Hi there, recently I have been cleaning out old files and programs trying to keep the computer happy and ran updates and scans using all the anti- stuff on my computer, a self-made WinXP Pro SP3 machine with an Intel DG33TL board running 4 gigs of DDR2 RAM and Core Duo D6550 CPU. I cannot get into the Windows Security Center today and I don't know if it is something I did, or if there is malware blocking my access.
Several times in the past, I have noticed suspicious activitiy regarding ZoneAlarm and Ad-Aware going on and off by themselves or asking for permission to access the internet when they have just done so maybe an hour before. I sell on ebay and this invites people from around the world to "quest" into my computer.
This reason for this help request is that this morning, I woke up and found the computer on and monitor off after shutting it down before going to bed last night. Avast was not running, nor was ZoneAlarm, GuardedID, SuperAntiSpyware and several of the usual tray icons were missing as well. Yesterday, I uninstalled Ad-Aware to get ready to try something else. After finding this suspicious pattern this morning, re-installed Ad-Aware and ran the scan, but it only found 3 tracking cookies, no malware. Ran Malware Bytes yesterday and came up negative, too.
The consistent suspicious activity I usually see is that the keyboard hotkey for homepage internet mail one button sign on gets switched from my ISP provider homepage of Comcast.net to Outlook Express and I never use Outlook. If I go into the keyboard menu to check what's listed for the setting, it says comcast, not outlook.
Several times I have seen ZoneAlarm program settings for things I have not given permission to and suspect rootkits. One was pev-rkill.exe which was a pre-fetch file that replicated itself whenever I tried to rename it. You could actually see it add another file to the expanded folder as soon as you hit the enter button and it would rename itself something else. Sometimes, even rename itself onto a different pre-fetch file such as logon, etc. Naturally, run a malware scan and it came up negative.
After turning off several "Services" having to do with remote access and finding some of them turned back on again after several Windows updates, I started having this problem today of not being able to open up Windows Security Center to check settings. I click the icon and nothing happens. Click it again and the blue bar at the top of the screen flashes blue, then, to gray and nothing happens.
Am I infected with a rootkit? or have I accidentally turned off something in the Services section that needs to be on?
I run rkill.exe, and the other rkills and they don't find anything other than the usual run32dll.exe's that I can see, but I am not an expert with system files.
Any help you can give would be greatly appreciated. I'd like to feel secure that I don't have any keylogger programs running in the background.