We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

Combofix Problem on Laptop?

macman
macman Posts: 53,128 Forumite
Part of the Furniture 10,000 Posts Name Dropper
I've been running Malwarebytes and then Combofix on a laptop running Windows 7, which was infected with the 'Windows Security Alert' trojan.
Seems to have done the job, found and removed several infections, but Combofix has got to the last stage of 'Preparing Log Report. Do not run any programs until Combofix has finished' and is stuck on this stage. It's not frozen, the cursor is still flashing, but it's not generating the log file. It has been like this now for over 30 minutes. The initial scan was quite slow and took about 25 minutes.
Is it OK to terminate the program, or will this cause problems? I realise that I'll lose the log, but not too bothered about that.
No free lunch, and no free laptop ;)

Comments

  • macman
    macman Posts: 53,128 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    To answer my own question, it did eventually produce a log after about an hour. I'm posting MBAM, HJT and Combofix logs, please could someone advise if anything else to do? Thanks
    One point-when I run HJT I'm getting a message 'Denied write access to the Hosts file', which makes me think that there is stil some infection there.
    Otherwise the laptop seems to be running normally.

    MBAM log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    https://www.malwarebytes.org

    Database version: 6195

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    28/03/2011 16:29:34
    mbam-log-2011-03-28 (16-29-34).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 314578
    Time elapsed: 51 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\1a5118a7d01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
    c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\535e6671d01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
    c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\6fd0a3d8d01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
    c:\Users\Barry\AppData\Local\Mozilla\Firefox\Profiles\fbcl4rjo.default\Cache\a15443cdd01 (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
    No free lunch, and no free laptop ;)
  • macman
    macman Posts: 53,128 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    HJT log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 09:35:24, on 29/03/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Windows\sttray.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070411
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11005 bytes
    No free lunch, and no free laptop ;)
  • macman
    macman Posts: 53,128 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Combofix log;

    ComboFix 11-03-27.02 - Barry 28/03/2011 17:16:12.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2038.400 [GMT 1:00]
    Running from: c:\users\Barry\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Barry\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-28 16:40 . 2011-03-28 16:40
    d
    w- c:\users\Guest\AppData\Local\temp
    2011-03-28 16:40 . 2011-03-28 16:40
    d
    w- c:\users\Duzz1939\AppData\Local\temp
    2011-03-28 16:40 . 2011-03-28 16:40
    d
    w- c:\users\Default\AppData\Local\temp
    2011-03-28 15:59 . 2011-03-28 15:59 388096 ----a-r- c:\users\Barry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-28 15:59 . 2011-03-28 15:59
    d
    w- c:\program files\Trend Micro
    2011-03-28 15:34 . 2011-03-28 15:34
    d
    w- c:\program files\BBC iPlayer Desktop
    2011-03-28 14:47 . 2011-03-28 14:47
    d
    w- c:\users\Barry\AppData\Local\ElevatedDiagnostics
    2011-03-28 14:24 . 2011-03-28 14:24
    d
    w- c:\users\Barry\AppData\Roaming\Malwarebytes
    2011-03-28 14:24 . 2011-03-28 14:24
    d
    w- c:\programdata\Malwarebytes
    2011-03-28 14:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-28 14:24 . 2011-03-28 14:24
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-28 14:24 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-28 04:14 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1023F7A0-0FE1-4623-B458-EAACD77C1092}\mpengine.dll
    2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2011-03-12 11:28 . 2011-03-12 11:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2011-03-09 08:53 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-09 08:53 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-09 08:53 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-09 08:53 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 08:53 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-09 08:53 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 08:53 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 08:53 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 08:53 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-17 21:35 . 2011-02-17 21:35 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-02-03 05:45 . 2011-02-09 11:39 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-02 21:40 . 2010-04-21 09:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 17:11 . 2010-02-04 10:54 222080
    w- c:\windows\system32\MpSigStub.exe
    2011-01-07 07:31 . 2011-02-23 09:43 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-07 07:31 . 2011-02-23 09:43 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-07 07:27 . 2011-02-09 11:40 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33 . 2011-02-09 11:40 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 05:37 . 2011-02-09 11:40 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 03:37 . 2011-02-09 11:40 2329088 ----a-w- c:\windows\system32\win32k.sys
    2010-06-20 07:18 . 2010-06-20 07:18 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
    "Google Update"="c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
    "BTHelena_McciTrayApp"="c:\program files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe" [2007-07-17 1001472]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-20 30192]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-10-13 184320]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    .
    c:\users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-3-28 142336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-11 50688]
    QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-4-11 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-20 30192]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1343400]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-02-17 53816]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110322.001\IDSvix86.sys [2010-09-15 287792]
