Re: [Malware] Malicious URL

Tue, 28 Feb 2012 11:28:01 EDT

Cariad posted : so everything came up clean again
mbam log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Lab20 :: LAB20-PC [administrator]

2/28/2012 9:36:41 AM
mbam-log-2012-02-28 (09-36-41).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274605
Time elapsed: 24 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL.txt
OTL logfile created on: 2/28/2012 10:16:10 AM - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Lab20\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.21 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 62.93% Memory free
6.43 Gb Paging File | 4.97 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.90 Gb Total Space | 246.14 Gb Free Space | 85.79% Space Free | Partition Type: NTFS
Drive F: | 959.22 Mb Total Space | 826.06 Mb Free Space | 86.12% Space Free | Partition Type: FAT

Computer Name: LAB20-PC | User Name: Lab20 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/28 10:02:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Lab20\Desktop\OTL.exe
PRC - [2012/02/23 11:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/23 11:23:20 | 000,131,288 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/03 17:37:48 | 000,109,056 | ---- | M] () -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/03 08:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 00:16:37 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/07/13 20:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/23 14:28:32 | 009,800,560 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2011/06/23 14:28:28 | 004,860,784 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Marker.exe
PRC - [2011/06/23 14:28:28 | 001,825,136 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\Aware.exe
PRC - [2011/06/22 08:44:24 | 000,485,232 | ---- | M] (SMART Technologies ULC.) -- C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
PRC - [2011/03/08 16:52:08 | 000,227,328 | ---- | M] (Dell Computer Corporation) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 11:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/07/05 13:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2010/07/05 13:37:28 | 000,017,920 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2010/06/29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2010/06/25 13:13:18 | 001,099,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2010/06/22 13:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2010/06/22 13:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2009/08/26 12:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/07/15 17:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/05/15 19:44:06 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2007/05/29 20:39:52 | 000,024,576 | ---- | M] (Oki Data Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHGLDCS.EXE

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/02/15 03:50:14 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 03:50:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 03:49:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/20 07:34:17 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 08:37:25 | 002,996,648 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.xqilla.vc100.2.1_9ca15c999435ee05_1.0.1.0_none_1bed22ac92abf495\xqilla21.dll
MOD - [2011/09/27 07:34:02 | 000,066,976 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_none_a9eddec61c291613\zlib1-vc100-mt-1.2.dll
MOD - [2011/09/27 07:33:58 | 002,310,056 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_none_abdcef110f80cf28\redland-vc100-1_0_9.dll
MOD - [2011/09/27 07:33:47 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:45 | 000,022,440 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:43 | 000,053,680 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_signals.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_8ce60f5e6bc42419\boost_signals-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:42 | 000,145,328 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
MOD - [2011/09/27 07:33:39 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2011/06/22 08:19:28 | 000,070,656 | ---- | M] () -- C:\Program Files\SMART Technologies\Education Software\libLogger-vc100-2_0.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2012/02/23 11:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/23 11:23:20 | 000,131,288 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/03 17:37:48 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2011/09/07 10:19:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/03 08:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/03 16:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/07/05 13:37:32 | 000,045,056 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2010/06/29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2010/06/22 13:27:38 | 001,358,160 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2010/06/22 13:18:46 | 001,323,912 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/07/15 17:39:06 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/07/15 17:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/29 20:39:52 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\OPHGLDCS.EXE -- (OKI OPHG DCS Loader)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/02/23 11:13:00 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 11:12:01 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/02/23 11:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/02/23 11:10:59 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 11:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 10:54:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 20:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011/07/13 20:17:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2011/07/13 20:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/04/25 00:11:26 | 000,066,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\crazyremote.sys -- (vhidmini)
DRV - [2010/12/02 16:35:58 | 000,349,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/03 10:39:22 | 000,088,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2010/05/10 23:03:32 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2010/05/10 23:02:44 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/05/10 22:41:54 | 001,322,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2009/11/16 18:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/15 17:38:14 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2009/07/15 17:38:04 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/07/15 17:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/07/06 14:11:12 | 000,158,224 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = »ame.bascom.net/proxy.pac

