I am not very computer savvy, so bear with me.
I believe the person I previously hired (independently) put keylogging software on my computer. He set up my Google email account and I believe has admin privileges as he is an IT person for a school district. He installed Norton Endpoint Protection (from my employer) as well as updated versions of Windows, etc. My google account was hacked into and eventually my laptop was as well. I got several notifications that someone else (from different computer) was using my IP address and also a notice about MAC spoofing. After all that happened, I deactivated my google account; wiped out my laptop (partitions were deleted/full erase) and reinstalled to factory out-of-box. I got a new modem from my provider.
Everything appeared fine for about a week or so, then I noticed the time setting changed as well as some of the settings. I ran a pingwww.infopackets.com command and it came back as going through my provider (though two of the addresses were invalid) and going through two other providers (different states) consistently. I made reports to my provider as well as the other provider; sent logs to my provider and am waiting to hear back.
Any traces I do consistently go to a private IP address that I cannot identify. I did a few DNS trace routes from the web previously and they came back as not existing (some letters/numbers resembled my carrier but it was not legit). I now have a bunch of programs and processes that were on my computer before that I have not reinstalled and alot of old processes that say they were installed PRIOR to the date I wiped everything out and reinstalled everything.
I have been getting notices from windows defender about port attacks. I have open ports that are very high numbers. At one point, some of my programs were disabled (several times) including Norton and Windows Defender. I ran a scan the other day and various registry errors; changes have been made to the registry (I have no idea how to do that).
And it appears that I now have Windows 7 - which I did not purchase.
I am at loss as to what to do at this point. I have not put any of my files back onto my computer so I'm ok with wiping it out and starting all over again. But I need to figure out how whoever it is keeps getting in so I can keep them out the next time.
I have a Toshiba Satellite A205, 32-bit operating system
Windows Vista Home Premium - Service Pak 2
Modem (I have wireless disabled) DSL
I have Windows Defender; Norton Endpoint Protection, have been running scans almost daily with Malewarebytes.
Edited by SydneyL, 12 June 2010 - 06:12 PM.