Networked and Slaved

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

PawKat

Thread Starter
Joined
Jan 16, 2006
Messages
3
My computer has been hijacked and my permissions have been relegated to a subservient role. It has been networked and a server has been installed and I cannot remove my machine from the network nor control who connects or runs the server. The network adapters cannot be uninstalled nor permanently disabled. I have used five different computers with different operating systems including a Mac laptop. All systems have been either rendered inoperable or taken over. I have spent hundreds of dollars taking the computers to technicians and be declared clean only to plug them in at home and immediately have the same thing happen. I have put new HD'S in and taken the CMOS' battery out reverting to default and installing a new Windows Home Edition service pack 2 OS only to have the same experience with networked controlled results. I have tried numerous firewalls and virus protections, ie.., Norton, Mcaffee, Nod32, Zone Alarm, AVG, Sygate, et., al, none could get to the core prroblem. I know this sounds like the Twilight Zone, but believe me this experience is very real and has been ongoing for four months. I downloaded HJT and could run the first scan but none of the Misc. Tools scans would scan. I booted into safe mode and scanned and fixed all 34 listings and rebooted only to have the deleted items reinstalled. If anyone has any clues as to how to eliminate this nightmare I would be very grateful.


Logfile of HijackThis v1.99.1
Scan saved at 10:34:59 PM, on 1/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cavenet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

PawKat

Thread Starter
Joined
Jan 16, 2006
Messages
3
Hello Steve,
Thanks for your interest. The scan that I sent in is the scan that I saw and deleted in safe mode. I have a start menu scan if that would help?
CD
 

PawKat

Thread Starter
Joined
Jan 16, 2006
Messages
3
I posted this request before and got an answer froom Steve requesting more info and then the thread dissapeared?? "My computer has been hijacked and my permissions have been relegated to a subservient role. It has been networked and a server has been installed and I cannot remove my machine from the network nor control who connects or runs the server. The network adapters cannot be uninstalled nor permanently disabled. I have used five different computers with different operating systems including a Mac laptop. All systems have been either rendered inoperable or taken over. I have spent hundreds of dollars taking the computers to technicians and be declared clean only to plug them in at home and immediately have the same thing happen. I have put new HD'S in and taken the CMOS' battery out reverting to default and installing a new Windows Home Edition service pack 2 OS only to have the same experience with networked controlled results. I have tried numerous firewalls and virus protections, ie.., Norton, Mcaffee, Nod32, Zone Alarm, AVG, Sygate, et., al, none could get to the core prroblem. I know this sounds like the Twilight Zone, but believe me this experience is very real and has been ongoing for four months. I downloaded HJT and could run the first scan but none of the Misc. Tools scans would scan. I booted into safe mode and scanned and fixed all 34 listings and rebooted only to have the deleted items reinstalled. If anyone has any clues as to how to eliminate this nightmare I would be very grateful."
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top