Jump to content
GreaseSpot Cafe

Network Nazi Problems


Belle
 Share

Recommended Posts

I was doing a search on Google and clicked on one of the links when my computer started doing crazy stuff. I ran AdAware and it found a bunch of components, but was not able to remove some of them.

Now every web page I go to that has the words "work", "love" and some others shows those words as links (I clicked on one of the words here at GSpot before I realized it wasn't supposed to be doing that.)

When I go to my Google toolbar to do a search frequently, but not always a website www. enhancemysearch .com don't go there!! pops up with results to the term I was searching for.

I can log onto my Yahoo e-mail and read the e-mails, but I can not type in the message area at all. I can't respond or compose e-mails because of this.

I downloaded SpyBot, but I can't install it because I have to be logged on as an administrator to do that and I'm not.

I'd like to fix this on my own without alerting the Network Nazi to my problem. Does anyone have any suggestions?

Link to comment
Share on other sites

Are you using XP Home or XP Professional? Sounds like you got infested with a good case of Spyware.

Do you have virus protection and is it updated with all the latest downloads from the manufacturer?

Do you have SP 2 installed and all other Windows Updates?

Need more info.

Link to comment
Share on other sites

Hmmmmm....

Very interesting...

Because my virus protection, my firewall and my SpyBot all show 4 files of spyware...but none of them can or will do anything about these ....ers.

And they're messing with my graphics programs big time.

So how do I remove them in safe mode? Just go there and then what?

Link to comment
Share on other sites

Maybe you do not have Administrative rights. I suspect you are using XP home. Try going into Control Panel under Users and make sure you are computer Administrator. If yo are a Limited User you may not have success in removing stuff. (And there is a way to log in as Administrator under XP Home.)

I like Pawtuckets idea of removing while in Safe Mode too. (Hi Pawtucket, how are you?)

When I battle Spyware I first unplug myself from the Internet until I am done. Otherwise the spyware may try to go out for reinforcements. icon_biggrin.gif:D-->

If Norton or Spybot does not remove those, try to remove them manually. Both programs should give you and indication of where they are. Couldn't hurt to just go to that place and try DELETE.

Now concerning your graphics, I am skeptical that Spyware would interfere with graphics. That is usually hardware related but I do not claim to be an expert.

Again without more info it is difficult to diagnose. What is it doing? What kind of graphics card do you have if any? Make sure your refresh rate is set to 75 unless it is a flat monitor. Make sure your Screen Resolution and Color Quality settings are adjusted correctly.

Link to comment
Share on other sites

yougotout, I think she's talking about her work computer, so she probably can't log in as administrator.

cw, start your computer in safe mode and just delete the EXE files and the DLL files (if any) associated with the spyware. The fix for some types of spyware is to change the registry settings for some keys while in safe mode.

Your best bet is to do an internet search for the particular spywares that are plaguing you.

Link to comment
Share on other sites

Thanks y'all! I am talking about my work computer.

I'm not sure how to reimage the computer, Steve!, but I do know I have ghost copies and they have set my computer back before.... I just don't know if I have to have administrator rights to do that as well.

I will try the safe mode thingy when I leave tonight and see if that helps. I hope it does!

Thanks so much!

Here's part of the log from my AdAware scan:

Lavasoft Ad-Aware Personal Build 1.01

Logfile created on:Wednesday, October 20, 2004 9:36:47 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R11 07.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy(TAC index:8):1 total references

DyFuCA(TAC index:3):1 total references

istbar(TAC index:6):2 total references

MRU List(TAC index:0):17 total references

SecondThought(TAC index:4):1 total references

TopMoxie(TAC index:3):1 total references

TVMedia(TAC index:5):1 total references

VirtualBouncer(TAC index:5):1 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Reffile status:

=========================

Definitions File Loaded:

Reference Number : SE1R11 07.10.2004

Internal build : 16

File location : C:Program FilesLavasoftAd-Aware SE Personaldefs.ref

File size : 353470 Bytes

Total size : 1162664 Bytes

Signature data size : 1138651 Bytes

Reference data size : 23501 Bytes

Signatures total : 31468

Fingerprints total : 206

Fingerprints size : 9362 Bytes

Target categories : 15

Target families : 579

(Requires Ad-Aware SE or higher)

