MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 03-31-05, 01:50
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default Im being watched by the keystroke

i finally did everything you told me to prepare my computer first for hijacking.

the first day everything went fine. Then today, I discovered that iexplore.exe is back where it doesnt belong, so i think i took care of that.

My major problem is this: I know someone has logging my keystrokes and activity etc. I would like to post my HIJACK THIS log now to see what else needs to be done.

I have way too many startup applications running in the backgroung with numerous SVC hosts. I need some help guys!!


May I post my HIJACK THIS log file?

from Pam
Reply With Quote
Sponsored links
  #2  
Old 03-31-05, 02:05
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,641
Thanks: 62
Thanked 7,761 Times in 4,199 Posts
Default Re: Im being watched by the keystroke

Have you run ALL the steps (including the online scanners) in the Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal


If so, follow the directions below. If not, complete all steps first.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #3  
Old 03-31-05, 13:15
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Im being watched by the keystroke

heres my log file

keep in mind, i did remove alot with the programs you suggested.
something is still not right though.
Attached Files
File Type: log hijackthis032904.log (9.2 KB, 6 views)
Reply With Quote
  #4  
Old 03-31-05, 13:21
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,641
Thanks: 62
Thanked 7,761 Times in 4,199 Posts
Default Re: Im being watched by the keystroke

You must remember to exit all browsers before running HijackThis. You had C:\Program Files\Internet Explorer\iexplore.exe running.

Also you had C:\PROGRA~1\WINZIP\winzip32.exe which is just unnecessary and should not be running.

I looking at your log now.

Are the below what you expect:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #5  
Old 03-31-05, 13:28
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,641
Thanks: 62
Thanked 7,761 Times in 4,199 Posts
Default Re: Im being watched by the keystroke

Also do youu know what C:\Program Files\BayScribe\\bayscribe.dll is for. It looks rather suspicious to me!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 03-31-05, 16:36
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Im being watched by the keystroke

Quote:
Originally Posted by chaslang
Also do youu know what C:\Program Files\BayScribe\\bayscribe.dll is for. It looks rather suspicious to me!

yes this program is my work. I use an on line wordprocessor to transcribe in for a local hospital. I do need this.

Let me close the other programs that you saw running and re-run Hijack this.

I wasnt aware they were running.

Be Right Back with New Log
Reply With Quote
  #7  
Old 03-31-05, 16:38
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: These Programs?

I dont know what they are for, except I do have AOL on my computer. But I really on need to work through Internet Explorer. I did download Firefox, but with Firefox I cant get my bayscribe web site to run so I can do my work for the hospital?? I do have HP software on my computer, thats all I can tell you about these keys below.

Are the below what you expect:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop[/QUOTE]
Reply With Quote
  #8  
Old 03-31-05, 16:48
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy Heres My new LOG!! Thursday 03/31/2005

Nothing was running that I could see.

There are a ton of programs in task manager, under applications, but i made sure no tasks were running.

Let me know if i did the LOG right.

Thanks so much for your help. I know Im a pain
Attached Files
File Type: txt newlog0401.txt (9.4 KB, 6 views)
Reply With Quote
  #9  
Old 03-31-05, 23:33
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,641
Thanks: 62
Thanked 7,761 Times in 4,199 Posts
Default Re: Heres My new LOG!! Thursday 03/31/2005

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - blank (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - blank (file missing)
O3 - Toolbar: (no name) - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)


After clicking Fix, exit HJT.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #10  
Old 03-31-05, 23:40
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Im being watched by the keystroke

okay im going to do that.

Just wanted to make a note that the file dlbtbmon.exe you told me to delete
turned out to be my printer.
Reply With Quote
Sponsored links
  #11  
Old 03-31-05, 23:57
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,641
Thanks: 62
Thanked 7,761 Times in 4,199 Posts
Default Re: Im being watched by the keystroke

Quote:
Originally Posted by pamelaj
okay im going to do that.

Just wanted to make a note that the file dlbtbmon.exe you told me to delete
turned out to be my printer.
Where did I say to do that?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #12  
Old 04-01-05, 00:16
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Im being watched by the keystroke

oh chaslang, im so sorry.

i received an email from tech forum telling me to delete that. I can attach that email if you want to see it.

apparently they finally got back to me after i had already started with your help and i got confused.
Reply With Quote
  #13  
Old 04-01-05, 00:22
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,641
Thanks: 62
Thanked 7,761 Times in 4,199 Posts
Default Re: Im being watched by the keystroke

OK!

Did you complete the steps in message number 9?
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #14  
Old 04-01-05, 00:26
pamelaj pamelaj is offline
Private First Class
 
Join Date: Mar 2005
Posts: 72
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Im being watched by the keystroke

im going to do it right now.

yeah that was it, Garrick.

oh well. maybe I can find a printer driver for the DELL AIO 922 on line?

ill get back to you with my log.
Reply With Quote
  #15  
Old 04-01-05, 00:22
PhilliePhan
Guest
 
Posts: n/a
Lightbulb Re: Im being watched by the keystroke

Quote:
Originally Posted by chaslang
Where did I say to do that?
This was my bad, Chas. I saw where BJGarrick had her fix that in her other thread and was going to edit it, but got caught up with work and forgot. Sorry!

DSO Exploit and FUN Webs, keep coming back!


PP

Last edited by PhilliePhan; 04-01-05 at 00:26.. Reason: Added Link
Reply With Quote
Sponsored links
  #16  
Old 04-01-05, 00:27
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,641
Thanks: 62
Thanked 7,761 Times in 4,199 Posts
Default Re: Im being watched by the keystroke

Quote:
Originally Posted by PhilliePhan
This was my bad, Chas. I saw where BJGarrick had her fix that in her other thread and was going to edit it, but got caught up with work and forgot. Sorry!

DSO Exploit and FUN Webs, keep coming back!


PP
Aaah! This is why users need to stay in one thread until all their problems are resolved!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 04-01-05 at 00:44..
Reply With Quote
  #17  
Old 04-01-05, 00:32
PhilliePhan
Guest
 
Posts: n/a
Angry Re: Im being watched by the keystroke

Quote:
Originally Posted by chaslang
Aaah! This is why users need to stay in one thread until all there problems are resolved!
Yeah . . . But it's also sloppy! Blindly telling a user to remove a service that is clearly legitimate . . . No excuse for that ::
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 15:46.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger