C
Carrie-Ann5567
Guest
Wiped the hard drive, reformatted and did a clean install of OS7 Home (ditched the pro hoping that the group policies, Domain attachment and etc. would not be an issue). But they are still there. Reinstalled it again. I cannot manually remove the files, even giving myself permission. Keeps loading what looks like a bogus update file, but I cannot delete that either. I am at my wits end. I also have an issue with one of my Outlook mail accounts, displaying a string of what looks like a key below my username. I have been dealing with this for 2 months. had my machine at two different local repair shops and nothing. Even swapped out the mother board and the drive. How is it identifying me? I am not even using the same key. The only way it could be doing it is through my network connection. (Disabled Wifi also).
I read something about Panther Trojan and I do have a panther file on my machine ( which again I can't delete). I did not even think that HOME version had that kind of remote admin and yet it's running it. Its loading strange 32 bit files and running them on a 64 bit system. I don't know what to do from here. I can't get a version of Windows installed that isn't sucking up all my processing power and transferring insane amounts of data. I pulled out an old HP Pav and I'm loading XP on it now. At least I'll be able to view and edit files on it. I don't feel safe, even checking my email on this machine. (I use my ipad for that).
Below are the results of Command line queries, screen shots and some event log snips. Since I did the last reinstall at about 9 pm there are 294 Logon and Special logons created. Not to mention that I had another windows machine and an android phone corrupted from hooking them up to my main tower. The worst is an external drive holding 10 years worth of my design files. Sighhhhhhh.....
Im so sick of looking at this. Im going to bed and hopefully not dream about it. If anyone can tell me how to stop this happening, I would SOOO appreciate it. Windows support is such a joke.
I've run 3 different Virus Scan programs on it, reformatted the drive twice (wiped it down to zero once),and used three different install media (three different version of Windows. 0S7 home, OS10 pro and OS7 pro (7 pro was what I was running when this began). Again this is after I paid two different repair services to diagnose it, pull out the wireless nic card, replace the motherboard, and replace the drive. After i freaked on them they started throwing install disks and keys at me. lol Seriously though, I might as well just toss my money down a hole. (the key I finally pulled off the machine is not one that I have ever owned??) I suppose that is why I am trying so hard to get it clean installed, I've already got so much money in it. I should just probably give up and load Linux.
If I ever get ahold of that damn Trusted Installer he's a dead man. Thanks in advance!!!!
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 7/20/2016 at 11:03:12 PM
RSOP data for OWNER-PC\Administrator on OWNER-PC : Logging Mode
----------------------------------------------------------------
OS Configuration: Standalone Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\Administrator
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 7/20/2016 at 10:31:33 PM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: 37L4247E29-32
Domain Type: WindowsNT 4
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
-------------------------------------------------------
System Mandatory Level
Everyone
BUILTIN\Users
NT AUTHORITY\SERVICE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
BDESVC
BITS
CertPropSvc
EapHost
hkmsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
MSiSCSI
RasAuto
RasMan
RemoteAccess
Schedule
SCPolicySvc
SENS
SessionEnv
SharedAccess
ShellHWDetection
wercplsupport
Winmgmt
wuauserv
LOCAL
BUILTIN\Administrators
USER SETTINGS
--------------
Last time Group Policy was applied: 7/20/2016 at 10:36:33 PM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: OWNER-PC
Domain Type: <Local Computer>
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
High Mandatory Level
After enabling the hidden admin account (which already had a password set btw)
C:\Users\Administrator>set
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Administrator\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=OWNER-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Administrator
LOCALAPPDATA=C:\Users\Administrator\AppData\Local
LOGONSERVER=\\WIN-01J5F1J7NAH
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32
\WindowsPowerShell\v1.0\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ADMINI~1\AppData\Local\Temp
TMP=C:\Users\ADMINI~1\AppData\Local\Temp
USERDOMAIN=OWNER-PC
USERNAME=Administrator
USERPROFILE=C:\Users\Administrator
windir=C:\Windows
windows_tracing_flags=3
windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
Continue reading...
I read something about Panther Trojan and I do have a panther file on my machine ( which again I can't delete). I did not even think that HOME version had that kind of remote admin and yet it's running it. Its loading strange 32 bit files and running them on a 64 bit system. I don't know what to do from here. I can't get a version of Windows installed that isn't sucking up all my processing power and transferring insane amounts of data. I pulled out an old HP Pav and I'm loading XP on it now. At least I'll be able to view and edit files on it. I don't feel safe, even checking my email on this machine. (I use my ipad for that).
Below are the results of Command line queries, screen shots and some event log snips. Since I did the last reinstall at about 9 pm there are 294 Logon and Special logons created. Not to mention that I had another windows machine and an android phone corrupted from hooking them up to my main tower. The worst is an external drive holding 10 years worth of my design files. Sighhhhhhh.....
Im so sick of looking at this. Im going to bed and hopefully not dream about it. If anyone can tell me how to stop this happening, I would SOOO appreciate it. Windows support is such a joke.
I've run 3 different Virus Scan programs on it, reformatted the drive twice (wiped it down to zero once),and used three different install media (three different version of Windows. 0S7 home, OS10 pro and OS7 pro (7 pro was what I was running when this began). Again this is after I paid two different repair services to diagnose it, pull out the wireless nic card, replace the motherboard, and replace the drive. After i freaked on them they started throwing install disks and keys at me. lol Seriously though, I might as well just toss my money down a hole. (the key I finally pulled off the machine is not one that I have ever owned??) I suppose that is why I am trying so hard to get it clean installed, I've already got so much money in it. I should just probably give up and load Linux.
If I ever get ahold of that damn Trusted Installer he's a dead man. Thanks in advance!!!!
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 7/20/2016 at 11:03:12 PM
RSOP data for OWNER-PC\Administrator on OWNER-PC : Logging Mode
----------------------------------------------------------------
OS Configuration: Standalone Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\Administrator
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
Last time Group Policy was applied: 7/20/2016 at 10:31:33 PM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: 37L4247E29-32
Domain Type: WindowsNT 4
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups
-------------------------------------------------------
System Mandatory Level
Everyone
BUILTIN\Users
NT AUTHORITY\SERVICE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
BDESVC
BITS
CertPropSvc
EapHost
hkmsvc
IKEEXT
iphlpsvc
LanmanServer
MMCSS
MSiSCSI
RasAuto
RasMan
RemoteAccess
Schedule
SCPolicySvc
SENS
SessionEnv
SharedAccess
ShellHWDetection
wercplsupport
Winmgmt
wuauserv
LOCAL
BUILTIN\Administrators
USER SETTINGS
--------------
Last time Group Policy was applied: 7/20/2016 at 10:36:33 PM
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: OWNER-PC
Domain Type: <Local Computer>
Applied Group Policy Objects
-----------------------------
N/A
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
---------------------------------------------------
None
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
High Mandatory Level
After enabling the hidden admin account (which already had a password set btw)
C:\Users\Administrator>set
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Administrator\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=OWNER-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Administrator
LOCALAPPDATA=C:\Users\Administrator\AppData\Local
LOGONSERVER=\\WIN-01J5F1J7NAH
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32
\WindowsPowerShell\v1.0\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ADMINI~1\AppData\Local\Temp
TMP=C:\Users\ADMINI~1\AppData\Local\Temp
USERDOMAIN=OWNER-PC
USERNAME=Administrator
USERPROFILE=C:\Users\Administrator
windir=C:\Windows
windows_tracing_flags=3
windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
Continue reading...
