We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
Combofix Problem on Laptop?
macman
Posts: 53,128 Forumite
in Techie Stuff
I've been running Malwarebytes and then Combofix on a laptop running Windows 7, which was infected with the 'Windows Security Alert' trojan.
Seems to have done the job, found and removed several infections, but Combofix has got to the last stage of 'Preparing Log Report. Do not run any programs until Combofix has finished' and is stuck on this stage. It's not frozen, the cursor is still flashing, but it's not generating the log file. It has been like this now for over 30 minutes. The initial scan was quite slow and took about 25 minutes.
Is it OK to terminate the program, or will this cause problems? I realise that I'll lose the log, but not too bothered about that.
Seems to have done the job, found and removed several infections, but Combofix has got to the last stage of 'Preparing Log Report. Do not run any programs until Combofix has finished' and is stuck on this stage. It's not frozen, the cursor is still flashing, but it's not generating the log file. It has been like this now for over 30 minutes. The initial scan was quite slow and took about 25 minutes.
Is it OK to terminate the program, or will this cause problems? I realise that I'll lose the log, but not too bothered about that.
No free lunch, and no free laptop
0
Comments
-
To answer my own question, it did eventually produce a log after about an hour. I'm posting MBAM, HJT and Combofix logs, please could someone advise if anything else to do? Thanks
One point-when I run HJT I'm getting a message 'Denied write access to the Hosts file', which makes me think that there is stil some infection there.
Otherwise the laptop seems to be running normally.
MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
https://www.malwarebytes.org
Database version: 6195
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
28/03/2011 16:29:34
mbam-log-2011-03-28 (16-29-34).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 314578
Time elapsed: 51 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\1a5118a7d01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\535e6671d01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\6fd0a3d8d01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\a15443cdd01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.No free lunch, and no free laptop0 -
HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:35:24, on 29/03/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\sttray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070411
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11005 bytesNo free lunch, and no free laptop0 -
Combofix log;
ComboFix 11-03-27.02 - Barry 28/03/2011 17:16:12.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2038.400 [GMT 1:00]
Running from: c:\users\Barry\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Barry\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2011-03-28 16:40 . 2011-03-28 16:40
d
w- c:\users\Guest\AppData\Local\temp
2011-03-28 16:40 . 2011-03-28 16:40
d
w- c:\users\Duzz1939\AppData\Local\temp
2011-03-28 16:40 . 2011-03-28 16:40
d
w- c:\users\Default\AppData\Local\temp
2011-03-28 15:59 . 2011-03-28 15:59 388096 ----a-r- c:\users\Barry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-28 15:59 . 2011-03-28 15:59
d
w- c:\program files\Trend Micro
2011-03-28 15:34 . 2011-03-28 15:34
d
w- c:\program files\BBC iPlayer Desktop
2011-03-28 14:47 . 2011-03-28 14:47
d
w- c:\users\Barry\AppData\Local\ElevatedDiagnostics
2011-03-28 14:24 . 2011-03-28 14:24
d
w- c:\users\Barry\AppData\Roaming\Malwarebytes
2011-03-28 14:24 . 2011-03-28 14:24
d
w- c:\programdata\Malwarebytes
2011-03-28 14:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 14:24 . 2011-03-28 14:24
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 14:24 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-28 04:14 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1023F7A0-0FE1-4623-B458-EAACD77C1092}\mpengine.dll
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 08:53 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 08:53 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 08:53 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 08:53 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 08:53 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 08:53 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 08:53 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 08:53 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 08:53 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-17 21:35 . 2011-02-17 21:35 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-02-03 05:45 . 2011-02-09 11:39 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 21:40 . 2010-04-21 09:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-02-04 10:54 222080
w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31 . 2011-02-23 09:43 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 09:43 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 11:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 11:40 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 11:40 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 11:40 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-06-20 07:18 . 2010-06-20 07:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
"Google Update"="c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"BTHelena_McciTrayApp"="c:\program files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe" [2007-07-17 1001472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-20 30192]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-3-28 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-11 50688]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-4-11 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-20 30192]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1343400]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-02-17 53816]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110322.001\IDSvix86.sys [2010-09-15 287792]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-03 390528]
S1 RapportCerberus_23945;RapportCerberus_23945;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [2011-02-28 55224]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-02-17 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-02-17 157752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-02-17 821048]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - ERASERUTILDRVI10
*Deregistered* - EraserUtilDrvI10
*Deregistered* - EraserUtilRebootDrv
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:37]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:37]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1921095132-3486249424-3216310333-1000Core.job
- c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-03 10:02]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1921095132-3486249424-3216310333-1000UA.job
- c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-03 10:02]
.
