Might have a keylogger- Please help!

  • Silent Kill
  • Born
  • Born
  • Silent Kill
  • Posts: 4

Post 3+ Months Ago

Hi,

I've recently suspected that I have a keylogger implanted on my computer. I suspect this because some times I'd see that my history has been toggled with. My internet would just lag out at times, and just the feeling that someone is watching over me. Here is my log and please tell me if I have anything.

And please if you'd be so kind to be brief and simple with me on how to remove it if i have one.

Logfile of HijackThis v1.99.1
Scan saved at 8:21:29 AM, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Symantec\Norton AntiVirus\navw32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h10025.www1.hp.com/ewfrf/wc/gene ... c=us&lc=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [jifwqfwbwrdj] C:\WINDOWS\system32\jifwqfwbwrdj.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 7896419796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7896404140
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Print Spooler Service (e2yaei9ufuadk) - Unknown owner - C:\WINDOWS\system32\jifwqfwbwrdj.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

And I just downloaded anti keylogger remover and I got this.

03/07,2008 09:46:24 Allowed Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:46:28 Blocked Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:28 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:28 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:28 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:28 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:29 Block Keylogger C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
03/07,2008 09:46:39 Allowed Keylogger C:\WINDOWS\system32\ieframe.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:49 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:48:50 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:49:00 Block Keylogger C:\WINDOWS\system32\ieframe.dll
03/07,2008 09:49:00 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:49:00 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:49:00 Block Keylogger C:\WINDOWS\system32\MSCTF.dll
03/07,2008 09:49:10 Block Keylogger C:\WINDOWS\system32\MSCTF.dll

Please respond,

Thank you
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

jifwqfwbwrdj.exe

That exe has to go. After you delete it, reboot, open a command prompt and run netstat -ano
Post the output here if you don't know how to check for unwanted connections.
  • Silent Kill
  • Born
  • Born
  • Silent Kill
  • Posts: 4

Post 3+ Months Ago

Thanks for replying,

jifwqfwbwrdj.exe

Is that a keylogger?

I checked the online hijackthis checker and it said it was a unkown file, is it a legitmate file which I need to run a program or was it origanlly implanted on my computer as a keylogged file? And could you please eloborate more on what to do after I delete it because I'm not a computer expert like you guys.

Thanks.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I don't think that is a legitimate file. I would delete it.

At least once a week, someone here thinks they have a keylogger and they run Hijack This, which is ok but instead of going crazy trying to assess all those processes, it's easier to check for unwanted connections first. I say that because, the purpose of a keylogger is to send the information it finds to a remote location. Of course, that is only true if it's not someone who lives with you who is doing the spying.

That being said, if you click start, run, type cmd and press enter, a command prompt will open. Do that after you reboot and before you open any thing else.

Then run
netstat -ano and press enter. All remote connections will appear in the foreign address column.

It's true that there are some trojans that have the ability to hide their connections but I still have faith in the test. There are more complicated ways but I'll stop there for now.

One of my clients had the following connection.
169.230.105.180:12960
Notice the 12960 after the IP address. That is a suspicious port number. The IP belongs to a University. I contacted them and spoke to an IT guy who eventually understood me but passed me to another department. I am still waiting for an answer.
  • Silent Kill
  • Born
  • Born
  • Silent Kill
  • Posts: 4

Post 3+ Months Ago

So what you want me to do is...

Run>cmd>netstat - ano>enter

Then check what are my last digits to see if they are suspicious or not?
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

netstat -ano

Run that after you reboot. Don't open anything else.

Look for IP addresses and port numbers in the foreign address column. For example, look for something like:
169.230.105.180:12960
Notice the 12960 after the IP address. That is a suspicious port number but only in the foreign address column, not in local. Even port 21 can be suspicious if you didn't FTP somewhere.

Post Information

  • Total Posts in this topic: 6 posts
  • Users browsing this forum: No registered users and 40 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.