DLW0193

I have my DNS records setup in ENom to forward CumberlandDanceWeek.org to a Google Site (http://sites.google.com/a/cumberlanddanceweek.org/camp/home). MB is blocking 98.124.199.1 when I try to go to CumberlandDanceWeek.org, thereby preventing the URL forwarding to the correct Site (the Google Site URL works fine). This seems to be a root Enom IP address. Any ideas? Thanks, Darrell

Hey Miekie. Sorry for the delay. I didn't see your reply. Kaseya is part of my IT consultant's software and I can't disable it. I went ahead and purchased MWB and uninstalled Webroot. I still get the same detections. I think it's safe to assume that Kayesa is the culprit. Thanks for your help. Darrell

Thanks for the fast reply. I'm def running another AV (Webroot) so that's probably the issue. (I ran the MWB scan after I had trouble reinstalling Webroot) DDS (Ver_10-03-17.01) - NTFSx86 Run by DLW at 9:47:10.32 on Mon 05/03/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2223 [GMT -4:00] AV: Webroot Internet Security Essentials *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597} FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kaseya\Agent\AgentMon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Novosoft\Handy Backup 6.5.2\BackupNetworkCoordinator.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Kaseya\Agent\KaUsrTsk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\SugarSync\SugarSyncManager.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Novosoft\Handy Backup 6.5.2\hbagent.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Bug Shooting\BugShooting.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Shockwave.com\Virtual Villagers\Virtual Villagers.exe C:\Program Files\Shockwave.com\Virtual Villagers\product\VirtualVillagers.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dlw\Desktop\dds.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [Google Update] "c:\documents and settings\dlw\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [MmDesignPartner.exe] "c:\program files\mindjet\mindmanager 8\MmDesignPartner.exe" uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ooVoo.exe] "c:\program files\oovoo\oovoo.exe" /minimized uRun: [Handy Backup] "c:\program files\novosoft\handy backup 6.5.2\hbagent.exe" -logon mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet mRun: [NVHotkey] "c:\windows\system32\rundll32.exe" nvHotkey.dll,Start mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [sigmatelSysTrayApp] "c:\program files\sigmatel\c-major audio\wdm\stsystra.exe" mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [synchronization Manager] "c:\windows\system32\mobsync.exe" /logon mRun: [Apoint] "c:\program files\delltpad\Apoint.exe" mRun: [iTSecMng] "c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe" /START mRun: [Logitech Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [MMReminderService] "c:\program files\mindjet\mindmanager 8\MMReminderService.exe" mRun: [KASHXGNLC961543680833358] "c:\program files\kaseya\agent\KaUsrTsk.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [spySweeper] c:\program files\webroot\webrootsecurity\SpySweeperUI.exe /startintray mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [TSC] "c:\docume~1\dlw\locals~1\temp\housecall\tsc.exe" /HD StartupFolder: c:\docume~1\dlw\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bugsho~1.lnk - c:\program files\bug shooting\BugShooting.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe uPolicies-explorer: DisablePersonalDirChange = 1 (0x1) mPolicies-explorer: NoWelcomeScreen = 1 (0x1) IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxps://69.15.78.50/ConnectComputer/nshelp.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229611647046 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229611729203 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dlw\applic~1\mozilla\firefox\profiles\5oaj8zh8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rlz=1R0GGGL_en FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - plugin: c:\documents and settings\dlw\application data\mozilla\firefox\profiles\5oaj8zh8.default\extensions\{0ffcc8d1-8198-4b2f-9a96-2b4d4a65ecc9}\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\documents and settings\dlw\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\dlw\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808] R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2009-2-27 108880] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336] R2 KAXGNLC961543680833358;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2008-12-18 806912] R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;c:\program files\novosoft\handy backup 6.5.2\BackupNetworkCoordinator.exe [2010-3-26 31928] R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-6-12 80384] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2008-12-18 1201640] R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2008-12-18 13824] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-18 38224] R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-1-21 9472] S0 cerc6;cerc6; [x] S2 gupdate1c9873a4eecea84;Google Update Service (gupdate1c9873a4eecea84);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104] S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys --> c:\windows\system32\drivers\easytthr.sys [?] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-10 30192] ============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ 2010-05-02 18:41:03 0 d-----w- c:\program files\Shockwave.com 2010-05-01 20:56:52 2388 ----a-w- c:\windows\DCEBOOT.CFG 2010-05-01 20:56:52 10752 ----a-w- c:\windows\DCEBoot.exe 2010-04-23 18:03:44 0 d-----w- c:\program files\MobileFrame 2010-04-22 21:41:29 0 d-----w- c:\program files\VirusTotalUploader2 2010-04-22 19:24:50 0 d-----w- c:\documents and settings\dlw\Tracing 2010-04-22 19:23:35 82696 ----a-w- c:\windows\system32\lmdimon8.dll 2010-04-22 19:22:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications 2010-04-09 23:08:18 69 ----a-w- c:\windows\system32\BD9420CN.DAT 2010-04-09 16:21:11 0 d-----w- c:\program files\common files\Akamai 2010-04-08 00:30:59 0 d-----w- c:\program files\iPod 2010-04-08 00:30:50 0 d-----w- c:\program files\iTunes 2010-04-08 00:30:50 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-08 00:19:12 0 d-----w- c:\program files\Bonjour ==================== Find3M ==================== 2010-05-03 03:10:35 181931 ----a-w- c:\windows\system32\nvModes.dat 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-17 17:37:32 4199784 ----a-w- c:\windows\system32\cdintf400.dll 2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2009-10-14 04:55:54 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat ============= FINISH: 9:47:42.08 ===============