.
Supplementary Scan
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\fbcl4rjo.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
.
LOCKED REGISTRY KEYS
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_ccAppPlgMgr_1792"="{0BBD018B-75FA-4F37-B416-9D65FD07654D}"
"ccSvcHst_ccAppPlgMgr_5144"="{7192D163-A309-48E3-BDE3-C96F2524D33C}"
"ccSvcHst_Seshlp_1792"="{0BBD018B-75FA-4F37-B416-9D65FD07654D}"
"ccSvcHst_Seshlp_5144"="{7192D163-A309-48E3-BDE3-C96F2524D33C}"
"ccSvcHst_ccAppPlgMgr_552"="{73C8E8AA-F03B-4137-854A-9E17F2ACD453}"
"ccSvcHst_ccAppPlgMgr_2508"="{09E49245-AEA5-4580-B005-B622A880AB5E}"
"ccSvcHst_Seshlp_3400"="{7B775E92-0FB5-4B93-8FD6-5D3C45E00C9A}"
"ccSvcHst_ccAppPlgMgr_3400"="{7B775E92-0FB5-4B93-8FD6-5D3C45E00C9A}"
"ccSvcHst_ccAppPlgMgr_712"="{FAE10D6B-585F-4CA0-8BB1-7258B1AC2EA3}"
"ccSvcHst_Seshlp_712"="{FAE10D6B-585F-4CA0-8BB1-7258B1AC2EA3}"
"ccSvcHst_ccAppPlgMgr_5656"="{4222F12A-BE68-40DA-972C-6C5207D30B94}"
"ccSvcHst_ccAppPlgMgr_3908"="{2AC7D736-4394-43F7-B294-0CDCC58555A6}"
"ccSvcHst_ccAppPlgMgr_2284"="{6576F2A4-F818-4BCE-908B-2D25054B62AA}"
"ccSvcHst_Seshlp_2284"="{6576F2A4-F818-4BCE-908B-2D25054B62AA}"
"ccSvcHst_ccAppPlgMgr_3964"="{9CBD65D0-DBBA-483F-88F8-0B48B99DC4C7}"
"ccSvcHst_Seshlp_3964"="{9CBD65D0-DBBA-483F-88F8-0B48B99DC4C7}"
"ccSvcHst_Seshlp_2652"="{5D062579-2CD5-46A5-8DAC-222C0F8DD0F4}"
"ccSvcHst_ccAppPlgMgr_2652"="{5D062579-2CD5-46A5-8DAC-222C0F8DD0F4}"
"ccSvcHst_ccAppPlgMgr_5608"="{B4909BCC-FEB6-4B12-B201-8ECF15115140}"
"ccSvcHst_Seshlp_5608"="{B4909BCC-FEB6-4B12-B201-8ECF15115140}"
"ccSvcHst_Seshlp_3948"="{302C57F2-B427-403E-9E4F-4315FDD2E020}"
"ccSvcHst_ccAppPlgMgr_3948"="{302C57F2-B427-403E-9E4F-4315FDD2E020}"
"ccSvcHst_ccAppPlgMgr_4016"="{5102C764-62EE-45D2-865F-DAD6870570B4}"
"ccSvcHst_Seshlp_4016"="{5102C764-62EE-45D2-865F-DAD6870570B4}"
"ccSvcHst_ccAppPlgMgr_5360"="{E927C0C7-FBBB-43C0-8D9D-0D0C08CAA542}"
"ccSvcHst_Seshlp_5360"="{E927C0C7-FBBB-43C0-8D9D-0D0C08CAA542}"
"ccSvcHst_Seshlp_4024"="{F3C74648-F37A-4DEA-87DF-C66A3658D425}"
"ccSvcHst_ccAppPlgMgr_4024"="{F3C74648-F37A-4DEA-87DF-C66A3658D425}"
"ccSvcHst_Seshlp_4056"="{AACA6608-B0B4-4847-BF24-40A80E213C85}"
"ccSvcHst_ccAppPlgMgr_4056"="{AACA6608-B0B4-4847-BF24-40A80E213C85}"
