[SOLVED] Freezing, Crashing IE7 & Vista.

[Amanda Regan]

Internet explorer keeps freezing and not responding, the only way I can stop it is by using the task manager which only works half the time. The other half it either "is not responding" or doesn't load.
One time when it froze my cpu was running at 100% but I wasn't doing anything that uses a lot of ram & I didn't have more than 3 tabs open.
This freezing happens at least twice an hour and seems to be getting more frequent.
I have 31.5GB free so I don't think thats the cause.
Please can someone help me stop this?

I have attached my HJT log
I'm running Vista Home Prem
IE 7
Norton Int Security
CCleaner
Windows Defender
AVG antispyware (free)

[Katana]

Quote:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Old version of HJT
You are running an older version of Hijack This.

Download HJTinstall.exe to your desktop

It is important that you uninstall any previous versions by using Add/Remove programs in your control panel
before installing a newer version.

• Double click on the HJTinstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click I accept
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Download and Run ComboFix

• Please Download ComboFix by sUBs
  
  
• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double Click on ComboFix.exe, and read the disclaimer
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper

[Amanda Regan]

Hi,
Thank you for replying.
I'm attaching the combifix and new hjt logs.
I'm also including the Active Panda scan that was recommended in the posting guidelines.

Mandi

[Katana]

There is no obvious malware showing, let's have a different scan.
Please can you post the log ratther than attaching it


Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

[Amanda Regan]

Hope this is correct.
(just remembered I've not been able to successfully restore to an earlier date as it says there is an error with sys restore but gives no further details).



Deckard's System Scanner v20071014.68
Run by Mandi on 2008-06-28 19:22:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
11: 2008-06-28 00:55:20 UTC - RP278 - Device Driver Package Install: Symantec Network Service
10: 2008-06-28 00:38:40 UTC - RP277 - Device Driver Package Install: Symantec Network Service
9: 2008-06-27 20:35:14 UTC - RP276 - ComboFix created restore point
8: 2008-06-26 19:09:25 UTC - RP275 - Removed Bonjour
7: 2008-06-26 19:08:34 UTC - RP274 - Removed Apple Software Update


-- First Restore Point --
1: 2008-06-25 16:01:43 UTC - RP268 - Windows Update


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1015 MiB (1024 MiB recommended).


-- HijackThis (run as Mandi.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-28 19:26:57
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Users\Mandi\Desktop\dss.exe
C:\Users\Mandi\Desktop\SECURITY\Mandi.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
C:\Windows\System32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.my.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {EA516A52-D223-47AF-80B3-DCDDEFD34BD0} (CPlayerCtl Object) - http://download.fra.real.com/dmgr/He...oadManager.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 9716 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ASLDRService (ASLDR Service) - c:\program files\atk hotkey\asldrsrv.exe <Not Verified; ; ADSMSrv>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 00:57:18 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{81995C17-AE68-49AA-9AB8-FDB788B1231E}.job
2008-06-23 21:15:59 546 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mandi.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 01:40:15 0 d-------- C:\Program Files\Norton Internet Security
2008-06-28 01:37:51 0 d-------- C:\Program Files\Symantec
2008-06-27 21:40:37 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-27 21:36:52 6736 --a------ C:\Windows\system32\drivers\PROCEXP90.SYS <Not Verified; Sysinternals - www.sysinternals.com; Process Explorer>
2008-06-27 21:34:46 68096 --a------ C:\Windows\zip.exe
2008-06-27 21:34:46 49152 --a------ C:\Windows\VFind.exe
2008-06-27 21:34:46 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-27 21:34:46 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-27 21:34:46 98816 --a------ C:\Windows\sed.exe
2008-06-27 21:34:46 80412 --a------ C:\Windows\grep.exe
2008-06-27 21:34:46 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-27 21:34:12 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-27 12:47:57 0 d-a------ C:\Users\All Users\TEMP
2008-06-27 12:47:42 0 d-------- C:\Program Files\SpywareBlaster
2008-06-27 12:26:29 0 d-------- C:\ie-spyad_zo
2008-06-27 10:32:08 0 d-------- C:\Program Files\Panda Security
2008-06-26 16:42:03 0 d-------- C:\Users\All Users\Tesco Photobook Creator
2008-06-25 16:41:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-25 10:23:08 0 d-------- C:\Program Files\IObit
2008-06-20 14:30:31 0 d-------- C:\Program Files\QuickTime
2008-06-20 14:30:25 0 d-------- C:\Users\All Users\Apple Computer
2008-06-06 19:47:20 0 d-------- C:\Users\All Users\Office Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2008-06-28 01:54:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-28 01:44:26 0 d-------- C:\Users\Mandi\AppData\Roaming\Symantec
2008-06-28 01:41:32 0 d-------- C:\Program Files\Common Files
2008-06-26 19:55:47 0 d-------- C:\Program Files\Common Files\Real
2008-06-26 19:55:34 0 d-------- C:\Program Files\Microsoft Works
2008-06-26 19:55:34 0 d-------- C:\Program Files\Google
2008-06-20 14:35:37 0 d-------- C:\Users\Mandi\AppData\Roaming\Apple Computer
2008-06-18 18:47:03 0 d-------- C:\Program Files\BWorks
2008-06-12 09:29:31 0 d-------- C:\Program Files\Windows Mail
2008-06-09 15:15:42 0 d-------- C:\Users\Mandi\AppData\Roaming\Mozilla
2008-06-09 15:15:41 0 d-------- C:\Users\Mandi\AppData\Roaming\RealNetworks
2008-06-09 15:14:45 0 d-------- C:\Program Files\Real
2008-06-04 14:05:58 0 d-------- C:\Program Files\Digsby
2008-05-21 16:40:30 0 d-------- C:\Users\Mandi\AppData\Roaming\Digsby
2008-05-20 16:46:16 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-20 16:29:27 0 d-------- C:\Program Files\Innovative Solutions
2008-05-09 18:25:37 174 --ahs---- C:\Program Files\desktop.ini
2008-05-09 18:13:08 0 d-------- C:\Program Files\Windows Sidebar
2008-05-09 18:13:08 0 d-------- C:\Program Files\Windows Calendar
2008-05-09 18:13:08 0 d-------- C:\Program Files\Movie Maker
2008-05-09 18:13:04 0 d-------- C:\Program Files\Windows Collaboration
2008-05-09 18:13:03 0 d-------- C:\Program Files\Windows Journal
2008-05-09 18:13:02 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-09 18:12:55 0 d-------- C:\Program Files\Windows Defender


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
07/02/2008 05:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
28/06/2008 01:41 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [07/02/2008 05:05 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [13/04/2007 15:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [25/03/2008 10:07]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [25/03/2008 10:07]
"Persistence"="C:\Windows\system32\igfxpers.exe" [25/03/2008 10:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/06/2008 16:40]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [26/01/2008 02:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [21/05/2007 10:48]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 08:33]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [19/12/2007 02:24]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\SETUP.EXE
configure\command- G:\SETUP.EXE
install\command- G:\SETUP.EXE

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-28 19:32:37 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 1014.63 MiB / 260.22 MiB
Pagefile Memory (total/avail): 2291.61 MiB / 1316.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.97 MiB

C: is Fixed (NTFS) - 55.89 GiB total, 30.35 GiB free.
E: is Fixed (NTFS) - 54.43 GiB total, 54.34 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2120BH ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 55.89 GiB - C:
\PARTITION2 - Installable File System - 54.43 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.5.0.23 (Symantec Corporation)
AV: Norton Internet Security v15.5.0.23 (Symantec Corporation)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v15.5.0.23 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Mandi\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MANDI-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Mandi
LOCALAPPDATA=C:\Users\Mandi\AppData\Local
LOGONSERVER=\\MANDI-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1601
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Mandi\AppData\Local\Temp
TMP=C:\Users\Mandi\AppData\Local\Temp
USERDOMAIN=Mandi-PC
USERNAME=Mandi
USERPROFILE=C:\Users\Mandi
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Mandi