    S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-03 390528]
    S1 RapportCerberus_23945;RapportCerberus_23945;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys [2011-02-28 55224]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-02-17 66360]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-02-17 157752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-02-17 821048]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    *NewlyCreated* - ERASERUTILDRVI10
    *Deregistered* - EraserUtilDrvI10
    *Deregistered* - EraserUtilRebootDrv
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:37]
    .
    2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:37]
    .
    2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1921095132-3486249424-3216310333-1000Core.job
    - c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-03 10:02]
    .
    2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1921095132-3486249424-3216310333-1000UA.job
    - c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-03 10:02]
    .
    .
    Supplementary Scan
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\fbcl4rjo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
    @Denied: (C D) (Everyone)
    "ccSvcHst_ccAppPlgMgr_1792"="{0BBD018B-75FA-4F37-B416-9D65FD07654D}"
    "ccSvcHst_ccAppPlgMgr_5144"="{7192D163-A309-48E3-BDE3-C96F2524D33C}"
    "ccSvcHst_Seshlp_1792"="{0BBD018B-75FA-4F37-B416-9D65FD07654D}"
    "ccSvcHst_Seshlp_5144"="{7192D163-A309-48E3-BDE3-C96F2524D33C}"
    "ccSvcHst_ccAppPlgMgr_552"="{73C8E8AA-F03B-4137-854A-9E17F2ACD453}"
    "ccSvcHst_ccAppPlgMgr_2508"="{09E49245-AEA5-4580-B005-B622A880AB5E}"
    "ccSvcHst_Seshlp_3400"="{7B775E92-0FB5-4B93-8FD6-5D3C45E00C9A}"
    "ccSvcHst_ccAppPlgMgr_3400"="{7B775E92-0FB5-4B93-8FD6-5D3C45E00C9A}"
    "ccSvcHst_ccAppPlgMgr_712"="{FAE10D6B-585F-4CA0-8BB1-7258B1AC2EA3}"
    "ccSvcHst_Seshlp_712"="{FAE10D6B-585F-4CA0-8BB1-7258B1AC2EA3}"
    "ccSvcHst_ccAppPlgMgr_5656"="{4222F12A-BE68-40DA-972C-6C5207D30B94}"
    "ccSvcHst_ccAppPlgMgr_3908"="{2AC7D736-4394-43F7-B294-0CDCC58555A6}"
    "ccSvcHst_ccAppPlgMgr_2284"="{6576F2A4-F818-4BCE-908B-2D25054B62AA}"
    "ccSvcHst_Seshlp_2284"="{6576F2A4-F818-4BCE-908B-2D25054B62AA}"
    "ccSvcHst_ccAppPlgMgr_3964"="{9CBD65D0-DBBA-483F-88F8-0B48B99DC4C7}"
    "ccSvcHst_Seshlp_3964"="{9CBD65D0-DBBA-483F-88F8-0B48B99DC4C7}"
    "ccSvcHst_Seshlp_2652"="{5D062579-2CD5-46A5-8DAC-222C0F8DD0F4}"
    "ccSvcHst_ccAppPlgMgr_2652"="{5D062579-2CD5-46A5-8DAC-222C0F8DD0F4}"
    "ccSvcHst_ccAppPlgMgr_5608"="{B4909BCC-FEB6-4B12-B201-8ECF15115140}"
    "ccSvcHst_Seshlp_5608"="{B4909BCC-FEB6-4B12-B201-8ECF15115140}"
    "ccSvcHst_Seshlp_3948"="{302C57F2-B427-403E-9E4F-4315FDD2E020}"
    "ccSvcHst_ccAppPlgMgr_3948"="{302C57F2-B427-403E-9E4F-4315FDD2E020}"
    "ccSvcHst_ccAppPlgMgr_4016"="{5102C764-62EE-45D2-865F-DAD6870570B4}"
    "ccSvcHst_Seshlp_4016"="{5102C764-62EE-45D2-865F-DAD6870570B4}"
    "ccSvcHst_ccAppPlgMgr_5360"="{E927C0C7-FBBB-43C0-8D9D-0D0C08CAA542}"
    "ccSvcHst_Seshlp_5360"="{E927C0C7-FBBB-43C0-8D9D-0D0C08CAA542}"
    "ccSvcHst_Seshlp_4024"="{F3C74648-F37A-4DEA-87DF-C66A3658D425}"
    "ccSvcHst_ccAppPlgMgr_4024"="{F3C74648-F37A-4DEA-87DF-C66A3658D425}"
    "ccSvcHst_Seshlp_4056"="{AACA6608-B0B4-4847-BF24-40A80E213C85}"
    "ccSvcHst_ccAppPlgMgr_4056"="{AACA6608-B0B4-4847-BF24-40A80E213C85}"
    "ccSvcHst_ccAppPlgMgr_5352"="{31F5C072-3549-4B0C-9893-E23003947683}"
    "ccSvcHst_ccAppPlgMgr_3796"="{80F84002-4E9B-480E-AF61-BA618ED4DD54}"
    "ccSvcHst_Seshlp_3796"="{80F84002-4E9B-480E-AF61-BA618ED4DD54}"
    "ccSvcHst_ccAppPlgMgr_5512"="{3D476101-61DE-42DF-9C8D-8B2A85CAC462}"
    "ccSvcHst_ccAppPlgMgr_1696"="{3C41F6C7-98D8-4B83-8313-F7BCDC2662AA}"
    "ccSvcHst_Seshlp_1696"="{3C41F6C7-98D8-4B83-8313-F7BCDC2662AA}"
