dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1550
share rss forum feed


Cariad
Logo Queen
Premium,ExMod 2001-03
join:2000-07-02
Staten Island, NY

[Malware] Malicious URL

Not sure I need assistance yet so don't want to post logs that you might not need.

Avast is popping up Mal:url, process - c:windows/explorere.exe URL alerts the minute I open a browser. I've ran a full system scan with avast and it tells me I'm clean as does superantispy, adware and malwarebytes.

Sigh, I have to be infected somewhere right? I should just go ahead and start the steps.


CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
Yep


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
reply to Cariad
said by Cariad:

I should just go ahead and start the steps.

Absolutely - for peace of mind, I would have LPP review.
Just add them here when you've completed them


Cariad
Logo Queen
Premium,ExMod 2001-03
join:2000-07-02
Staten Island, NY
so everything came up clean again
mbam log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Lab20 :: LAB20-PC [administrator]

2/28/2012 9:36:41 AM
mbam-log-2012-02-28 (09-36-41).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274605
Time elapsed: 24 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL.txt
OTL logfile created on: 2/28/2012 10:16:10 AM - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Lab20\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.21 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 62.93% Memory free
6.43 Gb Paging File | 4.97 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.90 Gb Total Space | 246.14 Gb Free Space | 85.79% Space Free | Partition Type: NTFS
Drive F: | 959.22 Mb Total Space | 826.06 Mb Free Space | 86.12% Space Free | Partition Type: FAT

Computer Name: LAB20-PC | User Name: Lab20 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/28 10:02:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Lab20\Desktop\OTL.exe
PRC - [2012/02/23 11:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/23 11:23:20 | 000,131,288 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/03 17:37:48 | 000,109,056 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/03 08:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 00:16:37 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/07/13 20:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/23 14:28:32 | 009,800,560 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2011/06/23 14:28:28 | 004,860,784 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Marker.exe
PRC - [2011/06/23 14:28:28 | 001,825,136 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Aware.exe
PRC - [2011/06/22 08:44:24 | 000,485,232 | ---- | M] (SMART Technologies ULC.) -- C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
PRC - [2011/03/08 16:52:08 | 000,227,328 | ---- | M] (Dell Computer Corporation) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 11:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/07/05 13:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2010/07/05 13:37:28 | 000,017,920 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2010/06/29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2010/06/25 13:13:18 | 001,099,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2010/06/22 13:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2010/06/22 13:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2009/08/26 12:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/07/15 17:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/05/15 19:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2007/05/29 20:39:52 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHGLDCS.EXE

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/02/15 03:50:14 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 03:50:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 03:49:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/20 07:34:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 08:37:25 | 002,996,648 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.xqilla.vc100.2.1_9ca15c999435ee05_1.0.1.0_none_1bed22ac92abf495\xqilla21.dll
MOD - [2011/09/27 07:34:02 | 000,066,976 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_none_a9eddec61c291613\zlib1-vc100-mt-1.2.dll
MOD - [2011/09/27 07:33:58 | 002,310,056 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_none_abdcef110f80cf28\redland-vc100-1_0_9.dll
MOD - [2011/09/27 07:33:47 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:45 | 000,022,440 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:43 | 000,053,680 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_signals.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_8ce60f5e6bc42419\boost_signals-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:42 | 000,145,328 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:39 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2011/06/22 08:19:28 | 000,070,656 | ---- | M] () -- C:\Program Files\SMART Technologies\Education Software\libLogger-vc100-2_0.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/23 11:23:20 | 000,131,288 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/03 17:37:48 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2011/09/07 10:19:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/03 08:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/03 16:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/07/05 13:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2010/06/22 13:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 13:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/07/15 17:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/29 20:39:52 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\OPHGLDCS.EXE -- (OKI OPHG DCS Loader)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/02/23 11:13:00 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 11:12:01 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/02/23 11:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/02/23 11:10:59 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 11:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 10:54:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 20:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011/07/13 20:17:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2011/07/13 20:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/04/25 00:11:26 | 000,066,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\crazyremote.sys -- (vhidmini)
DRV - [2010/12/02 16:35:58 | 000,349,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/03 10:39:22 | 000,088,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2010/05/10 23:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 23:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 22:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2009/11/16 18:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/15 17:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 17:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/06 14:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://ame.bascom.net/proxy.pac