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Accessibility --> C:\Program Files\InstallShield Installation Information\{2C544254-39F2-4ACA-B779-ABF7297C96CF}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced WindowsCare Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe 1.1 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bookworm Deluxe 1.13 --> C:\Program Files\PopCap Games\Bookworm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bookworm Deluxe\Install.log"
BT Yahoo! Applications --> C:\Program Files\Yahoo!\Common\uninstall.exe
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
DriverMax 3 --> "C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Google Toolbar for Internet Explorer --> MsiExec.exe /X{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HelixDownloadManager --> MsiExec.exe /I{A74F6A58-E994-4929-BB5D-F23BDA3BB64E}
HijackThis 1.99.1 --> C:\Users\Mandi\Desktop\SECURITY\HijackThis.exe /uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
myphotobook 3.1 --> C:\Program Files\myphotobook\uninst.exe
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Revo Uninstaller 1.50 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Manuals --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F4F4815-76AD-4B26-8763-72F3344041C2}\setup.exe" -l0x9 -removeonly
Toshiba Online Product Information --> C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem --> Tosmreg -U
TSP_CODEC --> C:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordWeb --> C:\Program Files\WordWeb\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type30687 / Success
Event Submitted/Written: 06/28/2008 07:03:00 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type30686 / Success
Event Submitted/Written: 06/28/2008 07:02:58 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type30685 / Success
Event Submitted/Written: 06/28/2008 07:02:58 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type30641 / Success
Event Submitted/Written: 06/28/2008 02:05:09 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type30640 / Success
Event Submitted/Written: 06/28/2008 02:05:07 AM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type89626 / Error
Event Submitted/Written: 06/28/2008 07:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Ricoh xD-Picture Card Driver%%1058

Event Record #/Type89625 / Error
Event Submitted/Written: 06/28/2008 07:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
rimsptsk%%1058

Event Record #/Type89624 / Error
Event Submitted/Written: 06/28/2008 07:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
rimmptsk%%1058

Event Record #/Type89617 / Error
Event Submitted/Written: 06/28/2008 07:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type89574 / Error
Event Submitted/Written: 06/28/2008 07:02:25 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos



-- End of Deckard's System Scanner: finished at 2008-06-28 19:32:37 ------------

[Katana]

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  Registry::
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

• Save this as CFScript.txt and place it on your desktop.
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.




Please try running a vanilla IE as follows:

• Start > All Programs > Accessories > System Tools - IE (No Add-Ons)

Let me know if that stops the freezing

[Amanda Regan]

I haven't run the vanilla IE as it hasn't frozen since I re-installed Norton last night. Once it happens again the first thing I will do is run that.

The log is below:


