HELP! Someone might be controlling my computer!

Possible Hijacking?

I am hoping someone can help me with this problem. When I am connected to the internet, I have noticed (a) my mouse pointer moving around when I am not touching the mouse, (b) my screen sometimes scrolls down a bit when I am not touching the mouse, (c) internet explorer loses its connectivity periodically and is unable to find websites when my other web browser works, and (d) just yesterday, I was working in Excel and I noticed random sentence fragments appearing in the cells when I was not touching the keyboard or the mouse! My computer also crashed last week when a friend of mine tried to burn a CD of his girlfriends homework assignment. Could someone out there be taking control of my computer or monitoring it? I use the Windows XP built-in firewall and have only set Internet Explorer as an exception. I have installed all of the latest Windows patches so my security should be up to date. I have run Spybot S&D (admittedly, I haven’t found any new updates for more than a half year), AdAware SE Personal, CW Shredder, Norton Antivirus, and they all indicated I had a clean system. I ran Hijack This and can upload a log file on request.


I then ran XoftSpy 4.11 and it identified 71 threatening registry codes (belonging to Orbit Explorer, Wild Tangent, and Trojan/CWS Combo), a highly threatening “netword agent” file folder located in my Program files (C:\Program Files\netword), and a bunch more wild tangent files and folder in a directory called C:\WINDOWS\wt\*.


Does anyone have any idea what could be happening? What would be some steps I could take to fix this?

 

Welcome

It sounds like you have run alot of the programs we suggest. Please try and do all of the TUTORIAL and then submit your HJT log.
This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure someone wll help you. Everyone is quite busy, as you can see by the number of posts, so hang in there. Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

 

OK I am following all of the instructions in the supplied link. I'll post back later

 

OK, according to the Sticky thread “READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.”, I have done all the preparation steps (1-4); in preparation step 2, none of the bad Windows services were found, and I downladed and updated all the given files listed in preparation step 4. Then I did scanning steps (1-4, and 6). Please find my Hijack This log file attached to this post. However, I should note that I was unable to start my computer in safe mode. There was a message “Keyboard error” on one of the screens during the boot. My keyboard is plugged directly into one of my USB ports on the back of my computer and I run my mouse and printer through a USB hub connected to the other port on the back of my computer.

First I did the online scan at Trend and my system was clean. Next I performed the Symantec Security check and came up clean Furthermore, AVERT Stinger gave me a clean bill of health.

Then, I cleaned my hard drive with CCleaner as instructed, and proceeded to run AdAware and Spybot (and immunized) and came up clean on both. My computer was also clean according to CWShredder, Kill2Me, and about:Buster. HSRemove claimed it deleted 10 Items.

Please have a look at the attached Hijack This log and I look forward to your comments. In the mean time I will finish with the “Keeping your computer safe and clean” section of the Sticky post mentioned above.

Thanks

 

I just saw your answer. It got pushed back a ways. I will get it to the front and see if someone can look at it. I have to sign off for the night.

 

I don't see much wrong here but let's do this:
Please print out these instructions so that you can operate with ALL Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://lucius.crosswinds.net/de/webinstall.cab
016 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB

Again, make sure All Browser Windows are Closed when you Click FIX.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know how your computer is running now and if you had trouble with the above instructions.

Good luck

 

I'm sorry, please add this to the fix lines.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

 

Thanks Old Thug. I removed the three recommended items with HijackThis, rebooted in normal mode (it seems I have no other option), scanned again with HijackThis and produced the attached log file.

The computer seems to be running OK today, but I still cannot boot in safe mode. Furthermore, when the attached log file was generated, my screen went dark and reappeared with a larger screen resolution (actually, this is my set resolution). This morning, I also removed the speech recognition with the control panel even though the process was not running. But, nonetheless, Internet Explorer (IE) is running fine and it hasn't refused to find websites for intermittant time periods, nor has it changed any fields after I set them (it was doing that too), I haven't seen any suspicious pointer movements or screen scrolls, and no random words/sentence fragments showed up in Excel while I was working.

Please let me know what you think about the new log. Also, do you have any ideas why I can't start the computer in Safe Mode? And finally, could you recommend a freeware firewall and its corresponding settings that would keep pesky people from trying to hack my computer? (I'll also try to search the forms for this).

I really appreciate the help and look forward to hearing from you.

 

Your log seems OK to me. I am not sure why you can't boot in safe mode. May be a software question.

Glad this seemed to help. You should check this out now: How to Protect yourself from malware!
It has a free firewall. Be sure to use Firefox and Spyware Blaster.

If everything seems to be working OK then turn system restore back on.

 

Cool. Thanks alot. The safemode problem could also be a hardware problem, after all, I get the message "keyboard failure" during boot up (when I can choose F2 or F12 for Setup) and, if I have a keyboard failure, I would imagine that pressing the Function keys won't do a bit of good. The keyboard runs off USB as well as the mouse and I don't see any life (ie., lit LEDs) in them until the windows splash screen has been up a few seconds. Are my USB ports disabled during the boot?

 

Your Welcome

I imagine they are till a certain point but I am really not sure. These are questions better answered by someone other than myself. I'll see if I can get someone else to give you an answer.

 

Usually USB ports dont work until windows has loaded, check your BIOS settings for USB and see what there set at. Also, your USB ports should work in safe mode. It's possible it may be an error b/c there's no ps2 kbd detected.