Help! Can not get rid of WINTEMS.EXE!

Okay. Let's try to clean all Norton 360 leftovers.

First remove all Norton related items thru add/remove programs in control panel.

Then start hjt. Do a system scan, check following entries (if found):
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

Close browser windows before clicking 'fix checked'.


Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop. (If you are still unsure on how to do this there is a little tutorial with pictures here)
@echo off
sc stop ccEvtMgr
sc delete ccEvtMgr
sc stop ccSetMgr
sc delete ccSetMgr
sc stop CLTNetCnService
sc delete CLTNetCnService
sc stop comHost
sc delete comHost
sc stop LiveUpdate
sc delete LiveUpdate

Double-click on fixes.bat file to execute it.


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Finally delete following folders (if found):
C:\Program Files\Norton 360
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec


Post a fresh hjt log.
 
Hey Blade,

I cant delete C:\Documents and Settings\All Users\Application Data\Symantec

I get the following error message
errorsl7.png


I went into the symantec folder to try to manually delete the Quarantine and SrtETmp folders and I get similar error messages:
errorsl7.png


error2mw1.png



System performance issues:

Booting into safe mode results in a black screen that says "Safe Mode" in the corners of the screen, however Windows Explorer fails to load, and I'm left at a black screen.

When logging into Windows normally, I still get Windows Installer trying to run Sonic Update Manager which fails since it cant access the directory (I will post screen shots when I reboot next). Also windows is REALLY slow to load up the processes and get going, which it wasn't like prior to the Trojan.
 
Hi

I'd like to see a fresh hjt log after doing that entry fixing part in my previous post.

Post those screenshots related to sonic update manager if possible.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:17 PM, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1192763908828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10092 bytes


Here are the screen shots of the Sonic Update Manager errors:
http://img508.imageshack.us/img508/214/simerrorsea4.png

After hitting Cancel on the first error, the second pops up. Hitting cancel results in the third error popping up. Hitting cancel again takes you back to the first error message.
 
Hi

Download Windows Installer CleanUp utility here and install it according to the instructions there.

When installed start WIC utility and select Sonic Update Manager then click remove.


Please download combofix.exe again to your desktop. Delete previous ComboFix.exe if it still exists.

Run new ComboFix.exe and post back its log.
 
ComboFix 08-01-16.1 - Compaq_Administrator 2008-01-17 14:12:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 7
/wow section - STAGE 8
/wow section - STAGE 10
/wow section - STAGE 30A
/wow section - STAGE 31
/wow section - STAGE 33

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\basesrv.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 14:06 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-15 19:48 . 2008-01-15 19:48 <DIR> d----c--- C:\Program Files\Windows Installer Clean Up
2008-01-15 19:48 . 2008-01-15 19:48 <DIR> d----c--- C:\Program Files\MSECACHE
2008-01-15 14:09 . 2008-01-17 01:23 <DIR> d----c--- C:\Program Files\Norton 360
2008-01-15 14:07 . 2008-01-16 16:44 <DIR> d----c--- C:\Program Files\Symantec
2008-01-15 14:07 . 2008-01-15 14:11 115,000 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-15 14:07 . 2008-01-15 14:11 48,776 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-15 14:06 . 2008-01-17 01:24 <DIR> d----c--- C:\Program Files\Common Files\Symantec Shared
2008-01-15 13:58 . 2008-01-17 14:20 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 13:14 . 2008-01-16 22:35 <DIR> d----c--- C:\Program Files\Spyware Doctor
2008-01-15 13:14 . 2008-01-15 13:14 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\PC Tools
2008-01-15 13:14 . 2008-01-15 13:14 74,240 --a--c--- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-15 13:14 . 2008-01-15 13:14 56,832 --a--c--- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-15 13:14 . 2007-10-18 00:14 41,288 --a--c--- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-15 13:14 . 2007-10-18 00:16 29,000 --a--c--- C:\WINDOWS\system32\drivers\kcom.sys
2008-01-15 12:09 . 2008-01-15 13:16 51,355 --a--c--- C:\WINDOWS\system32\muzika.xm
2008-01-15 11:22 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2008-01-15 11:20 . 2008-01-15 11:20 15,852,952 --a--c--- C:\Program Files\jre-6u4-windows-i586-p.exe
2008-01-15 11:19 . 2008-01-15 11:20 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\.SunDownloadManager
2008-01-15 01:02 . 2008-01-15 07:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-01-15 00:29 . 2008-01-15 00:29 2,154 --a--c--- C:\WINDOWS\system32\tmmute.ini
2008-01-15 00:27 . 2008-01-15 00:27 <DIR> d----c--- C:\Program Files\CCleaner
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-12 15:25 . 2008-01-15 07:09 <DIR> d----c--- C:\Program Files\Trend Micro
2008-01-12 15:22 . 2008-01-12 20:29 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\HouseCall 6.6
2008-01-12 13:48 . 2008-01-12 13:48 <DIR> d----c--- C:\WINDOWS\RegistryBooster 2
2008-01-12 13:48 . 2008-01-12 13:48 <DIR> d----c--- C:\Program Files\RegistryBooster 2
2008-01-12 12:31 . 2008-01-12 21:38 <DIR> d----c--- C:\Program Files\Uniblue
2008-01-12 12:31 . 2008-01-12 21:38 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
2008-01-12 12:31 . 2008-01-12 12:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-11 17:03 . 2008-01-11 17:03 268 --ah-c--- C:\sqmdata06.sqm
2008-01-11 17:03 . 2008-01-11 17:03 244 --ah-c--- C:\sqmnoopt06.sqm
2008-01-10 12:23 . 2008-01-10 17:01 512 --a--c--- C:\drmHeader.bin
2008-01-09 12:18 . 2008-01-09 12:18 268 --ah-c--- C:\sqmdata05.sqm
2008-01-09 12:18 . 2008-01-09 12:18 244 --ah-c--- C:\sqmnoopt05.sqm
2008-01-09 08:59 . 2008-01-09 08:59 268 --ah-c--- C:\sqmdata04.sqm
2008-01-09 08:59 . 2008-01-09 08:59 244 --ah-c--- C:\sqmnoopt04.sqm
2008-01-07 00:17 . 2008-01-07 00:17 268 --ah-c--- C:\sqmdata03.sqm
2008-01-07 00:17 . 2008-01-07 00:17 244 --ah-c--- C:\sqmnoopt03.sqm
2008-01-07 00:13 . 2008-01-07 00:13 268 --ah-c--- C:\sqmdata02.sqm
2008-01-07 00:13 . 2008-01-07 00:13 244 --ah-c--- C:\sqmnoopt02.sqm
2008-01-06 22:42 . 2008-01-06 22:42 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\???????sAppData
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d----c--- C:\Program Files\Common Files\EasyInfo
2008-01-06 11:12 . 2008-01-06 11:12 <DIR> d----c--- C:\Program Files\Electronic Arts
2007-12-22 12:04 . 2007-12-22 12:04 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\Sony Corporation
2007-12-20 14:53 . 2007-12-20 14:57 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\DAEMON Tools
2007-12-20 14:52 . 2007-12-20 14:53 <DIR> d----c--- C:\Program Files\DAEMON Tools Lite
2007-12-19 22:27 . 2007-12-19 22:27 715,248 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2007-12-19 11:27 . 2007-12-19 11:27 <DIR> d----c--- C:\My Recorder
2007-12-19 11:27 . 2007-12-19 11:27 194 --a--c--- C:\WINDOWS\WAVrj.ini
2007-12-19 11:26 . 2007-12-19 11:26 <DIR> d----c--- C:\Program Files\HiFisoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 18:19 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-01-17 05:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-17 04:40 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-17 04:40 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-15 18:11 806 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-15 18:11 8,014 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-15 15:22 --------- dc----w C:\Program Files\Java
2008-01-15 10:49 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\MegauploadToolbar
2008-01-15 04:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 17:39 --------- dc----w C:\Program Files\Return to Castle Wolfenstein
2008-01-13 01:45 --------- dc----w C:\Program Files\eMule
2008-01-12 20:01 --------- dc----w C:\Program Files\Call of Duty
2008-01-12 00:18 --------- dc----w C:\Program Files\Registry Repair
2008-01-09 12:45 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead
2008-01-09 12:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-09 12:00 --------- dc----w C:\Program Files\Total Video Converter
2008-01-07 21:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-07 02:42 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\???????sAppData
2008-01-06 15:12 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:17 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Skype
2007-12-19 15:19 --------- dc----w C:\Program Files\Mp3 My Mp3 2.0
2007-12-14 23:49 --------- dc----w C:\Program Files\DVD Shrink
2007-12-13 17:21 3,186 -c--a-w C:\WINDOWS\system32\tmp.reg
2007-12-13 05:47 --------- dc----w C:\Program Files\MegauploadToolbar
2007-12-07 19:13 --------- dc----w C:\Program Files\Activision
2007-12-07 17:29 --------- dc----w C:\Program Files\Raven
2007-12-07 03:07 --------- dc----w C:\Program Files\DivX
2007-12-06 14:33 --------- dc----w C:\Program Files\GameShadow
2007-12-06 14:23 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-06 14:09 --------- dc----w C:\Program Files\Eidos
2007-12-04 20:37 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
2007-12-04 20:36 --------- dc----w C:\Program Files\VideoLAN
2007-12-04 01:33 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll
2007-12-03 14:26 --------- dc----w C:\Program Files\Common Files\Ahead
2007-12-03 14:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-11-30 03:36 520,192 -c--a-w C:\WINDOWS\system32\hitman_ss.scr
2007-11-29 22:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-23 16:42 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2007-11-23 03:45 --------- dc----w C:\Program Files\UnH Solutions
2007-11-13 05:39 33,540 -c--a-w C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe
2007-11-07 09:26 721,920 -c----w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 17:17 54,824 -c--a-w C:\WINDOWS\agrsmdel.exe
2007-10-29 22:35 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 21:40 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 07:57 16,855,552 -c--a-w C:\WINDOWS\RTHDCPL.EXE
2007-10-19 04:04 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-19 01:51 163,206 -c--a-w C:\WINDOWS\Audio Converter Pro Uninstaller.exe
2007-10-19 00:43 315,392 -c--a-w C:\WINDOWS\HideWin.exe
2007-10-18 15:31 51,224 -c--a-w C:\WINDOWS\system32\sirenacm.dll
2006-02-19 17:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 09:15 1359872]
"Uniblue RegistryBooster 2"="C:\Program Files\RegistryBooster 2\RegistryBooster.exe" [2007-10-08 16:26 1863960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 05:12 1077248]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 05:11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 02:50 221184]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 21:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 21:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 21:50 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-25 14:46:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-05-25 15:35:02]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TP CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"