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.autoconfig_url: "http://ame.bascom.net/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lab20\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lab20\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/01/23 12:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 08:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/27 10:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/14 11:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/05 08:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lab20\AppData\Roaming\Mozilla\Extensions
[2012/02/14 11:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lab20\AppData\Roaming\Mozilla\Firefox\Profiles\9czx87s5.default\extensions
[2012/02/14 11:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/27 10:52:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\LAB20\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9CZX87S5.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/02/14 11:51:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/14 11:51:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 11:51:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: AVG Safe Search = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SMART Sync) - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SMARTClassroomCoordinator.exe] C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe (SMART Technologies ULC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Lab20\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0D511A6-BABC-4B06-B5E6-E2B6E7C4A1D9}: NameServer = 172.16.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/28 10:02:56 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Lab20\Desktop\OTL.exe
[2012/02/28 09:15:16 | 000,000,000 | ---D | C] -- C:\Users\Lab20\Documents\sec
[2012/02/28 03:03:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/27 10:52:49 | 000,112,984 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/27 10:52:38 | 000,196,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/27 10:52:38 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/27 10:52:38 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/27 10:52:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/27 10:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/02/27 10:05:12 | 000,000,000 | ---D | C] -- C:\Users\Lab20\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/27 10:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/27 10:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/27 10:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/27 09:52:30 | 000,000,000 | ---D | C] -- C:\Users\Lab20\AppData\Roaming\Malwarebytes
[2012/02/27 09:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/27 09:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/16 11:21:13 | 006,288,880 | ---- | C] (Macrovision Corporation) -- C:\Users\Lab20\Desktop\C34GDIV8EA.exe
[2012/02/15 03:00:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:00:43 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:00:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:00:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:00:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:00:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 23:12:14 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/14 23:12:00 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/07 12:59:46 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/07 12:59:45 | 000,337,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/07 12:59:40 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/07 12:59:39 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/07 12:59:38 | 000,610,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/07 12:59:37 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/07 12:59:25 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/07 12:59:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/07 12:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/07 12:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/28 10:13:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 10:02:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Lab20\Desktop\OTL.exe
[2012/02/28 09:50:56 | 000,671,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/28 09:50:56 | 000,124,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/28 09:29:45 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 09:29:26 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 09:29:26 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 09:28:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917816277-2301944540-3967082003-1000UA.job
[2012/02/28 09:27:38 | 090,307,428 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/28 09:22:36 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/02/28 09:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/28 09:22:00 | 2588,639,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 16:28:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917816277-2301944540-3967082003-1000Core.job
[2012/02/27 10:52:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/27 10:51:17 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/27 10:48:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/27 10:04:46 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 09:52:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 09:29:40 | 000,002,405 | ---- | M] () -- C:\Users\Lab20\Desktop\Google Chrome.lnk
[2012/02/23 11:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 11:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 11:13:00 | 000,112,984 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 11:12:01 | 000,196,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/23 11:11:24 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/23 11:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 11:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 10:54:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/16 10:16:18 | 000,810,496 | ---- | M] () -- C:\Users\Lab20\Desktop\logo.pub
[2012/02/15 12:01:46 | 006,288,880 | ---- | M] (Macrovision Corporation) -- C:\Users\Lab20\Desktop\C34GDIV8EA.exe
[2012/02/15 03:48:54 | 000,426,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/13 17:14:29 | 000,127,828 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/09 09:40:18 | 000,042,556 | ---- | M] () -- C:\Users\Lab20\Desktop\school.gif
[2012/02/06 11:33:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/01 08:05:51 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/27 10:51:17 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/27 10:04:46 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 09:52:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 11:21:09 | 000,810,496 | ---- | C] () -- C:\Users\Lab20\Desktop\logo.pub
[2012/02/09 09:40:24 | 000,042,556 | ---- | C] () -- C:\Users\Lab20\Desktop\school.gif
[2012/02/06 11:33:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/06 11:33:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/27 08:27:12 | 000,066,432 | ---- | C] () -- C:\Windows\System32\drivers\crazyremote.sys
[2011/07/29 00:12:38 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/07/29 00:12:37 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/07/29 00:12:37 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/07/29 00:12:37 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/07/29 00:12:37 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/07/28 22:35:18 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/01 15:56:28 | 000,087,040 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/10/01 15:56:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/10/01 15:56:26 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/10/01 15:56:24 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/10/01 15:56:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/10/01 15:56:20 | 000,088,064 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/10/01 15:56:16 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/10/01 15:56:14 | 000,084,480 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/10/01 15:56:12 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/10/01 15:56:10 | 000,095,744 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/10/01 15:56:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/10/01 15:56:08 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/10/01 15:56:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/10/01 15:56:06 | 000,074,240 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/10/01 15:56:04 | 000,090,624 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/10/01 15:56:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/10/01 15:56:00 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/10/01 15:56:00 | 000,092,160 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/10/01 15:55:58 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/10/01 15:55:56 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/10/01 15:55:56 | 000,078,848 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/10/01 15:55:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/10/01 15:55:52 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/10/01 15:55:50 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/10/01 15:55:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/10/01 15:55:46 | 000,094,720 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/10/01 15:55:44 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2010/09/30 08:49:10 | 000,012,800 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/08/19 17:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012/01/23 12:45:04 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\AVG2012
[2011/10/31 08:50:31 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\Doceri Desktop
[2011/09/07 08:48:35 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\IrfanView
[2012/01/05 13:26:08 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\OPHG
[2011/10/20 08:47:57 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\SMART Technologies
[2011/09/06 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\SMART Technologies Inc
[2011/10/27 09:25:05 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\TightVNC
[2011/09/09 06:53:13 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\Windows Live Writer
[2009/07/13 23:53:46 | 000,017,412 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

No extras file was generated and I did it twice, perhaps you can advise on that.

checkup.txt

Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]

Windows Firewall Disabled!
avast! Internet Security
AVG 2012
Trend Micro Client/Server Security Agent
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]

SUPERAntiSpyware
Java(TM) 6 Update 30
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]

AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Trend Micro OfficeScan Client pccntmon.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
Trend Micro Client Server Security Agent ntrtscan.exe
Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe
Trend Micro Client Server Security Agent TmPfw.exe
Trend Micro Client Server Security Agent CNTAoSMgr.exe
Trend Micro Client Server Security Agent TmProxy.exe
``````````End of Log````````````

No log was generated by the online antivirus scan either, that came up clean. I ran ESET


Cariad
Logo Queen
Premium,ExMod 2001-03
join:2000-07-02
Staten Island, NY
downloadbit defender.txt 97,159 bytes
ran bit defender online scan and attached those logs


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to Cariad
I don't see any signs of infection.

I would report it to Avast and let them deal with it!

Note:
In your original post you stated:
"Avast is popping up Mal:url, process - c:windows/explorere
.exe URL alerts the minute I open a browser."

The bold face is mine and I am assuming the extra 'e' on explorer was a typo. The correct file name is explorer.exe.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


Cariad
Logo Queen
Premium,ExMod 2001-03
join:2000-07-02
Staten Island, NY
Yes, typo explorer.
Thanks for looking.

I'll report it to avast and see what they say. In the mean time I'll have to disable it and use avg as the pop ups are pretty much non stop.