"ccSvcHst_ccAppPlgMgr_5352"="{31F5C072-3549-4B0C-9893-E23003947683}"
"ccSvcHst_ccAppPlgMgr_3796"="{80F84002-4E9B-480E-AF61-BA618ED4DD54}"
"ccSvcHst_Seshlp_3796"="{80F84002-4E9B-480E-AF61-BA618ED4DD54}"
"ccSvcHst_ccAppPlgMgr_5512"="{3D476101-61DE-42DF-9C8D-8B2A85CAC462}"
"ccSvcHst_ccAppPlgMgr_1696"="{3C41F6C7-98D8-4B83-8313-F7BCDC2662AA}"
"ccSvcHst_Seshlp_1696"="{3C41F6C7-98D8-4B83-8313-F7BCDC2662AA}"
"ccSvcHst_ccAppPlgMgr_5604"="{22400203-7077-4598-B035-6300432CC3F4}"
"ccSvcHst_Seshlp_5604"="{22400203-7077-4598-B035-6300432CC3F4}"
"ccSvcHst_ccAppPlgMgr_5536"="{C68EC65E-023B-4DD3-9959-59928B6571F5}"
"ccSvcHst_ccAppPlgMgr_3952"="{57F1E1AA-99E3-4713-B2F0-31D987CFB67F}"
"ccSvcHst_Seshlp_3952"="{57F1E1AA-99E3-4713-B2F0-31D987CFB67F}"
"ccSvcHst_ccAppPlgMgr_18068"="{179FB2A0-F259-472E-8AC2-E06EA9BD2BF7}"
"ccSvcHst_ccAppPlgMgr_3956"="{9AFCBCC1-B05C-470A-BF79-90C359F1399A}"
"ccSvcHst_Seshlp_3956"="{9AFCBCC1-B05C-470A-BF79-90C359F1399A}"
"ccSvcHst_Seshlp_3772"="{D2458DF0-418C-487A-9BA1-C51F205A765C}"
"ccSvcHst_ccAppPlgMgr_3772"="{D2458DF0-418C-487A-9BA1-C51F205A765C}"
"ccSvcHst_Seshlp_2840"="{C6AD64A6-2940-4D04-9A95-D82367DADB89}"
"ccSvcHst_ccAppPlgMgr_2840"="{C6AD64A6-2940-4D04-9A95-D82367DADB89}"
"ccSvcHst_Seshlp_3124"="{D0E94010-4D27-470F-8143-149D9EE6EC25}"
"ccSvcHst_ccAppPlgMgr_3124"="{D0E94010-4D27-470F-8143-149D9EE6EC25}"
"ccSvcHst_ccAppPlgMgr_3860"="{51286FA1-8234-431B-9333-BD6961781875}"
"ccSvcHst_Seshlp_3860"="{51286FA1-8234-431B-9333-BD6961781875}"
"ccSvcHst_ccAppPlgMgr_5420"="{9DE1BC6B-624C-4494-A665-64DEB9B1455E}"
"ccSvcHst_ccAppPlgMgr_3924"="{E2CF2C5A-1556-41AB-AE8C-63ED495A9D3A}"
"ccSvcHst_Seshlp_1944"="{94A51300-4BF4-4A5A-9DC0-04C8A7F845F6}"
"ccSvcHst_ccAppPlgMgr_1944"="{94A51300-4BF4-4A5A-9DC0-04C8A7F845F6}"
"ccSvcHst_ccAppPlgMgr_2668"="{5C258251-4432-429A-9A9D-8C940B8201D9}"
"ccSvcHst_Seshlp_2668"="{5C258251-4432-429A-9A9D-8C940B8201D9}"
"ccSvcHst_ccAppPlgMgr_3232"="{6EE58615-4F61-4750-A8A3-E28518979E8F}"
"ccSvcHst_Seshlp_3232"="{6EE58615-4F61-4750-A8A3-E28518979E8F}"
"ccSvcHst_ccAppPlgMgr_4980"="{53F84C79-EF95-4D1C-B8E4-99776B42A34E}"
"ccSvcHst_Seshlp_3872"="{B5499978-BEC7-4445-BA0B-7C81F0B4689A}"
"ccSvcHst_ccAppPlgMgr_3872"="{B5499978-BEC7-4445-BA0B-7C81F0B4689A}"
"ccSvcHst_Seshlp_3756"="{47E30E4C-498E-4A6D-B6AC-0C44021EC40E}"