ComboFix 08-06-25.3 - Mandi 2008-06-28 20:05:15.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.341 [GMT 1:00]
Running from: C:\Users\Mandi\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mandi\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-28 19:22 . 2008-06-28 19:22 <DIR> d-------- C:\Deckard
2008-06-28 01:44 . 2008-06-28 01:44 <DIR> d-------- C:\Users\Mandi\AppData\Roaming\Symantec
2008-06-28 01:40 . 2008-06-28 01:43 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-06-28 01:38 . 2008-06-28 01:58 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-06-28 01:37 . 2008-06-28 01:58 <DIR> d-------- C:\Program Files\Symantec
2008-06-27 22:57 . 2008-06-27 22:57 274 --a------ C:\Windows\cdplayer.ini
2008-06-27 12:47 . 2008-06-28 02:10 <DIR> d-a------ C:\Users\All Users\TEMP
2008-06-27 12:47 . 2008-06-28 02:10 <DIR> d-a------ C:\ProgramData\TEMP
2008-06-27 12:47 . 2008-06-27 12:51 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-27 12:26 . 2008-06-27 12:26 <DIR> d-------- C:\ie-spyad_zo
2008-06-27 10:32 . 2008-06-27 10:32 <DIR> d-------- C:\Program Files\Panda Security
2008-06-26 16:42 . 2008-06-26 20:05 <DIR> d-------- C:\Users\All Users\Tesco Photobook Creator
2008-06-26 16:42 . 2008-06-26 20:05 <DIR> d-------- C:\ProgramData\Tesco Photobook Creator
2008-06-25 16:41 . 2008-06-25 16:41 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-25 10:23 . 2008-06-25 10:23 <DIR> d-------- C:\Program Files\IObit
2008-06-20 14:35 . 2008-06-20 14:35 <DIR> d-------- C:\Users\Mandi\AppData\Roaming\Apple Computer
2008-06-20 14:30 . 2008-06-26 20:07 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-20 14:30 . 2008-06-26 20:07 <DIR> d-------- C:\ProgramData\Apple Computer
2008-06-20 14:30 . 2008-06-20 14:32 <DIR> d-------- C:\Program Files\QuickTime
2008-06-14 17:02 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 17:02 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 17:02 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 17:02 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 20:30 . 2008-06-13 20:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-13 14:14 . 2008-06-13 14:14 24,112 --a------ C:\Windows\System32\drivers\SymIMV.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\Windows\System32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\Windows\System32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\Windows\System32\drivers\symdns.sys
2008-06-11 11:36 . 2008-05-10 04:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-11 11:36 . 2008-05-09 23:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-11 11:36 . 2008-05-09 23:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-11 11:35 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:35 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:35 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:35 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-09 15:15 . 2008-06-09 15:15 <DIR> d-------- C:\Users\Mandi\AppData\Roaming\RealNetworks
2008-06-06 19:47 . 2008-06-06 19:47 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-06-06 19:47 . 2008-06-06 19:47 <DIR> d-------- C:\ProgramData\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 00:59 --------- d-----w C:\ProgramData\Symantec
2008-06-28 00:58 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-28 00:58 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-28 00:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 18:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-26 18:55 --------- d-----w C:\Program Files\Microsoft Works
2008-06-26 18:55 --------- d-----w C:\Program Files\Google
2008-06-26 18:55 --------- d-----w C:\Program Files\Common Files\Real
2008-06-18 17:47 --------- d-----w C:\Program Files\BWorks
2008-06-12 08:29 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 14:14 --------- d-----w C:\Program Files\Real
2008-06-04 13:05 --------- d-----w C:\Program Files\Digsby
2008-05-21 15:40 --------- d-----w C:\Users\Mandi\AppData\Roaming\Digsby
2008-05-20 15:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 15:29 --------- d-----w C:\Program Files\Innovative Solutions
2008-05-09 17:25 174 --sha-w C:\Program Files\desktop.ini
2008-05-09 17:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-09 17:13 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-09 17:13 --------- d-----w C:\Program Files\Windows Journal
2008-05-09 17:13 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-09 17:13 --------- d-----w C:\Program Files\Windows Calendar
2008-05-09 17:12 --------- d-----w C:\Program Files\Windows Defender
2008-05-09 16:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-09 16:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-29 08:55 920,088 ----a-w C:\Windows\System32\igxpun.exe
2007-10-26 19:56 61,480 ----a-w C:\Users\Mandi\GoToAssistDownloadHelper.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-27_21.42.02.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 20:36:42 128,368 ----a-w C:\Windows\assembly\GAC_32\SymAddIn\15.0.0.1__ea8ad8cd626b3bac\SymAddIn.dll
+ 2008-06-28 00:41:57 128,368 ----a-w C:\Windows\assembly\GAC_32\SymAddIn\15.0.0.1__ea8ad8cd626b3bac\SymAddIn.dll
- 2008-06-27 18:26:35 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-28 18:02:19 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-26 19:05:02 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-06-28 00:55:51 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-26 19:05:01 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-06-28 00:55:51 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-06-26 19:05:01 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-06-28 00:55:51 143,360 ----a-w C:\Windows\inf\infstrng.dat
- 2008-01-04 20:32:15 7,406 ----a-r C:\Windows\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
+ 2008-06-28 00:37:57 7,406 ----a-r C:\Windows\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
- 2008-06-27 18:26:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-28 18:02:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-27 18:26:37 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-28 18:02:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-27 18:57:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-28 18:31:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-28 18:31:22 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-27 18:27:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-28 18:04:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-04-11 18:11:20 511,328 ----a-w C:\Windows\System32\capicom.dll
