I noticed 3 days ago that background adverts and music started playing even if all programs where closed, when using Chrome I was getting redirects to Ebay and Facebook dislike. I was using AVG and was recommended to change to Avast. Installed Avast and unistalled Chrome and installed Firefox with Adblock Plus. When I use Firefox now there is no background sounds and only twice have I got redirects to other sights, I reinstalled a clean Chrome and as soon as I opened it it started redirecting straight away. Ran a full Avast scan and it reported a Win32:malware-gen warning. Ran an Avast boot scan and got the same warning again in addition to a Win32:Sirefef-PL [Rtk] and Win32:BitCoinMiner-U [PUP] notifications. Moved all infected files to the virus vault. Ran SuperAntiSpyware and TDSSkiller and received no warnings. Sophos Virus Removal tool indicates Troj/Sirefef-AP and when I allow it to clean up and the system reboots it is still there on the next scan. aswMBR indicated the Win32:Sirefef-PL [Rtk] in the Desktop.ini in Windows\assembly\GAC_32 & GAC_64 too. Avast now has popups for URL:Mal every 30 to 90 seconds with between 2 and 23 notifications every time and a steady popup every 4 to 5 minutes for Win32:Malware-gen
Here is the OTL log
OTL logfile created on: 6/21/2012 4:22:54 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\sherrie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.53% Memory free
3.49 Gb Paging File | 1.51 Gb Available in Paging File | 43.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.25 Gb Total Space | 156.69 Gb Free Space | 72.79% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SHERRIE-HP | User Name: sherrie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/21 16:04:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\sherrie\Desktop\OTL.exe
PRC - [2012/06/14 23:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/06 09:14:32 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/23 13:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2011/12/23 13:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/29 08:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/29 02:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/28 20:59:06 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/09/18 00:45:46 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/07/14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
========== Modules (No Company Name) ==========
MOD - [2012/06/15 12:51:08 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 23:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 20:54:20 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
MOD - [2012/06/14 20:54:12 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 20:54:09 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 20:53:56 | 014,342,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\886f12404e2ad6a3f25201a438ab6008\PresentationFramework.ni.dll
MOD - [2012/06/14 20:53:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 20:53:33 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 20:53:29 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\60c5d283ca8aacd7c872723a0e17fd81\PresentationCore.ni.dll
MOD - [2012/05/15 08:50:33 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/15 08:49:28 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/15 08:49:25 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/15 08:49:22 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/15 08:49:19 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/12 13:51:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 10:10:13 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/12 10:10:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/12 10:10:05 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/12 09:56:57 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 09:32:58 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97dccc257e6729c8bc2450a5caf030e5\System.Configuration.ni.dll
MOD - [2012/05/12 09:32:54 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e51b389e6d470d6920df51e7bbee6977\System.Xml.ni.dll
MOD - [2012/05/12 09:28:17 | 003,379,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e710104d87885107738303d313efb006\WindowsBase.ni.dll
MOD - [2012/05/12 09:08:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/29 16:09:05 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/23 13:07:28 | 000,910,840 | ---- | M] () -- C:\Program Files (x86)\Iminent\System.Data.SQLite.dll
MOD - [2011/12/23 13:07:26 | 000,204,280 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Workflow.dll
MOD - [2011/12/23 13:07:26 | 000,067,576 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Windows.dll
MOD - [2011/12/23 13:07:22 | 006,273,016 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll
MOD - [2011/12/23 13:07:22 | 001,524,728 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Services.dll
MOD - [2011/12/23 13:07:22 | 000,587,256 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll
MOD - [2010/11/20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 21:09:20 | 001,698,872 | ---- | M] () -- C:\Users\sherrie\AppData\Roaming\PictureMover\EN-GB\Presentation.dll
MOD - [2010/09/28 20:59:20 | 012,286,008 | ---- | M] () -- C:\Users\sherrie\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/08/16 22:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/16 22:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/16 22:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/06/06 09:14:32 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/05/31 16:52:58 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/09/30 07:49:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 22:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/25 00:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/06/14 23:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/07 13:34:52 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86)
SRV - [2011/05/31 16:57:28 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/31 16:52:50 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/09/29 02:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/18 00:45:46 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/30 09:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/30 07:13:38 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/29 08:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/27 05:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/13 19:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/17 14:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/05/15 03:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 03:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/04/29 14:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/03/23 02:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/02/24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 DA 03 0B 00 00 00 E9 B0 55 40 01 00 00 80 06 00 DA 03 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzu...q={SearchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8wsT9kJD&i=26
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/06/19 11:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/19 11:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/20 13:32:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/20 10:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/06/20 10:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sherrie\AppData\Roaming\Mozilla\Extensions
[2012/06/19 11:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sherrie\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/06/21 10:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sherrie\AppData\Roaming\Mozilla\Firefox\Profiles\05bj9t5i.default\extensions
[2012/06/20 10:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/19 12:26:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/04/17 21:54:54 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/06/20 13:32:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/20 10:14:18 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SHERRIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05BJ9T5I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/14 23:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 23:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/06/14 23:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1036A8EF-95C9-478D-A098-7D8AFE1ABC88}: DhcpNameServer = 40.7.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE4F408B-CD19-4F79-9CAC-145B200A757F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/16 02:07:53 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{a751ca87-ccf5-11e0-b3b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a751ca87-ccf5-11e0-b3b5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007/12/18 11:29:19 | 004,657,152 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/21 16:04:13 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\sherrie\Desktop\OTL.exe
[2012/06/21 15:08:25 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{8D1EFCD3-E0F2-4730-972C-4F47F2B00602}
[2012/06/21 15:08:08 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{A074EA59-36CE-4293-8B31-857D92C878A3}
[2012/06/21 11:13:20 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{10EF0F98-6F35-4F30-855F-8B6DE88CA5C0}
[2012/06/21 10:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/06/21 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\sherrie\Documents\Simply Super Software
[2012/06/21 10:48:52 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{F9730895-DEC0-4713-9DEA-5B36F6550122}
[2012/06/21 10:48:38 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{1712CE2F-E66B-4A02-BC3B-DD24D6E0297A}
[2012/06/21 10:07:20 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/21 10:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/21 10:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/21 10:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/20 21:11:20 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\sherrie\Desktop\TDSSKiller.exe
[2012/06/20 18:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2012/06/20 18:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeBest
[2012/06/20 18:22:45 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VeBest
[2012/06/20 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VeBest
[2012/06/20 18:03:04 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\sherrie\Desktop\aswMBR.exe
[2012/06/20 17:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/06/20 17:56:07 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/06/20 17:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/06/20 13:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/20 13:33:39 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/20 13:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/20 13:33:38 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/20 13:33:31 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/20 13:33:30 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/20 13:33:28 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/20 13:33:25 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/20 13:33:25 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/20 13:32:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/20 13:32:03 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/20 13:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/20 13:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/20 10:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/06/20 10:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/20 10:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/20 08:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/20 08:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/20 07:42:52 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{BA3AA6B0-8D3B-49E7-A951-58D035F9A5A7}
[2012/06/20 07:42:38 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{79ED38C0-65B8-4821-BE51-5EE747294F70}
[2012/06/20 07:23:43 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{1C3D0C9F-FFDF-43A2-9B79-28868980E389}
[2012/06/20 06:57:50 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\Simply Super Software
[2012/06/19 20:25:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/19 19:23:14 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{4E40DB31-C5CB-4B34-9FE5-DC9E6C9560D4}
[2012/06/19 19:23:03 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{6DAB27E7-8144-4980-8C2F-A004CE6CA1F9}
[2012/06/19 17:55:04 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\Malwarebytes
[2012/06/19 17:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/19 17:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/19 17:54:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/19 17:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/19 12:48:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/19 12:37:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/19 12:26:18 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\Babylon
[2012/06/19 12:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/06/19 12:26:12 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\YourFileDownloader
[2012/06/19 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012/06/19 11:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/06/19 11:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/19 11:57:32 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Roaming\Mozilla
[2012/06/19 11:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/06/19 07:20:39 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{A03ECD7D-5222-4B1E-9F61-A7E41D0C70A5}
[2012/06/16 20:45:58 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{064F12FD-2CC2-41CB-8A65-77DE1B7F34FF}
[2012/06/14 20:48:20 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{40072929-5CCB-433D-B974-7EB31AC44CA9}
[2012/06/14 20:48:04 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{B341ACF7-29D5-45D0-B513-14648B60B725}
[2012/06/10 11:22:14 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{82F68819-DAB0-4EA5-A459-F9BECBA32CEB}
[2012/06/10 11:21:18 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{06EA9475-E870-4237-9E74-7F66C9FE094F}
[2012/06/09 23:19:15 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{891179FA-8FB6-4AF8-906B-C5DA24A5A98E}
[2012/06/09 23:18:50 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{87F9A5B1-1D62-4802-B988-401211D3AD93}
[2012/06/07 10:41:02 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{B85921EF-80E1-4A9F-A9FD-F184D7B8D090}
[2012/06/07 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{99CA2E86-2E54-4D3E-8070-0924C810E59B}
[2012/06/06 13:25:53 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\WinZip
[2012/06/06 13:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/06/06 13:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/06/06 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012/06/06 13:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AAA Logo 2010
[2012/06/06 13:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AAALOGO2010
[2012/06/03 20:21:18 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{6B665B51-F325-423D-A168-B8822DB9FD77}
[2012/06/03 20:21:03 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{17492795-0824-4EB3-98C2-6E0697F4D131}
[2012/06/01 14:53:06 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/01 14:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/01 13:32:20 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{9D8A5E55-7CA6-45B7-9958-66243E6BD667}
[2012/06/01 07:57:52 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{7876AE67-C1D3-41F9-AF07-7DC4A6BEA947}
[2012/05/30 12:28:25 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{19EB2E75-07D8-464F-B2C2-58FFC57C6A13}
[2012/05/30 11:42:18 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{D243C335-6366-44B3-B2C8-2AD0388F211C}
[2012/05/28 08:09:32 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{02018B17-821E-4A83-8882-AD012D08D0AD}
[2012/05/27 15:13:33 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{6532993F-1FEC-40E9-B99E-2560438A82F3}
[2012/05/26 22:16:27 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{C0124D4F-7A64-46C6-BEA7-39E17DE5D2FE}
[2012/05/26 08:29:25 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{DA04F638-6994-42F8-80C4-D613764A5B1C}
[2012/05/25 19:13:44 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{91A1C031-CDAC-4686-B7EA-AAF5F7B3490B}
[2012/05/25 10:09:33 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{B01FECDD-65A1-4341-8096-49041D5A9ECC}
[2012/05/23 14:49:29 | 000,000,000 | ---D | C] -- C:\Users\sherrie\AppData\Local\{148E9D15-961D-4FB4-B605-A24783AE6510}
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\sherrie\Desktop\*.tmp files -> C:\Users\sherrie\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/21 16:04:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\sherrie\Desktop\OTL.exe
[2012/06/21 15:15:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 15:15:37 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 15:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 13:42:22 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 13:19:44 | 000,000,512 | ---- | M] () -- C:\Users\sherrie\Desktop\MBR.dat
[2012/06/21 10:07:10 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/20 21:11:20 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\sherrie\Desktop\TDSSKiller.exe
[2012/06/20 18:57:28 | 000,000,175 | ---- | M] () -- C:\Users\sherrie\AppData\Local\vbnum5.cfg
[2012/06/20 18:22:48 | 000,001,108 | ---- | M] () -- C:\Users\sherrie\Desktop\VeBest Numerology.lnk
[2012/06/20 18:03:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\sherrie\Desktop\aswMBR.exe
[2012/06/20 17:56:07 | 000,003,215 | ---- | M] () -- C:\Users\sherrie\Desktop\Sophos Virus Removal Tool.lnk
[2012/06/20 13:33:40 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/20 13:33:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/20 10:31:25 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/06/20 10:09:05 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/19 12:26:52 | 000,000,697 | ---- | M] () -- C:\user.js
[2012/06/19 12:00:18 | 000,000,076 | -H-- | M] () -- C:\Windows\argsys.gid
[2012/06/14 20:46:30 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 20:29:04 | 000,746,850 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 20:29:04 | 000,625,454 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 20:29:04 | 000,110,834 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 14:39:45 | 000,000,538 | ---- | M] () -- C:\Users\sherrie\Desktop\Hotstixxx logo.al8
[2012/06/13 14:39:09 | 000,000,547 | ---- | M] () -- C:\Users\sherrie\Desktop\Hotstixxx2 logo.al8