"ccSvcHst_ccAppPlgMgr_3756"="{47E30E4C-498E-4A6D-B6AC-0C44021EC40E}"
"ccSvcHst_ccAppPlgMgr_3700"="{577C926C-D7F6-47B6-A997-5ABF29A2FAE3}"
"ccSvcHst_ccAppPlgMgr_1912"="{6B883793-64FE-4F3D-AF8C-6CD8A1C1B820}"
"ccSvcHst_ccAppPlgMgr_3512"="{8984A459-169A-4EC2-9D29-4C64356C6501}"
"ccSvcHst_Seshlp_3512"="{8984A459-169A-4EC2-9D29-4C64356C6501}"
"ccSvcHst_Seshlp_3364"="{91B120E6-9D51-47F8-846C-8018E7FE28FE}"
"ccSvcHst_ccAppPlgMgr_3364"="{91B120E6-9D51-47F8-846C-8018E7FE28FE}"
"ccSvcHst_ccAppPlgMgr_1316"="{9E897B29-6651-43C5-9B13-237D199A983C}"
"ccSvcHst_Seshlp_1316"="{9E897B29-6651-43C5-9B13-237D199A983C}"
"ccSvcHst_ccAppPlgMgr_3844"="{EC9AEB92-9D9B-4061-B4C7-5BABCED40B4E}"
"ccSvcHst_ccAppPlgMgr_3960"="{AF5820A5-AC75-4358-8E87-448E7E95CD15}"
"ccSvcHst_Seshlp_3960"="{AF5820A5-AC75-4358-8E87-448E7E95CD15}"
"ccSvcHst_Seshlp_3376"="{895DBA5E-544C-4528-B3AE-3BF4C525F238}"
"ccSvcHst_ccAppPlgMgr_3376"="{895DBA5E-544C-4528-B3AE-3BF4C525F238}"
"ccSvcHst_ccAppPlgMgr_3396"="{CCB40C96-08BB-40A8-96CE-B8FEFA60FE04}"
"ccSvcHst_Seshlp_3396"="{CCB40C96-08BB-40A8-96CE-B8FEFA60FE04}"
"ccSvcHst_ccAppPlgMgr_2132"="{E2B1AECB-FDB9-4D75-AC78-6E588E9FE32F}"
"ccSvcHst_ccAppPlgMgr_2728"="{593667A3-90C3-4803-AC6B-E717C2D319F1}"
"ccSvcHst_Seshlp_2728"="{593667A3-90C3-4803-AC6B-E717C2D319F1}"
"ccSvcHst_ccAppPlgMgr_2160"="{C2D7869B-AB4E-4C73-901B-2CE8465C681C}"
"ccSvcHst_ccAppPlgMgr_2636"="{9DA50A1A-8564-4095-9F68-3AC7AE65C087}"
"ccSvcHst_Seshlp_2636"="{9DA50A1A-8564-4095-9F68-3AC7AE65C087}"
"ccSvcHst_ccAppPlgMgr_4752"="{1F0BD970-FE0A-4D36-9B53-0F4615C3F4B0}"
"ccSvcHst_ccAppPlgMgr_3784"="{605B231B-4FBA-410D-898C-5AB560F908A8}"
"ccSvcHst_Seshlp_3784"="{605B231B-4FBA-410D-898C-5AB560F908A8}"
"ccSvcHst_Seshlp_2224"="{37D892C0-75B3-48B1-A8BA-737E32EDA659}"
"ccSvcHst_ccAppPlgMgr_2224"="{37D892C0-75B3-48B1-A8BA-737E32EDA659}"
"ccSvcHst_ccAppPlgMgr_2616"="{445D9085-5FAF-4531-ADDB-5F6948CE5382}"
"ccSvcHst_ccAppPlgMgr_2872"="{DF0947EA-65AF-4AAC-86BC-43AD387A2229}"
"ccSvcHst_Seshlp_2872"="{DF0947EA-65AF-4AAC-86BC-43AD387A2229}"
"ccSvcHst_ccAppPlgMgr_4020"="{88F2BAFC-58F1-4A50-A493-82946DD2B332}"
"ccSvcHst_Seshlp_4020"="{88F2BAFC-58F1-4A50-A493-82946DD2B332}"
"ccSvcHst_Seshlp_1892"="{3F6A4413-2F1F-4918-A84B-1BA818BA8B29}"
