[whyme]

alright, i will try that when i get home from work. Scary stuff about the keylogger. Why would someone want to know what i am typing? People need better things to do. I believe i tried to remove wdfmgr.exe before. i don't think it will delete. Remember earlier you told me to just check everything on the hjt log and click fix it. i did that and that file remains. I will try it again tonight before i try the antispy detect. Do i have to remve the file from the safe mode and the normal mode?

[Advertisements]

No once its deleted its gone. Safe mode or normal. Just in safe mode you have a better chance of deleting items because they have a less chance of running.

As for the keylogger.. Passwords, Email accounts, Bank accounts(alot of people do this online), alot of different things like this. Though ad-aware normally picks up key loggers.

[Lightninghawk]

No once its deleted its gone. Safe mode or normal. Just in safe mode you have a better chance of deleting items because they have a less chance of running.

As for the keylogger.. Passwords, Email accounts, Bank accounts(alot of people do this online), alot of different things like this. Though ad-aware normally picks up key loggers.

[whyme]

ok i ran the hijack this program to bring up the 023-(file missing) thing and ticked it, clicked fix it and reran the hijackthis. The darn file popped up again. So, i reticked it, if that is a word, and reclicked the fix it button. That file came up again. I feel it may be safe to assume that this file may have something to do with my usurped desktop. (how non comittal, eh?) Anyway, i downloaded the microsoft antispyware detector and ran it. it found two things in my registry that it said it deleted. then i realized that i just ran a quick scan and could have configed to do a full scan. i did that and it came back clean. I just noticed in my C drive there is a file with an icon that is square with a blue banner across the top and a plain white box underneith. It is called NTDETECT.COM, 47KB and the type says it is MS-DOS Application. On the same day a file called ntldr with a blue banner white box with little squares of color in it is 229KB and the type is a System file. Are these suspicious? Why do i have files with 0 KB stored? Lso found this file caled desktop.ini. Any thoughts on it?

[whyme]

Forgot to mention that one of times since this crazy desktop has been overlying my real one, when i went to shut down the computer stopped me and said that if i logged off now the other users would not be able to save their work. then it asked me if i wanted to continue. Maybe that helps.

[Lightninghawk]

desktop.ini is good. you will find it everywhere. ntldr i believe is good. not sure about the other one. give me til in the morning. I'm at work right now. I'll have an answer then. Thank you for your patience. The last few dayz haven't been my best

[whyme]

Good day. I wanted to let you know where i stand right now. Lastnight i perused the posts and found this one. Danger : Spyware . This guy actually clicked on the link on the usurper desktop and recieved information from the company that may be responsible for the problem. They offered a utility fix tool. i was reluctant to use it becuse, who knows what else they are trying to do, but the message seemed sincere. i figured it couldn't get much worse and you seem to be able to fix just about any problem anyway, so i downloaded and let the tool do its thing. After running my original desktop icons reappeared, the double icons that showed up while downloading all these sweepers and cleaners went away. My right click function returned, however, i am still not able to change the background to anything other than this darn blue screen. i checked the web display thing out and nothing is checked. No matter what i try, nothing allows me to change my background. Now at this point it is a fairly trivial problem, but it is still bothersome and concerning because i do not feel i have full control over my computer yet. I am wondering if i should run another hijackthis log so you can see if the utility fix i used was what it said, or if it was a clever way of that company gaining access to my computer in another way. Any suggestions on the 023-(file missing) thing? Can't get rid of it. Also, any feedback on the NTDETECT.COM yet? No immeadiate rush, just curious as to what you found out. Later.

[whyme]

Any idea what C:\ Documents and Settings\"name"\Local Settings\Temp\~DF2EAB.tmp and All same prefix \~DF3A42.tmp are?

[Lightninghawk]

you can delete it. It is only a temporary file.

I'm going to be out of commision for a while. I sprained my neck and have a concussion from an accident yesterday at lunch time.

I'll be back asap

[whyme]

That is horrible. Please, get well soon. best wishes.