PDA

View Full Version : ad.xtendmedia infection?



aardvark2012
2013-03-23, 06:36
Hi,

I've been getting an ad appearing in the bottom left of my browser window (IE9) linked to the address ad.xtendmedia.com (visible on mouse-over -- I haven't clicked it). In itself, it's only mildly irritating, but I looked around and it appears it can make things go pear-shaped if it's left lying around.

This may be irrelevant, but the appearance of these ads seems to be correlated with a "Do you want to open or save bv.js from www.google-analytics.com?" message.

Here are the logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by Toby at 13:47:37 on 2013-03-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8175.4970 [GMT 10.5:30]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [UpdatePSTShortCut] c:\program files (x86)\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\powerstarter
mRun: [LGODDFU] "c:\program files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [UCam_Menu] c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0
mRun: [UpdatePPShortCut] c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0
mRun: [BDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe
mRun: [RemoteControl9] c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exe
mRun: [UpdateP2GoShortCut] c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0
mRun: [CLMLServer] c:\program files (x86)\cyberlink\power2go\clmlsvc.exe
mRun: [MDS_Menu] c:\program files (x86)\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1
mRun: [UpdateLBPShortCut] c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9B181EEF-1FC6-45B0-879C-09D01DD8FF35} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.157.56.28 www.google-analytics.com.
Hosts: 192.157.56.28 ad-emea.doubleclick.net.
Hosts: 192.157.56.28 www.statcounter.com.
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-3-22 17720]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-21 21104]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2012-1-7 16384]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-13 465216]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-24 821592]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-11 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-11 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-11 168384]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-21 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-9-21 2725376]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-3-7 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 65280]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-3-5 21384]
R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-1-7 23680]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-3-5 33224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-21 413800]
R3 SynUSB64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-10-7 30352]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-3-5 21904]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/22 14:59:02;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-22 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-21 30528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-21 1255736]
.
=============== Created Last 30 ================
.
2013-03-22 00:43:48 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-03-13 09:15:49 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-13 03:58:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-13 03:30:57 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-03-12 18:22:26 15859416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-11 03:27:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-03-11 03:26:52 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-03-11 03:26:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-11 03:25:21 -------- d-----w- C:\Users\Toby\AppData\Local\Programs
2013-02-25 14:02:44 25256224 ----a-w- C:\Windows\System32\nvcompiler.dll
.
==================== Find3M ====================
.
2013-03-13 12:15:46 25640 ----a-w- C:\Windows\gdrv.sys
2013-03-13 09:16:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-13 09:16:41 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-03-13 09:16:41 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-13 09:16:41 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-03-13 09:16:41 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-03-13 09:16:41 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-03-13 09:16:41 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-03-13 09:16:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-03-13 09:16:41 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-03-13 09:16:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-13 09:16:40 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-03-13 09:16:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-03-13 03:58:07 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-13 03:58:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-12 18:22:32 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 18:22:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-17 22:52:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-02-17 22:52:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-02-17 22:52:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-02-13 02:40:14 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 02:40:14 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 02:40:14 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 02:36:41 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 02:36:41 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 02:35:35 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 02:35:16 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 02:35:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 02:35:16 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-02-13 02:35:16 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 02:35:16 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 02:35:16 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 02:35:16 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-29 07:45:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2013-01-29 07:45:06 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2013-01-29 07:45:06 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2013-01-29 07:45:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2013-01-29 07:45:06 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2013-01-29 07:45:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2013-01-29 07:45:04 50800 ----a-w- C:\Windows\System32\drivers\point64.sys
2013-01-21 00:42:12 2177664 ----a-w- C:\Windows\System32\coin93.dll
2013-01-18 15:00:28 6390048 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-18 15:00:28 3460896 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-18 15:00:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-18 15:00:11 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-18 15:00:11 2953448 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-01-18 15:00:11 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-18 15:00:11 118560 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-17 21:45:24 550176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-01-15 08:19:06 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
.
============= FINISH: 13:47:55.39 ===============


Here's the attach.txt. The attachment icon doesn't seem to be working for me, so I'll paste it in. Sorry. But it was referred to in the DDS.txt, so I'm guessing it might be important. (I know... big CAPS telling me not to do this. But I really can't attach it. <Cringe>)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21/09/2011 8:55:06 AM
System Uptime: 13/03/2013 10:44:57 PM (231 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z68A-D3-B3
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 221.967 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 370.04 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP210: 13/03/2013 7:45:25 PM - Windows Modules Installer
RP211: 13/03/2013 10:41:21 PM - Windows Update
RP212: 21/03/2013 4:12:40 PM - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 192.157.56.28 www.google-analytics.com.
Hosts: 192.157.56.28 ad-emea.doubleclick.net.
Hosts: 192.157.56.28 www.statcounter.com.
Hosts: 93.115.241.27 www.google-analytics.com.
Hosts: 93.115.241.27 ad-emea.doubleclick.net.
Hosts: 93.115.241.27 www.statcounter.com.
.
==== Installed Programs ======================
.
@BIOS
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
Advanced SystemCare 6
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Age of Mythology
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Gamer OSD
ASUS nVidia Driver
ASUS Smart Doctor
ASUS Xonar DS Audio Driver
Bonjour
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
Dragon Age II
Dragon Age: Origins
Easy Tune 6 B11.0512.1
eLicenser Control
ESET Smart Security
Etron USB3.0 Host Controller
EVE Online (remove only)
Fraps
Game Booster
GIMP 2.6.11
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript
GSview 5.0
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
Intel(R) Control Center
Intel(R) Management Engine Components
IObit Malware Fighter
iTunes
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 30 (64-bit)
Java(TM) 7 Update 5 (64-bit)
LG Tool Kit
LightScribe System Software
Lux Delux 6.22
Mass Effect
Mass Effect 2
Mass Effect™ 3
Mathematica 8 Home Edition (M-WIN-H 8.0.1 2063989)
Mathematica Extras 8.0 (2063897)
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MovieEdit Task
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Nexus Mod Manager
NVIDIA 3D Vision Controller Driver 295.73
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Oblivion
Oblivion - BTmod 2.20
ON_OFF Charge B11.0110.1
OpenAL
OpenTTD 1.2.3
Origin
PhotoStitch
Portal
QuickTime
RAW Image Task 2.2
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Smart 6 B11.0512.1
Smart Defrag 2
Spybot - Search & Destroy
Steam
Steinberg Cubase 5 64bit
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg Groove Agent ONE Vintage Beatboxes
Steinberg HALion Symphonic Orchestra 16-bit Edition
Steinberg HALionOne 64bit
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
Thief - Deadly Shadows
Thief 3 Sneaky Upgrade version 1.1.0
Unofficial Oblivion Patch v3.2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Utility
VLC media player 1.1.11
WinRAR archiver
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
17/03/2013 10:15:45 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Toby-PC\Toby SID (S-1-5-21-215604361-2767803132-3690170996-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
17/03/2013 10:15:45 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Toby-PC\Toby SID (S-1-5-21-215604361-2767803132-3690170996-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Here's the aswMBR log.


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 14:02:27
-----------------------------
14:02:27.713 OS Version: Windows x64 6.1.7601 Service Pack 1
14:02:27.713 Number of processors: 4 586 0x2A07
14:02:27.713 ComputerName: TOBY-PC UserName: Toby
14:02:31.965 Initialize success
14:05:17.859 AVAST engine defs: 13032201
14:05:56.444 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-5
14:05:56.445 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
14:05:56.446 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
14:05:56.448 Disk 1 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
14:05:56.538 Disk 0 MBR read successfully
14:05:56.540 Disk 0 MBR scan
14:05:56.555 Disk 0 Windows 7 default MBR code
14:05:56.561 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:05:56.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:05:56.599 Disk 0 scanning C:\Windows\system32\drivers
14:06:10.161 Service scanning
14:06:31.404 Modules scanning
14:06:31.407 Disk 0 trace - called modules:
14:06:31.445 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:06:31.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077c1060]
14:06:31.450 3 CLASSPNP.SYS[fffff880018b643f] -> nt!IofCallDriver -> [0xfffffa8006678e40]
14:06:31.452 5 ACPI.sys[fffff880011997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa800751c680]
14:06:37.846 AVAST engine scan C:\Windows
14:06:40.602 AVAST engine scan C:\Windows\system32
14:10:48.641 AVAST engine scan C:\Windows\system32\drivers
14:11:08.195 AVAST engine scan C:\Users\Toby
14:20:28.572 AVAST engine scan C:\ProgramData
14:21:12.650 Scan finished successfully
14:42:42.633 Disk 0 MBR has been saved successfully to "C:\Users\Toby\Desktop\MBR.dat"
14:42:42.649 The log file has been saved successfully to "C:\Users\Toby\Desktop\aswMBR.txt"


Many thanks in advance.
Toby

aardvark2012
2013-03-28, 11:44
This issue is being resolved elsewhere, so this thread can be deleted. Cheers.