"ccSvcHst_ccAppPlgMgr_1892"="{3F6A4413-2F1F-4918-A84B-1BA818BA8B29}"
"ccSvcHst_ccAppPlgMgr_3420"="{EC2CBB43-0392-45E3-BA2B-381839F40EA7}"
"ccSvcHst_Seshlp_3420"="{EC2CBB43-0392-45E3-BA2B-381839F40EA7}"
"ccSvcHst_ccAppPlgMgr_4876"="{75AA5698-84D9-4734-B563-0EF91A61D90E}"
"ccSvcHst_Seshlp_1400"="{67F68A57-C90B-4644-BB50-07E9BDC03F01}"
"ccSvcHst_ccAppPlgMgr_1400"="{67F68A57-C90B-4644-BB50-07E9BDC03F01}"
"ccSvcHst_ccAppPlgMgr_1864"="{E6C81773-AEFD-46C5-8BA9-F7E3F2ED05C2}"
"ccSvcHst_Seshlp_3932"="{39DB2978-2FFB-415A-9470-F33561121CC0}"
"ccSvcHst_ccAppPlgMgr_3932"="{39DB2978-2FFB-415A-9470-F33561121CC0}"
"ccSvcHst_ccAppPlgMgr_4316"="{26727D2B-0FE2-4BED-ADD6-535BC1028745}"
"ccSvcHst_Seshlp_4316"="{26727D2B-0FE2-4BED-ADD6-535BC1028745}"
"ccSvcHst_Seshlp_4044"="{410E0D4E-74F7-44A6-9A28-45BB96B27D3C}"
"ccSvcHst_ccAppPlgMgr_4044"="{410E0D4E-74F7-44A6-9A28-45BB96B27D3C}"
"ccSvcHst_Seshlp_2888"="{F46AEAAC-7B6E-4624-AE66-E679BBFBF222}"
"ccSvcHst_ccAppPlgMgr_2888"="{F46AEAAC-7B6E-4624-AE66-E679BBFBF222}"
"ccSvcHst_ccAppPlgMgr_3500"="{76CCAA9B-B29D-4E6B-B1CD-0BB8A1E0D548}"
"ccSvcHst_Seshlp_3500"="{76CCAA9B-B29D-4E6B-B1CD-0BB8A1E0D548}"
"ccSvcHst_ccAppPlgMgr_3920"="{586DBB39-EB10-41A8-B0D5-4F93B5D0CAE5}"
"ccSvcHst_Seshlp_3920"="{586DBB39-EB10-41A8-B0D5-4F93B5D0CAE5}"
"ccSvcHst_ccAppPlgMgr_3980"="{61238F2A-B102-4EBC-ADBC-E4372A9718F8}"
"ccSvcHst_Seshlp_3980"="{61238F2A-B102-4EBC-ADBC-E4372A9718F8}"
"ccSvcHst_ccAppPlgMgr_724"="{BC766E8B-3B71-4ED2-BF1E-6D44EFD869AB}"
"ccSvcHst_Seshlp_3892"="{A40D26FA-DA4B-4805-9054-7CFD98EF1FFB}"
"ccSvcHst_ccAppPlgMgr_3892"="{A40D26FA-DA4B-4805-9054-7CFD98EF1FFB}"
"ccSvcHst_ccAppPlgMgr_3888"="{A5ECA274-CADA-48F5-866E-1548065CD941}"
"ccSvcHst_Seshlp_3888"="{A5ECA274-CADA-48F5-866E-1548065CD941}"
"ccSvcHst_ccAppPlgMgr_3644"="{F3C4180B-1695-4BE1-B34C-4CC118B0487C}"
"ccSvcHst_Seshlp_3644"="{F3C4180B-1695-4BE1-B34C-4CC118B0487C}"
"ccSvcHst_ccAppPlgMgr_3404"="{2F4F7FE4-AA56-44CC-A0EA-65B785C6409D}"
"ccSvcHst_Seshlp_2724"="{D1093C48-4A73-4AAF-B075-2054C9B0DAFA}"
"ccSvcHst_ccAppPlgMgr_2724"="{D1093C48-4A73-4AAF-B075-2054C9B0DAFA}"
"ccSvcHst_ccAppPlgMgr_3588"="{88AB3D2B-F2EE-402F-9222-70DBFACF7F20}"
"ccSvcHst_ccAppPlgMgr_3836"="{4FD85DB9-585E-40DA-B168-DF3539C6EF3F}"
"ccSvcHst_Seshlp_1268"="{601353B4-6A97-47B1-B28A-B0E40A4CFF73}"