    "ccSvcHst_ccAppPlgMgr_5604"="{22400203-7077-4598-B035-6300432CC3F4}"
    "ccSvcHst_Seshlp_5604"="{22400203-7077-4598-B035-6300432CC3F4}"
    "ccSvcHst_ccAppPlgMgr_5536"="{C68EC65E-023B-4DD3-9959-59928B6571F5}"
    "ccSvcHst_ccAppPlgMgr_3952"="{57F1E1AA-99E3-4713-B2F0-31D987CFB67F}"
    "ccSvcHst_Seshlp_3952"="{57F1E1AA-99E3-4713-B2F0-31D987CFB67F}"
    "ccSvcHst_ccAppPlgMgr_18068"="{179FB2A0-F259-472E-8AC2-E06EA9BD2BF7}"
    "ccSvcHst_ccAppPlgMgr_3956"="{9AFCBCC1-B05C-470A-BF79-90C359F1399A}"
    "ccSvcHst_Seshlp_3956"="{9AFCBCC1-B05C-470A-BF79-90C359F1399A}"
    "ccSvcHst_Seshlp_3772"="{D2458DF0-418C-487A-9BA1-C51F205A765C}"
    "ccSvcHst_ccAppPlgMgr_3772"="{D2458DF0-418C-487A-9BA1-C51F205A765C}"
    "ccSvcHst_Seshlp_2840"="{C6AD64A6-2940-4D04-9A95-D82367DADB89}"
    "ccSvcHst_ccAppPlgMgr_2840"="{C6AD64A6-2940-4D04-9A95-D82367DADB89}"
    "ccSvcHst_Seshlp_3124"="{D0E94010-4D27-470F-8143-149D9EE6EC25}"
    "ccSvcHst_ccAppPlgMgr_3124"="{D0E94010-4D27-470F-8143-149D9EE6EC25}"
    "ccSvcHst_ccAppPlgMgr_3860"="{51286FA1-8234-431B-9333-BD6961781875}"
    "ccSvcHst_Seshlp_3860"="{51286FA1-8234-431B-9333-BD6961781875}"
    "ccSvcHst_ccAppPlgMgr_5420"="{9DE1BC6B-624C-4494-A665-64DEB9B1455E}"
    "ccSvcHst_ccAppPlgMgr_3924"="{E2CF2C5A-1556-41AB-AE8C-63ED495A9D3A}"
    "ccSvcHst_Seshlp_1944"="{94A51300-4BF4-4A5A-9DC0-04C8A7F845F6}"
    "ccSvcHst_ccAppPlgMgr_1944"="{94A51300-4BF4-4A5A-9DC0-04C8A7F845F6}"
    "ccSvcHst_ccAppPlgMgr_2668"="{5C258251-4432-429A-9A9D-8C940B8201D9}"
    "ccSvcHst_Seshlp_2668"="{5C258251-4432-429A-9A9D-8C940B8201D9}"
    "ccSvcHst_ccAppPlgMgr_3232"="{6EE58615-4F61-4750-A8A3-E28518979E8F}"
    "ccSvcHst_Seshlp_3232"="{6EE58615-4F61-4750-A8A3-E28518979E8F}"
    "ccSvcHst_ccAppPlgMgr_4980"="{53F84C79-EF95-4D1C-B8E4-99776B42A34E}"
    "ccSvcHst_Seshlp_3872"="{B5499978-BEC7-4445-BA0B-7C81F0B4689A}"
    "ccSvcHst_ccAppPlgMgr_3872"="{B5499978-BEC7-4445-BA0B-7C81F0B4689A}"
    "ccSvcHst_Seshlp_3756"="{47E30E4C-498E-4A6D-B6AC-0C44021EC40E}"
    "ccSvcHst_ccAppPlgMgr_3756"="{47E30E4C-498E-4A6D-B6AC-0C44021EC40E}"
    "ccSvcHst_ccAppPlgMgr_3700"="{577C926C-D7F6-47B6-A997-5ABF29A2FAE3}"
    "ccSvcHst_ccAppPlgMgr_1912"="{6B883793-64FE-4F3D-AF8C-6CD8A1C1B820}"
    "ccSvcHst_ccAppPlgMgr_3512"="{8984A459-169A-4EC2-9D29-4C64356C6501}"
    "ccSvcHst_Seshlp_3512"="{8984A459-169A-4EC2-9D29-4C64356C6501}"
    "ccSvcHst_Seshlp_3364"="{91B120E6-9D51-47F8-846C-8018E7FE28FE}"
    "ccSvcHst_ccAppPlgMgr_3364"="{91B120E6-9D51-47F8-846C-8018E7FE28FE}"
    "ccSvcHst_ccAppPlgMgr_1316"="{9E897B29-6651-43C5-9B13-237D199A983C}"
    "ccSvcHst_Seshlp_1316"="{9E897B29-6651-43C5-9B13-237D199A983C}"
    "ccSvcHst_ccAppPlgMgr_3844"="{EC9AEB92-9D9B-4061-B4C7-5BABCED40B4E}"
    "ccSvcHst_ccAppPlgMgr_3960"="{AF5820A5-AC75-4358-8E87-448E7E95CD15}"
    "ccSvcHst_Seshlp_3960"="{AF5820A5-AC75-4358-8E87-448E7E95CD15}"
    "ccSvcHst_Seshlp_3376"="{895DBA5E-544C-4528-B3AE-3BF4C525F238}"
    "ccSvcHst_ccAppPlgMgr_3376"="{895DBA5E-544C-4528-B3AE-3BF4C525F238}"
    "ccSvcHst_ccAppPlgMgr_3396"="{CCB40C96-08BB-40A8-96CE-B8FEFA60FE04}"
    "ccSvcHst_Seshlp_3396"="{CCB40C96-08BB-40A8-96CE-B8FEFA60FE04}"
    "ccSvcHst_ccAppPlgMgr_2132"="{E2B1AECB-FDB9-4D75-AC78-6E588E9FE32F}"
    "ccSvcHst_ccAppPlgMgr_2728"="{593667A3-90C3-4803-AC6B-E717C2D319F1}"
    "ccSvcHst_Seshlp_2728"="{593667A3-90C3-4803-AC6B-E717C2D319F1}"
    "ccSvcHst_ccAppPlgMgr_2160"="{C2D7869B-AB4E-4C73-901B-2CE8465C681C}"
    "ccSvcHst_ccAppPlgMgr_2636"="{9DA50A1A-8564-4095-9F68-3AC7AE65C087}"
    "ccSvcHst_Seshlp_2636"="{9DA50A1A-8564-4095-9F68-3AC7AE65C087}"
    "ccSvcHst_ccAppPlgMgr_4752"="{1F0BD970-FE0A-4D36-9B53-0F4615C3F4B0}"
    "ccSvcHst_ccAppPlgMgr_3784"="{605B231B-4FBA-410D-898C-5AB560F908A8}"
    "ccSvcHst_Seshlp_3784"="{605B231B-4FBA-410D-898C-5AB560F908A8}"
    "ccSvcHst_Seshlp_2224"="{37D892C0-75B3-48B1-A8BA-737E32EDA659}"
    "ccSvcHst_ccAppPlgMgr_2224"="{37D892C0-75B3-48B1-A8BA-737E32EDA659}"
