Member Avatar for katemccrew

wow - finally I think I have arrived on the correct thread.

here are my results:

The only thing that I see that could perhaps be, odd, is an ATI hotkey poller?


Index % of PCs with item Code Data
1 0.1% O16 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
2 0.0% O16 {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190345193031
3 1.5% O2 Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
4 0.5% O2 Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
5 0.0% O2 &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
6 0.0% O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
7 1.1% O23 iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
8 0.7% O23 Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
9 0.1% O23 Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
10 0.0% O23 Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
11 0.0% O23 DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
12 0.0% O23 NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
13 0.0% O23 PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
14 0.0% O23 PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
15 0.7% O3 &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
16 0.0% O3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
17 3.9% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
18 2.3% O4 [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
19 2.2% O4 [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
20 1.9% O4 [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
21 1.4% O4 [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
22 1.1% O4 Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
23 1.1% O4 Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
24 0.9% O4 Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
25 0.8% O4 [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
26 0.8% O4 [AGRSMMSG] AGRSMMSG.exe
27 0.3% O4 [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
28 0.3% O4 [ATIModeChange] Ati2mdxx.exe
29 0.1% O4 [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
30 0.1% O4 [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
31 0.0% O4 [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
32 0.0% O4 Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
33 0.0% O4 [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
34 0.0% O4 [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
35 0.0% O4 [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
36 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
37 0.0% O4 [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
38 0.7% O8 E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
39 7.0% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
40 0.6% O9 Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
41 0.4% O9 Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
42 0.4% O9 Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
43 0.0% O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
44 0.0% O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
45 13.5% P01 C:\WINDOWS\Explorer.EXE
46 13.2% P01 C:\WINDOWS\system32\svchost.exe
47 13.2% P01 C:\WINDOWS\system32\lsass.exe
48 13.2% P01 C:\WINDOWS\system32\winlogon.exe
49 13.2% P01 C:\WINDOWS\system32\services.exe
50 13.1% P01 C:\WINDOWS\System32\smss.exe
51 12.7% P01 C:\WINDOWS\system32\spoolsv.exe
52 3.3% P01 C:\WINDOWS\system32\wuauclt.exe
53 3.2% P01 C:\WINDOWS\system32\Ati2evxx.exe
54 2.3% P01 C:\Program Files\Messenger\msmsgs.exe
55 2.1% P01 C:\WINDOWS\system32\NOTEPAD.EXE
56 2.0% P01 C:\Program Files\iPod\bin\iPodService.exe
57 1.9% P01 C:\Program Files\iTunes\iTunesHelper.exe
58 1.9% P01 C:\Program Files\Mozilla Firefox\firefox.exe
59 1.5% P01 C:\WINDOWS\system32\csrss.exe
60 1.3% P01 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
61 0.9% P01 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
62 0.8% P01 C:\Windows\AGRSMMSG.exe
63 0.2% P01 C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
64 0.2% P01 C:\WINDOWS\system32\acs.exe
65 0.1% P01 C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
66 0.1% P01 C:\Program Files\ltmoh\Ltmoh.exe
67 0.0% P01 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
68 0.0% P01 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
69 0.0% P01 C:\WINDOWS\system32\dwwin.exe
70 0.0% P01 C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
71 0.0% P01 C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
72 0.0% P01 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
73 0.0% P01 C:\Program Files\Atheros\ACU.exe
74 0.0% P01 C:\Documents and Settings\Administrator\Desktop\HiJackThis(2).exe
75 0.0% P01 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
76 0.0% P01 C:\Program Files\Spyware Doctor\pctsAuxs.exe
77 0.0% P01 C:\Program Files\Spyware Doctor\pctsSvc.exe
78 0.0% P01 C:\Program Files\Spyware Doctor\pctsTray.exe
79 0.5% R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
80 0.3% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
81 0.4% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
82 0.3% R1 HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
83 0.3% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
84 0.2% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
85 0.2% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
86 0.2% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
87 0.2% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
88 0.0% R3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

Explanation of the codes

R - Registry, StartPage/SearchPage changes

* R0 - Changed registry value
* R1 - Created registry value
* R2 - Created registry key
* R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries

* F0 - Changed inifile value
* F1 - Created inifile value
* F2 - Changed inifile value, mapped to Registry
* F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes

* N1 - Change in prefs.js of Netscape 4.x
* N2 - Change in prefs.js of Netscape 6
* N3 - Change in prefs.js of Netscape 7
* N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:

* O1 - Hijack of auto.search.msn.com with Hosts file
* O2 - Enumeration of existing MSIE BHO's
* O3 - Enumeration of existing MSIE toolbars
* O4 - Enumeration of suspicious autoloading Registry entries
* O5 - Blocking of loading Internet Options in Control Panel
* O6 - Disabling of 'Internet Options' Main tab with Policies
* O7 - Disabling of Regedit with Policies
* O8 - Extra MSIE context menu items
* O9 - Extra 'Tools' menuitems and buttons
* O10 - Breaking of Internet access by New.Net or WebHancer
* O11 - Extra options in MSIE 'Advanced' settings tab
* O12 - MSIE plugins for file extensions or MIME types
* O13 - Hijack of default URL prefixes
* O14 - Changing of IERESET.INF
* O15 - Trusted Zone Autoadd
* O16 - Download Program Files item
* O17 - Domain hijack
* O18 - Enumeration of existing protocols and filters
* O19 - User stylesheet hijack
* O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
* O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
* O22 - SharedTaskScheduler autorun Registry key
* O23 - Enumeration of NT Services
* O24 - Enumeration of ActiveX Desktop Components

Privacy Policy | About Trend Micro | Contact Us

Copyright © 2007 Trend Micro, Inc.

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis(2).exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190345193031
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

  • 3 Contributors
  • 2 Replies
  • 234 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by MoralTerror

Recommended Answers

All 2 Replies

Member Avatar for Suspishio

For everyone's benefit this is what you originally posted in someone else's thread:

Hi - I 'm new to all of this and have an issue that is driving me nuts! I THINK that it is related to this post......

I believe that I have a key logger hacker type of thing going on in gmail and or my computer???

I am your basic average Joe (but a gal) not a computer wizard etc...

Ihad a former tenant who was a weird freaky computer psycho. Somehow he has resurfaced - might even be on my tmobile phone but now I sound paranoid.

He is definately able to see, somehow, what I type. He emails and comments about what I have sent off to friends.

When I type in gmail I see a green long rectangular box in the corner of the screen. It lights up as I type with each key. The thing is - I don't ever remember seeing it before (for the few years that I have used gmail??).

How do I, a non-priestess of the computer - get rid of this guy???

Thank you,

Kate

You also said in another post:

.....Okay - another thing that keeps happening on my computer is that 'scripts have stopped running on the page" it asks "do you want to continue running scripts on the page" I have no idea what that means.

and when I sign on there has been a system error etc... says it's serious.

any ideas?

First, the HJT log looks clean to me. I couldn't see a key logger. You could try downloading SPYBOT fom
http://www.safer-networking.org/index2.html
and let it run to find any spyware/keylogger.

The other issues you report tell me that your system is not in a state of grace for whatever reason and this long distance debugging isn't gonna be fruitful if you're not technically sympathetic, so to speak.

The approach needed to clean your system up is as follows (in the klight of the clean HJT log unless someone else spots something suspicious):

1/
Back up your data to a memory stick or another hard drive

2/
Reformat your hard disk - but only if you have a restore CD or Windows disk plus your applications such as Word, Exe, Photshop etc.

3/
Restore your data when the applications are reestablished.

Get this done professionally or with a trusted person who knows his/her stuff.

The other way, using a trsuted expert, is to go through a highly complex set of diagnostics and even then your system files may be damaged and a restore of windows will be necessary.

Let us know what you think. Sorry - but sorting this out will take some time however it is tackled.

Member Avatar for MoralTerror

Hi kate

Like Suspishio says we can't guarantee to find the keylogger or repair all the system damage your ex tennant may have caused. We can dig a little deeper to try though if you would rather try and avoid a reformat (full hard disk wipe then reformat is the only way to guarantee evicting him once and for all). If you want to give that a try then please follow these instructions.

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Remember to close all other windows and click Fix Checked

--------------------------------

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Please also include further details of the errors you receive.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.