:04, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting. 30/12/2012 07:25:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 30/12/2012 07:25:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 30/12/2012 07:25:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 30/12/2012 07:24:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 30/12/2012 07:24:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 30/12/2012 07:18:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8007000690, 0xfffffa8007000970, 0xfffff800035e5460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 123012-26161-01. 29/12/2012 15:00:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Interactive Services Detection service to connect. 29/12/2012 15:00:02, Error: Service Control Manager [7000] - The Interactive Services Detection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 29/12/2012 08:51:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect. 29/12/2012 08:51:48, Error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 28/12/2012 23:20:38, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008011590, 0xfffffa8008011870, 0xfffff8000358c460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122812-22682-01. 28/12/2012 16:13:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80080659d0, 0xfffffa8008065cb0, 0xfffff800035dc460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122812-18361-01. 26/12/2012 09:31:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8007fe0940, 0xfffffa8007fe0c20, 0xfffff800035df460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122612-27144-01. 24/12/2012 20:01:29, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The pipe has been ended. 24/12/2012 20:01:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 23/12/2012 05:56:14, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File ===========================