Greetings, aquamango!
It sounds as though your system has been invaded by scumware -- also
known as adware, spyware, and malware. This type of program will
frequently disable certain functions of Windows in attempt to make it
as difficult as possible for the user to eradicate it.
Please download, install, and run the following free anti-scumware utilities:
Spybot Search & Destroy
http://security.kolla.de/index.php?lang=en&page=download
Start up Spybot Search & Destroy. Pull down the "Help" menu and select
"About". You should see
Spybot Search & Destroy 1.3
Latest detection update: 2004-06-23.
If your settings for either of these do not match, click the "Update"
icon menu on the left-hand side of the screen, and then click on
"Search for Updates" near the top of the page. You'll need to exit
Spybot and restart it to check the "About" information page. If this
doesn't work, you may need to uninstall Spybot, and then download and
install the latest version. Once you have the latest Version and
Detection Update, try running Spybot again and remove the recommended
items.
AdAware
http://www.lavasoft.de/support/download
Start up AdAware. In the bottom right-hand corner, it should say
"AdAware 6.0 Personal, Build 6.181". Up above, under "Initialization
Status", it should say "Reference file 01R331 08.07.2004 loaded". If
your settings for either of these do not match, click "Check for
updates now". Once the update has completed, if one or both of these
still doesn't match the settings I listed, you may need to uninstall
AdAware, and then download and install the latest version. Once that's
installed, be sure to click "Check for updates now" to get the latest
reference files. Once you have the latest Build and Reference file,
try running AdAware again and remove any recommended items.
*** IMPORTANT ***
The first time you run them, or if you already have Spybot and/or
AdAware installed on your PC, be sure to download the latest updates
first **each time you run them**.
*****************
Once you've done those, shut down your computer and restart.
Then download and run CoolWebShredder (scroll down):
http://www.spywareinfo.com/~merijn/downloads.html
When you start up CoolWebShredder, it should say Version 1.59.1 .
Then shut down your computer and restart.
Something to keep in mind is that even if these programs give your
system a "clean bill of health", it does *not* mean that you can be
absolutely sure that your system is clean. It is only a *reasonable
assurance* that it is clean.
You don't say what AntiVirus program you are running. You will want to
be sure to get the latest detection updates for your AntiVirus program
by running your system's LiveUpdate process.
It's also VERY important to continue to check with Microsoft
periodically and make sure that you have installed any new
security-related patches that have been released. Go to the following
site and download and install any critical updates which it may say
that you need:
http://v4.windowsupdate.microsoft.com/en/default.asp
Before Rating my Answer, if you have any Questions about the above
information, please post a Request for Clarification, and I will be
glad to see what I can do for you.
Please let me know whether you are able to resolve your problem, or
whether you need more assistance.
Regards,
aceresearcher |
Request for Answer Clarification by
aquamango-ga
on
09 Jul 2004 10:22 PDT
Hello aceresearcher,
Thank you for trying to answer my question.
Please notice that this question is very specific, and that also I've
specified that I already use spyware/adware removers aswell as Anti
Viruses.
"Running Windows 2000 SP4, with latest patches, security fixes, scanned
for viruses/trojans/adware/spyware/etc, defragmented & checked the
drives,etc."
I use Adware & SpyBot S&D, CyberScrub and AVG on a daily basis. Im not
an expert, but not a novice neither.
Thank you for your suggestion nevertheless, but would it be possible
to find a specific answer by searching the hundreds of pages
Google.com provides?
Thank you so much.
|
Clarification of Answer by
aceresearcher-ga
on
09 Jul 2004 11:28 PDT
Sorry, your original Question did not mention any *specific*
information regarding the methods that you've already tried. It's
quite common for Customers who ran AdAware and Spybot to discover that
they didn't have the most recent version.
- Did you verify that your version numbers match those that I listed?
Spybot Search & Destroy 1.3
Latest detection update: 2004-06-23
AdAware 6.0 Personal, Build 6.181
Reference file 01R331 08.07.2004
- Did you download and run CoolWebShredder?
I'll do some Googling; however, bear in mind that the same virus or
worm can have different side effects based on each individual system's
configuration, and the first symptom other people notice may not be
the first one that you noticed.
In the meantime, download HijackThis! (scroll down)
http://www.spywareinfo.com/~merijn/downloads.html
the version should be 1.97.7
Run HijackThis! and post a copy of your log here.
Patience is the big key on this type of problem, and I'll stick with
you until we get it resolved.
ace
|
Request for Answer Clarification by
aquamango-ga
on
09 Jul 2004 18:33 PDT
Hello,
Here is the HijackThis log you've requested.
I've added some comments which are formatted as :
// Comments
Let me know if this gives you any ideas:
Logfile of HijackThis v1.98.0
Scan saved at 9:32:50 PM, on 7/9/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe // Session Manager System Service
C:\WINNT\system32\winlogon.exe // Windows Logon System Service
C:\WINNT\system32\services.exe // Services System Service
C:\WINNT\system32\lsass.exe // LSASS System Service
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe // AVG Anti Virus Service
C:\WINNT\system32\crypserv.exe // ???
C:\Program Files\DriveCrypt\DcrServ.exe // Drive Crypt Application Service
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe // EPSON (Printer) Agent
C:\WINNT\system32\nvsvc32.exe // NVIDIA (Video Card) Driver
C:\WINNT\system32\regsvc.exe // Remote Registry Service
C:\WINNT\Explorer.EXE // Explorer Shell
C:\WINNT\system32\internat.exe // International Support
C:\Program Files\DriveCrypt\DriveCrypt.exe // Application Commercial
(Drive Crypt)
C:\Program Files\ID-Blaster Plus\idblasterplus.exe // Application (Normal)
C:\WINNT\system32\ZoneLabs\vsmon.exe // ZoneAlarm Component
C:\Program Files\internet explorer\dw15.exe // MS Internet Explorer
Error Reporter
C:\WINNT\system32\cmd.exe // Command Prompt (Visible)
C:\HijackThis.exe // Hijack File
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install // NVIDIA Related (Graphics Driver)
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [DriveCrypt Startup] C:\Program
Files\DriveCrypt\DriveCrypt.exe /WS
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent // HL Client (Game)
O4 - Startup: goScreen.exe.lnk = C:\Program Files\goScreen\goScreen.exe
O4 - Startup: Quick To-Do PRO.lnk = S:\APP\QuickTo-DoPro\qtodopro.exe
O4 - Global Startup: ID-Blaster Plus.lnk = C:\Program Files\ID-Blaster
Plus\idblasterplus.exe // OK'ed program
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
Labs\ZoneAlarm\zonealarm.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} -
C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: NVDESK32.DLL
|