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:41 %

Total physical memory:522224 kb

Available physical memory:213324 kb

Total page file size:1276052 kb

Available on page file:1063852 kb

Total virtual memory:2097024 kb

Available virtual memory:2033248 kb

OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

Extended Ad-Aware Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Obtain command line of scanned processes

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

10-20-2004 9:36:47 AM - Scan started. (Custom mode)

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [explorer.exe]

FilePath : C:WINDOWS

Command Line : C:WINDOWSExplorer.EXE

ProcessID : 1520

ThreadCreationTime : 10-20-2004 1:09:09 PM

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

#:2 [hkcmd.exe]

FilePath : C:WINDOWSSystem32

Command Line : "C:WINDOWSSystem32hkcmd.exe"

ProcessID : 456

ThreadCreationTime : 10-20-2004 1:09:11 PM

BasePriority : Normal

FileVersion : 3,0,0,2104

ProductVersion : 7,0,0,2104

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : HKCMD.EXE

#:3 [directcd.exe]

FilePath : C:Program FilesRoxioEasy CD Creator 5DirectCD

Command Line : "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"

ProcessID : 176

ThreadCreationTime : 10-20-2004 1:09:11 PM

BasePriority : Normal

FileVersion : 5.3.4.21

ProductVersion : 5.3.4.21

ProductName : DirectCD

CompanyName : Roxio

FileDescription : DirectCD Application

InternalName : DirectCD

LegalCopyright : Copyright © 2001,2002, Roxio, Inc.

OriginalFilename : Directcd.exe

#:4 [ccapp.exe]

FilePath : C:Program FilesCommon FilesSymantec Shared

Command Line : "C:Program FilesCommon FilesSymantec SharedccApp.exe"

ProcessID : 440

ThreadCreationTime : 10-20-2004 1:09:11 PM

BasePriority : Normal

FileVersion : 2.2.0.577

ProductVersion : 2.2.0.577

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

#:5 [vptray.exe]

FilePath : C:PROGRA~1SYMANT~2

Command Line : "C:PROGRA~1SYMANT~2VPTray.exe"

ProcessID : 1200

ThreadCreationTime : 10-20-2004 1:09:11 PM

BasePriority : Normal

FileVersion : 9.0.0.338

ProductVersion : 9.0.0.338

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus

LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:6 [osa.exe]

FilePath : C:Program FilesMicrosoft OfficeOffice

Command Line : "C:Program FilesMicrosoft OfficeOfficeOSA.EXE" -b

ProcessID : 656

ThreadCreationTime : 10-20-2004 1:09:12 PM

BasePriority : Normal

#:7 [wzqkpick.exe]

FilePath : C:Program FilesWinZip

Command Line : "C:Program FilesWinZipWZQKPICK.EXE"

ProcessID : 1900

ThreadCreationTime : 10-20-2004 1:09:12 PM

BasePriority : Normal

FileVersion : 1.0 (32-bit)

ProductVersion : 8.1 (4319)

ProductName : WinZip

CompanyName : WinZip Computing, Inc.

FileDescription : WinZip Executable

InternalName : WZQKPICK.EXE

LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2001 - All Rights Reserved

LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc

OriginalFilename : WZQKPICK.EXE

Comments : StringFileInfo: U.S. English

#:8 [outlook.exe]

FilePath : C:Program FilesMicrosoft OfficeOffice

Command Line : "C:Program FilesMicrosoft OfficeOfficeOUTLOOK.EXE"

ProcessID : 2328

ThreadCreationTime : 10-20-2004 1:09:20 PM

BasePriority : Normal

#:9 [mapisp32.exe]

FilePath : C:WINDOWSSystem32

Command Line : MAPISP32.EXE -000091803799A76

ProcessID : 2352

ThreadCreationTime : 10-20-2004 1:09:20 PM

BasePriority : Normal

FileVersion : 5.5.1960.0

ProductVersion : 5.5

ProductName : Microsoft Exchange

CompanyName : Microsoft Corporation

FileDescription : Microsoft Windows™ Messaging Subsystem Spooler

InternalName : MAPISP32

LegalCopyright : Copyright © 1986-1997 Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : MAPISP32.EXE

#:10 [iexplore.exe]

FilePath : C:Program FilesInternet Explorer

Command Line : "C:Program FilesInternet ExplorerIEXPLORE.EXE"

ProcessID : 3100

ThreadCreationTime : 10-20-2004 1:23:58 PM

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...