"ccSvcHst_ccAppPlgMgr_1268"="{601353B4-6A97-47B1-B28A-B0E40A4CFF73}"
"ccSvcHst_ccAppPlgMgr_5812"="{58DF3B5E-87C9-4022-9A66-4F48C3081AB1}"
"ccSvcHst_ccAppPlgMgr_2228"="{F98298E3-5C38-478A-A245-57A6BA7A0794}"
"ccSvcHst_Seshlp_2228"="{F98298E3-5C38-478A-A245-57A6BA7A0794}"
"ccSvcHst_ccAppPlgMgr_3800"="{627B9770-1B7E-4342-8A33-5379E268AD32}"
"ccSvcHst_Seshlp_3800"="{627B9770-1B7E-4342-8A33-5379E268AD32}"
"ccSvcHst_ccAppPlgMgr_1924"="{10317251-A6BC-4326-9D5B-D3F625251229}"
"ccSvcHst_Seshlp_1924"="{10317251-A6BC-4326-9D5B-D3F625251229}"
"ccSvcHst_Seshlp_2444"="{CDE4D3BD-021B-4AE9-BBC4-FF01BEA04CE1}"
"ccSvcHst_ccAppPlgMgr_2444"="{CDE4D3BD-021B-4AE- - End Of File - - B1B8F4CBB9E3DBD167944F46EB0F5406No free lunch, and no free laptop0 -
One point-when I run HJT I'm getting a message 'Denied write access to the Hosts file', which makes me think that there is stil some infection there.
Have you run HJT as administrator?
Can you open the HOSTS file with Notepad to see what entries are in it (again making sure you run Notepad as Administrator)? Generally the only line without a # beginning is
127.0.0.1 localhost
Anything else could indicate some sort of blocking/redirect
0 -
If I right click on HJT I don't get an option to run as Administrator.
Opening the HOSTS file, the only visible entry is
127.0.0.1 localhost
Edit: OK, now worked out how to run as Administrator. When I do that, it runs a normal HJT scan without the HOSTS warning. So can I assume the HOSTS file is OK?
MBAM would not update in Normal Mode, (only in Safe Mode). I've now removed Norton360 and installed Kaspersky Internet Security, now it's updating OK. Doing full MBAM scan now.No free lunch, and no free laptop0 -
Opening the HOSTS file, the only visible entry is
127.0.0.1 localhost
Edit: OK, now worked out how to run as Administrator. When I do that, it runs a normal HJT scan without the HOSTS warning. So can I assume the HOSTS file is OK?0
This discussion has been closed.
Categories
- All Categories
- 347.1K Banking & Borrowing
- 251.6K Reduce Debt & Boost Income
- 451.7K Spending & Discounts
- 239.4K Work, Benefits & Business
- 615.2K Mortgages, Homes & Bills
- 175K Life & Family
- 252.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards