Jump to content

Recommended Posts

The last two scans have detected 110 instances of ave.exe. They all seem to be associated with profile directories even though some of the directories don't exist (i.e., AppData). I'm not getting any fakeAV pop-ups (which is what I think ave.exe should do.) Anyway, here's the logfile. Thanks!

Darrell

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4059

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/3/2010 8:36:01 AM

mbam-log-2010-05-03 (08-36-01).txt

Scan type: Full scan (C:\|E:\|M:\|)

Objects scanned: 645503

Time elapsed: 18 hour(s), 57 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 110

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Administrator\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\Default User\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\dlw\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\LocalService\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\NetworkService\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\x_halo\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\xogent\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\WINDOWS\Temp\ave.exe (Trojan.MultipleAV) -> No action taken. [743AF2A1A0C30DF5F9B4EC0B20F1C147]

C:\Documents and Settings\Administrator\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\Default User\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\dlw\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\LocalService\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\NetworkService\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\x_halo\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\xogent\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\WINDOWS\Temp\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [1EAA94B4B33F049A25D0C716E588D13B]

C:\Documents and Settings\Administrator\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\All Users\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\Default User\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\dlw\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\LocalService\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\NetworkService\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\x_halo\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\xogent\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\WINDOWS\system32\config\systemprofile\Templates\ave.exe (Trojan.MultipleAV) -> No action taken. [F0FA345320C9C46F4AF7066D8263152D]

C:\Documents and Settings\Administrator\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\All Users\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\Default User\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\dlw\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\LocalService\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\NetworkService\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\x_halo\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\xogent\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\WINDOWS\system32\config\systemprofile\Templates\avg\ave.exe (Trojan.MultipleAV) -> No action taken. [038F8E271F140A4BA13E4BB72EEE322C]

C:\Documents and Settings\Administrator\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\All Users\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\Default User\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\dlw\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\LocalService\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\x_halo\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\xogent\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [16B97E6219FCF11D4E2CB9E496F37ABC]

C:\Documents and Settings\All Users\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\dlw\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\Administrator\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\Default User\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\LocalService\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\NetworkService\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\x_halo\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\xogent\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\WINDOWS\system32\config\systemprofile\Application Data\ave.exe (Trojan.Agent) -> No action taken. [FECD6A7A5476E75298A762A78F08FD33]

C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\All Users\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\Default User\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\dlw\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\x_halo\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\xogent\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken. [67DAB17F61A659ABC900ECC1B2ED8613]

C:\Documents and Settings\Administrator\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\All Users\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\Default User\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\dlw\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\LocalService\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\NetworkService\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\x_halo\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\xogent\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\WINDOWS\system32\config\systemprofile\AppData\Local\ave.exe (Rogue.MultipleAV) -> No action taken. [bE1D85FB6FD48CDA4B8AE7AC383E2C74]

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\dlw\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\Default User\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\LocalService\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\NetworkService\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\x_halo\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\xogent\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [509F4E3933CEEC1B1C0588994E50C1DE]

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\All Users\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\dlw\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\x_halo\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\xogent\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> No action taken. [002F60BD42D6D88FA9C0CF943A73875B]

C:\Documents and Settings\All Users\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\dlw\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\Administrator\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\Default User\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\LocalService\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\NetworkService\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\x_halo.DARRELL-LAPTOP\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\x_halo\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\Documents and Settings\xogent\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

C:\WINDOWS\system32\config\systemprofile\Application Data\avG\ave.exe (Rogue.MultipleAV) -> No action taken. [653AB2831F0F65F09FEB1A2818A06A0A]

Link to post
Share on other sites

  • Staff

Hi,

This rather looks like interference with another Antivirus application, blocking/locking the enumeration of this filename, so that's why mbam displays these.

I'm going to move this thread to the HijackThis section part of this forum as I may need more info here....

Please do the following...

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.

---------------------------------------------------

Copy and paste the contents of DDS.txt in your next reply. Do not copy and paste the contents of Attach.txt, but attach it to your reply instead.

Link to post
Share on other sites

Thanks for the fast reply. I'm def running another AV (Webroot) so that's probably the issue. (I ran the MWB scan after I had trouble reinstalling Webroot)

DDS (Ver_10-03-17.01) - NTFSx86

Run by DLW at 9:47:10.32 on Mon 05/03/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2223 [GMT -4:00]

AV: Webroot Internet Security Essentials *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kaseya\Agent\AgentMon.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Novosoft\Handy Backup 6.5.2\BackupNetworkCoordinator.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Kaseya\Agent\KaUsrTsk.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\SugarSync\SugarSyncManager.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Novosoft\Handy Backup 6.5.2\hbagent.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Bug Shooting\BugShooting.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtKbd.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Shockwave.com\Virtual Villagers\Virtual Villagers.exe

C:\Program Files\Shockwave.com\Virtual Villagers\product\VirtualVillagers.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dlw\Desktop\dds.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [Google Update] "c:\documents and settings\dlw\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [MmDesignPartner.exe] "c:\program files\mindjet\mindmanager 8\MmDesignPartner.exe"

uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ooVoo.exe] "c:\program files\oovoo\oovoo.exe" /minimized

uRun: [Handy Backup] "c:\program files\novosoft\handy backup 6.5.2\hbagent.exe" -logon

mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] "c:\windows\system32\nwiz.exe" /installquiet

mRun: [NVHotkey] "c:\windows\system32\rundll32.exe" nvHotkey.dll,Start

mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sigmatelSysTrayApp] "c:\program files\sigmatel\c-major audio\wdm\stsystra.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [synchronization Manager] "c:\windows\system32\mobsync.exe" /logon

mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"

mRun: [iTSecMng] "c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe" /START

mRun: [Logitech Hardware Abstraction Layer] "c:\windows\KHALMNPR.EXE"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [MMReminderService] "c:\program files\mindjet\mindmanager 8\MMReminderService.exe"

mRun: [KASHXGNLC961543680833358] "c:\program files\kaseya\agent\KaUsrTsk.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [spySweeper] c:\program files\webroot\webrootsecurity\SpySweeperUI.exe /startintray

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [TSC] "c:\docume~1\dlw\locals~1\temp\housecall\tsc.exe" /HD

StartupFolder: c:\docume~1\dlw\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bugsho~1.lnk - c:\program files\bug shooting\BugShooting.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxps://69.15.78.50/ConnectComputer/nshelp.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229611647046

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229611729203

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dlw\applic~1\mozilla\firefox\profiles\5oaj8zh8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rlz=1R0GGGL_en

FF - prefs.js: keyword.URL - about:neterror?e=query&u=

FF - plugin: c:\documents and settings\dlw\application data\mozilla\firefox\profiles\5oaj8zh8.default\extensions\{0ffcc8d1-8198-4b2f-9a96-2b4d4a65ecc9}\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF - plugin: c:\documents and settings\dlw\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dlw\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]

R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2009-2-27 108880]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]

R2 KAXGNLC961543680833358;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2008-12-18 806912]

R2 NovosoftBackupNetworkCoordinator;Novosoft Backup Network Coordinator;c:\program files\novosoft\handy backup 6.5.2\BackupNetworkCoordinator.exe [2010-3-26 31928]

R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-6-12 80384]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2008-12-18 1201640]

R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2008-12-18 13824]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-18 38224]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-1-21 9472]

S0 cerc6;cerc6; [x]

S2 gupdate1c9873a4eecea84;Google Update Service (gupdate1c9873a4eecea84);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]

S3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys --> c:\windows\system32\drivers\easytthr.sys [?]

S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-10 30192]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-05-02 18:41:03 0 d-----w- c:\program files\Shockwave.com

2010-05-01 20:56:52 2388 ----a-w- c:\windows\DCEBOOT.CFG

2010-05-01 20:56:52 10752 ----a-w- c:\windows\DCEBoot.exe

2010-04-23 18:03:44 0 d-----w- c:\program files\MobileFrame

2010-04-22 21:41:29 0 d-----w- c:\program files\VirusTotalUploader2

2010-04-22 19:24:50 0 d-----w- c:\documents and settings\dlw\Tracing

2010-04-22 19:23:35 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2010-04-22 19:22:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications

2010-04-09 23:08:18 69 ----a-w- c:\windows\system32\BD9420CN.DAT

2010-04-09 16:21:11 0 d-----w- c:\program files\common files\Akamai

2010-04-08 00:30:59 0 d-----w- c:\program files\iPod

2010-04-08 00:30:50 0 d-----w- c:\program files\iTunes

2010-04-08 00:30:50 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-08 00:19:12 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-05-03 03:10:35 181931 ----a-w- c:\windows\system32\nvModes.dat

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-17 17:37:32 4199784 ----a-w- c:\windows\system32\cdintf400.dll

2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

2009-10-14 04:55:54 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

============= FINISH: 9:47:42.08 ===============

Link to post
Share on other sites

Hey Miekie. Sorry for the delay. I didn't see your reply.

Kaseya is part of my IT consultant's software and I can't disable it. I went ahead and purchased MWB and uninstalled Webroot. I still get the same detections. I think it's safe to assume that Kayesa is the culprit.

Thanks for your help.

Darrell

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.