    "ccSvcHst_ccAppPlgMgr_2616"="{445D9085-5FAF-4531-ADDB-5F6948CE5382}"
    "ccSvcHst_ccAppPlgMgr_2872"="{DF0947EA-65AF-4AAC-86BC-43AD387A2229}"
    "ccSvcHst_Seshlp_2872"="{DF0947EA-65AF-4AAC-86BC-43AD387A2229}"
    "ccSvcHst_ccAppPlgMgr_4020"="{88F2BAFC-58F1-4A50-A493-82946DD2B332}"
    "ccSvcHst_Seshlp_4020"="{88F2BAFC-58F1-4A50-A493-82946DD2B332}"
    "ccSvcHst_Seshlp_1892"="{3F6A4413-2F1F-4918-A84B-1BA818BA8B29}"
    "ccSvcHst_ccAppPlgMgr_1892"="{3F6A4413-2F1F-4918-A84B-1BA818BA8B29}"
    "ccSvcHst_ccAppPlgMgr_3420"="{EC2CBB43-0392-45E3-BA2B-381839F40EA7}"
    "ccSvcHst_Seshlp_3420"="{EC2CBB43-0392-45E3-BA2B-381839F40EA7}"
    "ccSvcHst_ccAppPlgMgr_4876"="{75AA5698-84D9-4734-B563-0EF91A61D90E}"
    "ccSvcHst_Seshlp_1400"="{67F68A57-C90B-4644-BB50-07E9BDC03F01}"
    "ccSvcHst_ccAppPlgMgr_1400"="{67F68A57-C90B-4644-BB50-07E9BDC03F01}"
    "ccSvcHst_ccAppPlgMgr_1864"="{E6C81773-AEFD-46C5-8BA9-F7E3F2ED05C2}"
    "ccSvcHst_Seshlp_3932"="{39DB2978-2FFB-415A-9470-F33561121CC0}"
    "ccSvcHst_ccAppPlgMgr_3932"="{39DB2978-2FFB-415A-9470-F33561121CC0}"
    "ccSvcHst_ccAppPlgMgr_4316"="{26727D2B-0FE2-4BED-ADD6-535BC1028745}"
    "ccSvcHst_Seshlp_4316"="{26727D2B-0FE2-4BED-ADD6-535BC1028745}"
    "ccSvcHst_Seshlp_4044"="{410E0D4E-74F7-44A6-9A28-45BB96B27D3C}"
    "ccSvcHst_ccAppPlgMgr_4044"="{410E0D4E-74F7-44A6-9A28-45BB96B27D3C}"
    "ccSvcHst_Seshlp_2888"="{F46AEAAC-7B6E-4624-AE66-E679BBFBF222}"
    "ccSvcHst_ccAppPlgMgr_2888"="{F46AEAAC-7B6E-4624-AE66-E679BBFBF222}"
    "ccSvcHst_ccAppPlgMgr_3500"="{76CCAA9B-B29D-4E6B-B1CD-0BB8A1E0D548}"
    "ccSvcHst_Seshlp_3500"="{76CCAA9B-B29D-4E6B-B1CD-0BB8A1E0D548}"
    "ccSvcHst_ccAppPlgMgr_3920"="{586DBB39-EB10-41A8-B0D5-4F93B5D0CAE5}"
    "ccSvcHst_Seshlp_3920"="{586DBB39-EB10-41A8-B0D5-4F93B5D0CAE5}"
    "ccSvcHst_ccAppPlgMgr_3980"="{61238F2A-B102-4EBC-ADBC-E4372A9718F8}"
    "ccSvcHst_Seshlp_3980"="{61238F2A-B102-4EBC-ADBC-E4372A9718F8}"
    "ccSvcHst_ccAppPlgMgr_724"="{BC766E8B-3B71-4ED2-BF1E-6D44EFD869AB}"
    "ccSvcHst_Seshlp_3892"="{A40D26FA-DA4B-4805-9054-7CFD98EF1FFB}"
    "ccSvcHst_ccAppPlgMgr_3892"="{A40D26FA-DA4B-4805-9054-7CFD98EF1FFB}"
    "ccSvcHst_ccAppPlgMgr_3888"="{A5ECA274-CADA-48F5-866E-1548065CD941}"
    "ccSvcHst_Seshlp_3888"="{A5ECA274-CADA-48F5-866E-1548065CD941}"
    "ccSvcHst_ccAppPlgMgr_3644"="{F3C4180B-1695-4BE1-B34C-4CC118B0487C}"
    "ccSvcHst_Seshlp_3644"="{F3C4180B-1695-4BE1-B34C-4CC118B0487C}"
    "ccSvcHst_ccAppPlgMgr_3404"="{2F4F7FE4-AA56-44CC-A0EA-65B785C6409D}"
    "ccSvcHst_Seshlp_2724"="{D1093C48-4A73-4AAF-B075-2054C9B0DAFA}"
    "ccSvcHst_ccAppPlgMgr_2724"="{D1093C48-4A73-4AAF-B075-2054C9B0DAFA}"
    "ccSvcHst_ccAppPlgMgr_3588"="{88AB3D2B-F2EE-402F-9222-70DBFACF7F20}"
    "ccSvcHst_ccAppPlgMgr_3836"="{4FD85DB9-585E-40DA-B168-DF3539C6EF3F}"
    "ccSvcHst_Seshlp_1268"="{601353B4-6A97-47B1-B28A-B0E40A4CFF73}"
    "ccSvcHst_ccAppPlgMgr_1268"="{601353B4-6A97-47B1-B28A-B0E40A4CFF73}"
    "ccSvcHst_ccAppPlgMgr_5812"="{58DF3B5E-87C9-4022-9A66-4F48C3081AB1}"
    "ccSvcHst_ccAppPlgMgr_2228"="{F98298E3-5C38-478A-A245-57A6BA7A0794}"
    "ccSvcHst_Seshlp_2228"="{F98298E3-5C38-478A-A245-57A6BA7A0794}"
    "ccSvcHst_ccAppPlgMgr_3800"="{627B9770-1B7E-4342-8A33-5379E268AD32}"
    "ccSvcHst_Seshlp_3800"="{627B9770-1B7E-4342-8A33-5379E268AD32}"
    "ccSvcHst_ccAppPlgMgr_1924"="{10317251-A6BC-4326-9D5B-D3F625251229}"
    "ccSvcHst_Seshlp_1924"="{10317251-A6BC-4326-9D5B-D3F625251229}"
    "ccSvcHst_Seshlp_2444"="{CDE4D3BD-021B-4AE9-BBC4-FF01BEA04CE1}"
    "ccSvcHst_ccAppPlgMgr_2444"="{CDE4D3BD-021B-4AE- - End Of File - - B1B8F4CBB9E3DBD167944F46EB0F5406
    No free lunch, and no free laptop ;)
  • Bogtrotter
    Bogtrotter Posts: 1,031 Forumite
    macman wrote: »
    One point-when I run HJT I'm getting a message 'Denied write access to the Hosts file', which makes me think that there is stil some infection there.

    Have you run HJT as administrator?

    Can you open the HOSTS file with Notepad to see what entries are in it (again making sure you run Notepad as Administrator)? Generally the only line without a # beginning is

    127.0.0.1 localhost

    Anything else could indicate some sort of blocking/redirect


  • macman
    macman Posts: 53,128 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    edited 29 March 2011 at 2:21PM
    If I right click on HJT I don't get an option to run as Administrator.
    Opening the HOSTS file, the only visible entry is
    127.0.0.1 localhost

    Edit: OK, now worked out how to run as Administrator. When I do that, it runs a normal HJT scan without the HOSTS warning. So can I assume the HOSTS file is OK?
    MBAM would not update in Normal Mode, (only in Safe Mode). I've now removed Norton360 and installed Kaspersky Internet Security, now it's updating OK. Doing full MBAM scan now.
    No free lunch, and no free laptop ;)
  • davb
    davb Posts: 1,293 Forumite
    macman wrote: »
    Opening the HOSTS file, the only visible entry is
    127.0.0.1 localhost

    Edit: OK, now worked out how to run as Administrator. When I do that, it runs a normal HJT scan without the HOSTS warning. So can I assume the HOSTS file is OK?
    If 127.0.0.1 is the only uncommented entry in the hosts file, then that's fine.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 347.1K Banking & Borrowing
  • 251.6K Reduce Debt & Boost Income
  • 451.7K Spending & Discounts
  • 239.4K Work, Benefits & Business
  • 615.2K Mortgages, Homes & Bills
  • 175K Life & Family
  • 252.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.