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.autoconfig_url: "http://ame.bascom.net/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lab20\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lab20\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012/01/23 12:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 08:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/27 10:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/14 11:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/05 08:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lab20\AppData\Roaming\Mozilla\Extensions
[2012/02/14 11:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lab20\AppData\Roaming\Mozilla\Firefox\Profiles\9czx87s5.default\extensions
[2012/02/14 11:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/27 10:52:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\LAB20\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9CZX87S5.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/02/14 11:51:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/14 11:51:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 11:51:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: AVG Safe Search = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Lab20\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SMART Sync) - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SMARTClassroomCoordinator.exe] C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe (SMART Technologies ULC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Lab20\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} »office.microsoft.com/sites/produ···dc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} »support.dell.com/systemprofiler/···Lite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0D511A6-BABC-4B06-B5E6-E2B6E7C4A1D9}: NameServer = 172.16.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/28 10:02:56 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Lab20\Desktop\OTL.exe
[2012/02/28 09:15:16 | 000,000,000 | ---D | C] -- C:\Users\Lab20\Documents\sec
[2012/02/28 03:03:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/27 10:52:49 | 000,112,984 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/27 10:52:38 | 000,196,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/27 10:52:38 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/27 10:52:38 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/27 10:52:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/27 10:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/02/27 10:05:12 | 000,000,000 | ---D | C] -- C:\Users\Lab20\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/27 10:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/27 10:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/27 10:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/27 09:52:30 | 000,000,000 | ---D | C] -- C:\Users\Lab20\AppData\Roaming\Malwarebytes
[2012/02/27 09:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/27 09:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/16 11:21:13 | 006,288,880 | ---- | C] (Macrovision Corporation) -- C:\Users\Lab20\Desktop\C34GDIV8EA.exe
[2012/02/15 03:00:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:00:43 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:00:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:00:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:00:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:00:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 23:12:14 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/14 23:12:00 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/07 12:59:46 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/07 12:59:45 | 000,337,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/07 12:59:40 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/07 12:59:39 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/07 12:59:38 | 000,610,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/07 12:59:37 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/07 12:59:25 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/07 12:59:25 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/07 12:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/07 12:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/28 10:13:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 10:02:51 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Lab20\Desktop\OTL.exe
[2012/02/28 09:50:56 | 000,671,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/28 09:50:56 | 000,124,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/28 09:29:45 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 09:29:26 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 09:29:26 | 000,021,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 09:28:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917816277-2301944540-3967082003-1000UA.job
[2012/02/28 09:27:38 | 090,307,428 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/02/28 09:22:36 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012/02/28 09:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/28 09:22:00 | 2588,639,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 16:28:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917816277-2301944540-3967082003-1000Core.job
[2012/02/27 10:52:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/27 10:51:17 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/27 10:48:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/27 10:04:46 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 09:52:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 09:29:40 | 000,002,405 | ---- | M] () -- C:\Users\Lab20\Desktop\Google Chrome.lnk
[2012/02/23 11:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 11:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 11:13:00 | 000,112,984 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/23 11:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 11:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 11:12:01 | 000,196,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/23 11:11:24 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/23 11:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/23 11:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 11:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 11:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 10:54:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/16 10:16:18 | 000,810,496 | ---- | M] () -- C:\Users\Lab20\Desktop\logo.pub
[2012/02/15 12:01:46 | 006,288,880 | ---- | M] (Macrovision Corporation) -- C:\Users\Lab20\Desktop\C34GDIV8EA.exe
[2012/02/15 03:48:54 | 000,426,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/13 17:14:29 | 000,127,828 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/09 09:40:18 | 000,042,556 | ---- | M] () -- C:\Users\Lab20\Desktop\school.gif
[2012/02/06 11:33:35 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/01 08:05:51 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/27 10:51:17 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/27 10:04:46 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 09:52:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 11:21:09 | 000,810,496 | ---- | C] () -- C:\Users\Lab20\Desktop\logo.pub
[2012/02/09 09:40:24 | 000,042,556 | ---- | C] () -- C:\Users\Lab20\Desktop\school.gif
[2012/02/06 11:33:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/02/06 11:33:35 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/27 08:27:12 | 000,066,432 | ---- | C] () -- C:\Windows\System32\drivers\crazyremote.sys
[2011/07/29 00:12:38 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/07/29 00:12:37 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/07/29 00:12:37 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/07/29 00:12:37 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/07/29 00:12:37 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/07/28 22:35:18 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/01 15:56:28 | 000,087,040 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/10/01 15:56:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/10/01 15:56:26 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/10/01 15:56:24 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/10/01 15:56:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/10/01 15:56:20 | 000,088,064 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/10/01 15:56:18 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/10/01 15:56:16 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/10/01 15:56:14 | 000,084,480 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/10/01 15:56:12 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/10/01 15:56:10 | 000,095,744 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/10/01 15:56:10 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/10/01 15:56:08 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/10/01 15:56:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/10/01 15:56:06 | 000,074,240 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/10/01 15:56:04 | 000,090,624 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/10/01 15:56:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/10/01 15:56:00 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/10/01 15:56:00 | 000,092,160 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/10/01 15:55:58 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/10/01 15:55:56 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/10/01 15:55:56 | 000,078,848 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/10/01 15:55:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/10/01 15:55:52 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/10/01 15:55:50 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/10/01 15:55:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/10/01 15:55:46 | 000,094,720 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/10/01 15:55:44 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2010/09/30 08:49:10 | 000,012,800 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/08/19 17:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012/01/23 12:45:04 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\AVG2012
[2011/10/31 08:50:31 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\Doceri Desktop
[2011/09/07 08:48:35 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\IrfanView
[2012/01/05 13:26:08 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\OPHG
[2011/10/20 08:47:57 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\SMART Technologies
[2011/09/06 09:29:19 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\SMART Technologies Inc
[2011/10/27 09:25:05 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\TightVNC
[2011/09/09 06:53:13 | 000,000,000 | ---D | M] -- C:\Users\Lab20\AppData\Roaming\Windows Live Writer
[2009/07/13 23:53:46 | 000,017,412 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

< End of report >

No extras file was generated and I did it twice, perhaps you can advise on that.

checkup.txt

Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Disabled!
avast! Internet Security
AVG 2012
Trend Micro Client/Server Security Agent
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
SUPERAntiSpyware
Java(TM) 6 Update 30
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Trend Micro OfficeScan Client pccntmon.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
Trend Micro Client Server Security Agent ntrtscan.exe
Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe
Trend Micro Client Server Security Agent tmlisten.exe
Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe
Trend Micro Client Server Security Agent TmPfw.exe
Trend Micro Client Server Security Agent CNTAoSMgr.exe
Trend Micro Client Server Security Agent TmProxy.exe
``````````End of Log````````````

No log was generated by the online antivirus scan either, that came up clean. I ran ESET

Topic '[Malware] Malicious URL' in forum 'Security Cleanup' - dslreports.com

Re: [Malware] Malicious URL

Re: [Malware] Malicious URL

Re: [Malware] Malicious URL

Re: [Malware] Malicious URL

Re: [Malware] Malicious URL

Re: [Malware] Malicious URL

[Malware] Malicious URL