+ 2007-04-11 19:11:20 511,328 ----a-w C:\Windows\System32\capicom.dll
- 2008-06-27 18:27:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-28 18:20:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-27 18:27:17 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-28 18:20:10 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-27 18:27:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-28 18:20:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-08 23:39:56 36,056 ----a-w C:\Windows\System32\drivers\CO_Mon.sys
+ 2007-08-09 00:39:56 36,056 ----a-w C:\Windows\System32\drivers\CO_Mon.sys
- 2008-03-06 21:32:09 23,904 ----a-w C:\Windows\System32\drivers\COH_Mon.sys
+ 2008-03-06 20:32:09 23,904 ----a-w C:\Windows\System32\drivers\COH_Mon.sys
- 2007-11-30 23:57:12 279,088 ----a-w C:\Windows\System32\drivers\srtsp.sys
+ 2008-02-01 01:51:16 279,088 ----a-w C:\Windows\System32\drivers\srtsp.sys
- 2007-11-30 23:57:12 317,616 ----a-w C:\Windows\System32\drivers\srtspl.sys
+ 2008-02-01 01:51:16 317,616 ----a-w C:\Windows\System32\drivers\srtspl.sys
- 2007-11-30 23:57:12 43,696 ----a-w C:\Windows\System32\drivers\srtspx.sys
+ 2008-02-01 01:51:16 43,696 ----a-w C:\Windows\System32\drivers\srtspx.sys
- 2008-06-27 18:31:39 106,696 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-28 18:07:38 106,696 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-27 18:31:39 603,282 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-28 18:07:38 603,282 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-27 18:29:02 9,616 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1481789202-2031101475-3486593015-1000_UserData.bin
+ 2008-06-28 18:04:49 9,632 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1481789202-2031101475-3486593015-1000_UserData.bin
- 2008-06-27 18:29:01 64,570 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-28 18:04:49 64,704 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-27 18:28:57 49,852 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-28 18:04:45 50,672 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 05:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-28 01:41 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-21 10:48 433840]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 02:24 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 15:19 861744]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-25 10:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-25 10:07 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-25 10:07 133656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-25 16:40 185896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 02:47 51048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3BF76765-6488-43C3-AA2A-33B69110E4F8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{12354E50-52B8-4AEA-9E38-F1C3AE6AE327}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D4014C7C-5CCD-443A-AD00-4F0F7F7F0257}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6ECF579D-B845-439B-869C-89855F129B31}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B727E5C0-9457-4817-9664-72A1D3F002C5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC713B0F-692F-4D82-9320-807A6C34804B}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1363DEB7-BB70-4161-AAE7-0AF638CE5FFF}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{648705B1-80AA-4491-BF6D-DD0B20D1CD1A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2F0357BE-FD4E-4247-9657-5F54CA30EB80}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{B5AA0C02-794E-4AF1-8405-D0AE19BC034C}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
"TCP Query User{62BE3657-00BB-4E00-A9BC-A822E2DE1A43}C:\\windows\\lmi2b58.tmp\\lmi_rescue.exe"= UDP:C:\windows\lmi2b58.tmp\lmi_rescue.exe:LogMeIn Rescue
"UDP Query User{50B13D77-6DC2-4781-8599-9B501E0BA97A}C:\\windows\\lmi2b58.tmp\\lmi_rescue.exe"= TCP:C:\windows\lmi2b58.tmp\lmi_rescue.exe:LogMeIn Rescue
"TCP Query User{B02A95BB-058B-475F-B7FA-C305ABC2E469}C:\\users\\mandi\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\mandi\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{573D21E4-F4A1-44F5-BAA3-085095F2E25A}C:\\users\\mandi\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\mandi\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080623.001\IDSvix86.sys [2008-03-20 21:37]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 09:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 20:15:59 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Mandi.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-06-27 23:57:18 C:\Windows\Tasks\User_Feed_Synchronization-{81995C17-AE68-49AA-9AB8-FDB788B1231E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 20:08:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????":)QO??X?j???j???j???j?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-28 20:10:20
ComboFix-quarantined-files.txt 2008-06-28 19:10:00
ComboFix2.txt 2008-06-27 20:42:38

Pre-Run: 32,505,868,288 bytes free
Post-Run: 32,374,079,488 bytes free

225 --- E O F --- 2008-06-26 1013

[Katana]

Quote:

Originally Posted by Amanda Regan

I haven't run the vanilla IE as it hasn't frozen since I re-installed Norton last night. .

HA !!!!
That rings bells, I remember reading that some Norton user were having troubles.
I suspect that your problem is now solved with the re-install.
At least, I hope so, because I can't find anything else wrong

So .........

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u6
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 6 allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.

• Java(TM) 6 Update 3
  Java(TM) 6 Update 5
  Java(TM) SE Runtime Environment 6

Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

You can also delete any logs we have produced, and empty your Recycle bin.




The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/par...avwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

[Amanda Regan]

Hi,
The crashing & freezing seems to have stopped now (or at least gone down to windows usual levels).
I have followed your suggestions & downloaded a couple of progs I didn't have.
The re-installation of Norton seems to have been the fix so I suspect that was the cause. That or out of date drivers which I can hopefully update with a lot of help from Google.
Thanks again for your help & hopefully we will never need to communicate with each other again lol.

Mandi