The last two scans have detected 110 instances of ave.exe. They all seem to be associated with profile directories even though some of the directories don't exist (i.e., AppData). I'm not getting any fakeAV pop-ups (which is what I think ave.exe should do.) Anyway, here's the logfile. Thanks! Darrell Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4059 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/3/2010 8:36:01 AM mbam-log-2010-05-03 (08-36-01).txt Scan type: Full scan (C:\|E:\|M:\|) Objects scanned: 645503 Time elapsed: 18 hour(s), 57 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 110 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\Default User\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\dlw\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\LocalService\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\NetworkService\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\x_halo\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\xogent\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\WINDOWS\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147] C:\Documents and Settings\Administrator\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\Default User\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\dlw\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\LocalService\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\NetworkService\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\x_halo\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\xogent\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\WINDOWS\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B] C:\Documents and Settings\Administrator\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\All Users\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\Default User\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\dlw\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\LocalService\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\NetworkService\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\x_halo\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\xogent\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\WINDOWS\system32\config\systemprofile\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D] C:\Documents and Settings\Administrator\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\All Users\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\Default User\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\dlw\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\LocalService\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\NetworkService\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\x_halo\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\xogent\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\WINDOWS\system32\config\systemprofile\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C] C:\Documents and Settings\Administrator\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\All Users\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\Default User\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\dlw\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\LocalService\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\NetworkService\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\x_halo\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\xogent\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC] C:\Documents and Settings\All Users\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\dlw\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\Administrator\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\Default User\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\LocalService\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\NetworkService\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\x_halo\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\xogent\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\WINDOWS\system32\config\systemprofile\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33] C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\All Users\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\Default User\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\dlw\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\x_halo\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\xogent\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613] C:\Documents and Settings\Administrator\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\All Users\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\Default User\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\dlw\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\LocalService\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\NetworkService\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\x_halo\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\xogent\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\WINDOWS\system32\config\systemprofile\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\dlw\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\Default User\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\LocalService\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\NetworkService\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\x_halo\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\xogent\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE] C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\dlw\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\x_halo\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\xogent\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B] C:\Documents and Settings\All Users\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\dlw\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\Administrator\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\Default User\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\LocalService\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\NetworkService\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\x_halo\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\Documents and Settings\xogent\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A] C:\WINDOWS\system32\config\systemprofile\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]