[2012/06/06 14:00:28 | 000,000,928 | ---- | M] () -- C:\Users\sherrie\Documents\LogoXXX.al8
[2012/06/06 13:55:02 | 000,023,708 | ---- | M] () -- C:\Users\sherrie\Documents\Logo2.png
[2012/06/06 13:48:49 | 000,023,197 | ---- | M] () -- C:\Users\sherrie\Documents\Logo1.png
[2012/06/06 13:48:16 | 000,018,612 | ---- | M] () -- C:\Users\sherrie\Documents\Logo1.2.jpg
[2012/06/06 13:46:09 | 000,019,664 | ---- | M] () -- C:\Users\sherrie\Documents\Logo1.1.jpg
[2012/06/06 13:38:21 | 000,020,053 | ---- | M] () -- C:\Users\sherrie\Documents\Logo1.jpg
[2012/06/06 13:19:19 | 000,000,963 | ---- | M] () -- C:\Users\sherrie\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2010.lnk
[2012/06/06 13:19:19 | 000,000,939 | ---- | M] () -- C:\Users\sherrie\Desktop\AAA Logo 2010.lnk
[2012/06/05 10:47:05 | 000,031,057 | ---- | M] () -- C:\Users\sherrie\Desktop\seeing-the-light.jpg
[2012/06/05 10:44:34 | 000,035,986 | ---- | M] () -- C:\Users\sherrie\Desktop\lamebook.odt
[2012/05/27 21:13:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSHERRIE-HP$.job
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\sherrie\Desktop\*.tmp files -> C:\Users\sherrie\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/21 15:06:36 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{6df6d855-b8c5-a8ac-b497-7724617ee9a7}\U\00000008.@
[2012/06/21 15:06:33 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{6df6d855-b8c5-a8ac-b497-7724617ee9a7}\U\80000000.@
[2012/06/21 13:19:44 | 000,000,512 | ---- | C] () -- C:\Users\sherrie\Desktop\MBR.dat
[2012/06/21 10:07:10 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/21 10:05:20 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{6df6d855-b8c5-a8ac-b497-7724617ee9a7}\U\80000032.@
[2012/06/20 18:28:30 | 000,000,175 | ---- | C] () -- C:\Users\sherrie\AppData\Local\vbnum5.cfg
[2012/06/20 18:22:48 | 000,001,108 | ---- | C] () -- C:\Users\sherrie\Desktop\VeBest Numerology.lnk
[2012/06/20 17:56:07 | 000,003,215 | ---- | C] () -- C:\Users\sherrie\Desktop\Sophos Virus Removal Tool.lnk
[2012/06/20 13:33:40 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/20 13:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/20 10:31:25 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/06/20 10:31:25 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/06/20 10:09:05 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/20 10:09:03 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/20 06:57:52 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar3.dll
[2012/06/20 06:57:52 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/06/19 12:37:01 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{6df6d855-b8c5-a8ac-b497-7724617ee9a7}\L\00000004.@
[2012/06/19 12:36:58 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{6df6d855-b8c5-a8ac-b497-7724617ee9a7}\U\00000004.@
[2012/06/19 12:36:58 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{6df6d855-b8c5-a8ac-b497-7724617ee9a7}\U\000000cb.@
[2012/06/19 12:00:18 | 000,000,076 | -H-- | C] () -- C:\Windows\argsys.gid
[2012/06/19 11:58:26 | 000,000,697 | ---- | C] () -- C:\user.js
[2012/06/13 11:31:03 | 000,000,547 | ---- | C] () -- C:\Users\sherrie\Desktop\Hotstixxx2 logo.al8
[2012/06/13 10:37:50 | 000,000,538 | ---- | C] () -- C:\Users\sherrie\Desktop\Hotstixxx logo.al8
[2012/06/06 13:56:39 | 000,000,928 | ---- | C] () -- C:\Users\sherrie\Documents\LogoXXX.al8
[2012/06/06 13:55:02 | 000,023,708 | ---- | C] () -- C:\Users\sherrie\Documents\Logo2.png
[2012/06/06 13:48:49 | 000,023,197 | ---- | C] () -- C:\Users\sherrie\Documents\Logo1.png
[2012/06/06 13:39:55 | 000,018,612 | ---- | C] () -- C:\Users\sherrie\Documents\Logo1.2.jpg
[2012/06/06 13:39:30 | 000,019,664 | ---- | C] () -- C:\Users\sherrie\Documents\Logo1.1.jpg
[2012/06/06 13:34:16 | 000,020,053 | ---- | C] () -- C:\Users\sherrie\Documents\Logo1.jpg
[2012/06/06 13:19:19 | 000,000,963 | ---- | C] () -- C:\Users\sherrie\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2010.lnk
[2012/06/06 13:19:19 | 000,000,939 | ---- | C] () -- C:\Users\sherrie\Desktop\AAA Logo 2010.lnk
[2012/06/05 10:47:19 | 000,031,057 | ---- | C] () -- C:\Users\sherrie\Desktop\seeing-the-light.jpg
[2012/06/05 10:44:32 | 000,035,986 | ---- | C] () -- C:\Users\sherrie\Desktop\lamebook.odt
[2012/01/11 17:37:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{6df6d855-b8c5-a8ac-b497-7724617ee9a7}\@
[2011/11/14 01:50:34 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/20 13:06:32 | 000,748,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/28 09:45:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/28 09:37:58 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/28 09:37:58 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/11/28 09:35:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/19 13:27:11 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/10/19 13:19:13 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 19:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
========== LOP Check ==========
[2012/06/19 12:26:18 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\Babylon
[2012/04/17 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\Iminent
[2011/09/07 13:20:11 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\IObit
[2011/08/22 12:49:43 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\PictureMover
[2012/06/21 10:51:26 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\Simply Super Software
[2012/06/21 13:40:42 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\SoftGrid Client
[2011/09/20 13:08:02 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\TP
[2011/09/07 13:34:15 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\TuneUp Software
[2012/06/08 13:28:45 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\uTorrent
[2011/11/04 13:46:33 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\Windows Live Writer
[2012/06/19 12:26:12 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\YourFileDownloader
[2011/10/26 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\sherrie\AppData\Roaming\_MDLogs
[2012/04/25 19:13:20 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 756 bytes -> C:\Users\sherrie\Desktop\My CV.eml:OECustomProperty
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9
< End of report >
Many thanks
Tristan