Im being watched by the keystroke

[pamelaj]

i finally did everything you told me to prepare my computer first for hijacking.

the first day everything went fine. Then today, I discovered that iexplore.exe is back where it doesnt belong, so i think i took care of that.

My major problem is this: I know someone has logging my keystrokes and activity etc. I would like to post my HIJACK THIS log now to see what else needs to be done.

I have way too many startup applications running in the backgroung with numerous SVC hosts. I need some help guys!!


May I post my HIJACK THIS log file?

from Pam

[chaslang]

Have you run ALL the steps (including the online scanners) in the Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal


If so, follow the directions below. If not, complete all steps first.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

[pamelaj]

heres my log file

keep in mind, i did remove alot with the programs you suggested.
something is still not right though.

[chaslang]

You must remember to exit all browsers before running HijackThis. You had C:\Program Files\Internet Explorer\iexplore.exe running.

Also you had C:\PROGRA~1\WINZIP\winzip32.exe which is just unnecessary and should not be running.

I looking at your log now.

Are the below what you expect:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop

[chaslang]

Also do youu know what C:\Program Files\BayScribe\\bayscribe.dll is for. It looks rather suspicious to me!

[pamelaj]

Quote:

Originally Posted by chaslang

Also do youu know what C:\Program Files\BayScribe\\bayscribe.dll is for. It looks rather suspicious to me!

yes this program is my work. I use an on line wordprocessor to transcribe in for a local hospital. I do need this.

Let me close the other programs that you saw running and re-run Hijack this.

I wasnt aware they were running.

Be Right Back with New Log

[pamelaj]

I dont know what they are for, except I do have AOL on my computer. But I really on need to work through Internet Explorer. I did download Firefox, but with Firefox I cant get my bayscribe web site to run so I can do my work for the hospital?? I do have HP software on my computer, thats all I can tell you about these keys below.

Are the below what you expect:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpage.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop[/QUOTE]

[pamelaj]

Nothing was running that I could see.

There are a ton of programs in task manager, under applications, but i made sure no tasks were running.

Let me know if i did the LOG right.

Thanks so much for your help. I know Im a pain

[chaslang]

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - blank (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - blank (file missing)
O3 - Toolbar: (no name) - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)


After clicking Fix, exit HJT.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

[pamelaj]

okay im going to do that.

Just wanted to make a note that the file dlbtbmon.exe you told me to delete
turned out to be my printer.

[chaslang]

Quote:

Originally Posted by pamelaj

okay im going to do that.

Just wanted to make a note that the file dlbtbmon.exe you told me to delete
turned out to be my printer.

Where did I say to do that?

[pamelaj]

oh chaslang, im so sorry.

i received an email from tech forum telling me to delete that. I can attach that email if you want to see it.

apparently they finally got back to me after i had already started with your help and i got confused.

[chaslang]

OK!

Did you complete the steps in message number 9?

[pamelaj]

im going to do it right now.

yeah that was it, Garrick.

oh well. maybe I can find a printer driver for the DELL AIO 922 on line?

ill get back to you with my log.

Quote:

Originally Posted by chaslang

Where did I say to do that?

This was my bad, Chas. I saw where BJGarrick had her fix that in her other thread and was going to edit it, but got caught up with work and forgot. Sorry!

DSO Exploit and FUN Webs, keep coming back!


PP

[chaslang]

Quote:

Originally Posted by PhilliePhan

This was my bad, Chas. I saw where BJGarrick had her fix that in her other thread and was going to edit it, but got caught up with work and forgot. Sorry!

DSO Exploit and FUN Webs, keep coming back!


PP

Aaah! This is why users need to stay in one thread until all their problems are resolved!

Quote:

Originally Posted by chaslang

Aaah! This is why users need to stay in one thread until all there problems are resolved!

Yeah . . . But it's also sloppy! Blindly telling a user to remove a service that is clearly legitimate . . . No excuse for that ::