.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 01:38:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-13 01:38:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-12 16:47:47 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-18 23:38:44 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 14:21:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\WINDOWS\system32\basesrv.dll
.
Completion time: 2008-01-17 14:22:51 - machine was rebooted [Compaq_Administrator]
ComboFix-quarantined-files.txt 2008-01-17 18:22:49
.
2008-01-09 16:04:10 --- E O F ---
 
Hi

Navigate into C:\QooBox\Quarantine\C\WINDOWS\system32 if found. Then copy basesrv.dll file to C:\Windows\system32 folder.


Install Recovery Console by following instructions here.


Did you have success with Norton reinstallation? Some other problems still?
 
Hey Blade,

Norton360 is being a bitch. I keep getting the error that I previously mentioned about the error during activation. I run the removal from Add/Remove programs, it gets to 100% and stalls, and when I run the Norton Removal Tool it also stalls, creates several error messages and kills the operating system forcing a reboot.

Now I believe I've narrowed the Norton360 issues down to the Quarantine folder and SrtETmp folder in C:\Documents and Settings\All Users\Application Data\Symantec\SrtETmp

I cannot delete them and i cannot open either and because they're still on the system, Norton360 wont install properly.

I'll get to those other steps you posted in about an hour.
 
Blade81 said:
Hi

Navigate into C:\QooBox\Quarantine\C\WINDOWS\system32 if found. Then copy basesrv.dll file to C:\Windows\system32 folder.


Install Recovery Console by following instructions here.


Did you have success with Norton reinstallation? Some other problems still?
Click to expand...

The basesrv.dll is showing up as basesrv.dll.vir and is listed as a VIR file type.
 
Blade81 said:
Hi

Install Recovery Console by following instructions here.
Click to expand...

I can not install Recovery Console as I do not have the Windows installation disc as talked about at the link you provided. My Windows XP Media Center Edition 2005 came stock on my PC. I never received the installation disc from the manufacturer.
 
Hi

Following set of instructions is for installing recovery console when cd is not available.

First I want to say that you need to wait for my reply after doing following part since it will result to a log which I have to see before you're allowed to boot system. It's almost midnight here in Finland. So, I won't be able to reply until after 12hrs. If you think this is too long time we can do this step tomorrow. :)

First delete old ComboFix.exe files on your desktop.

When old versions are deleted download the latest copy of ComboFix.exe => http://download.bleepingcomputer.com/sUBs/ComboFix.exe to your desktop.


Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
KB310994.gif


Download the file & save it as it's originally named, next to ComboFix.exe.

rc1.gif



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
 
Hey,

I did what you said in your post above, however, no log is generated and i keep getting the message that the recovery console is already installed
 
Hey

Earlier version of CF had bug which caused message "WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!" though recovery console was actually installed and vice versa. Since you got message that console is already installed I believe that was the CF version with the bug. So, no need to try that one anymore. :)

Guess that leaves Norton problem only existing one.

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Open OTMoveIt.exe.
In the left pane where it says:
Paste List of Files/Folders to be Moved
, copy and paste next part:

C:\Documents and Settings\All Users\Application Data\Symantec

Then click the MoveIt button below.
In case you get a
Bad Image
error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply.
 
The computer needed to reboot to complete the file transfer

Folder move failed. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine scheduled to be moved on reboot.
Folder cleanup failed. C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP scheduled to be deleted on reboot.
Folder cleanup failed. C:\Documents and Settings\All Users\Application Data\Symantec scheduled to be deleted on reboot.

Created on 01/18/2008 17:05:11
 
No they did not get deleted.

I was curious about the .vir file extension that I discovered a few posts back, and after some further investigation of my own, discovered that its possibly a virus infected file.
 
Hi

You mean those files in Kaspersky log? Is I told those are in c:\qoobox folder which is ComboFix quarantine folder. You can delete it.

I recommend to post Pc Pitstopforums and ask there for help reinstalling Norton since they have persons with experience of it. We're mainly concentrating on malware removing here.


Below you'll find some tips for the future.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



We need to re hide system files. To do so, please follow the steps below:
  1. Double-click My Computer.
  2. Click the Tools menu, and then click Folder Options.
  3. Click the View tab.
  4. Put a check by
    Hide file extensions for known file types.
  5. Under the
    Hidden files
    folder, select
    Show hidden files and folders.
  6. Check
    Hide protected operating system files.
  7. Click Apply, and then click OK.


Next we remove all used tools.

  • Double-click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 4.
  • Scroll down to where it says
    The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Download Adaware
    Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial
    The program is available for download here
  • Download Spybot
    Spybot is a scanner like adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and pretection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
    To see how to set this up as well as more spybot features, see here
    Spybot can be downloaded at this location
  • Download SpywareBlaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    SpywareBlaster tutorial
  • Download iespyad
    It puts many bad webpages on your restricted zones list. This means that you can still view the
    bad
    webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
    If you need help understanding how it works, there is a tutorial here
    Download it here
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the spybot and adaware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
You must log in or register to reply here.
Back
Top