Dell Inspiron laptop with Windows XP Pro. Linksys wireless router with wpa enabled. I run Zone Alarm (free version) and NAV. Windows is updated at least twice/month (but have declined sp2 so far) Additionally, I have run deep scans with PestPatrol, Webroot's Spy Sweeper, Ad-Aware, Spybot S&D, and X-Block's X-Cleaner.
Because an acquaintance has become very interested in and adept with keyloggers (and possibly trojans) I am very concerned that my Inspiron laptop may have fallen victim. This acquaintance really likes Spytech and Spector products, not sure what else. The "stealth mode" of these products along with the fact that some can be remotely installed and be installed masquerading as another app to bypass ZA or other firewall increases my uneasiness.
I do get clean scans with the above-mentioned products. "Security Task Manager" by Neuber, however, alerted me to Dadkeyb.dll in C:\\windows\system32\drive
rs\ as a "DLL hidden" with a Rating of 100. "Properties: Able to record keyboard inputs. Window not visible. No description of the program. No Windows System file. None(sic) detailed description available. Function: records input." I can't find information on Dadkeyb.dll good or bad. I read good things about Security Task Manager, but surely don't want to delete or quarantine a necessary dll.
HJT Log:
Logfile of HijackThis v1.98.2
Scan saved at 5:01:54 PM, on 10/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\SYSTEM32\ZoneLa
bs\vsmon.e
xe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynT
PLpr.exe
C:\Program Files\Synaptics\SynTP\SynT
PEnh.exe
C:\WINDOWS\SYSTEM32\Driver
s\dadapp.e
xe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PESTPA~1\PPCon
trol.exe
C:\PROGRA~1\PESTPA~1\PPMem
Check.exe
C:\PROGRA~1\PESTPA~1\Cooki
ePatrol.ex
e
C:\Program Files\Picasa\PicasaMediaDe
tector.exe
C:\PROGRA~1\ZONELA~1\ZONEA
L~1\zlclie
nt.exe
C:\WINDOWS\System32\ctfmon
.exe
C:\WINDOWS\SYSTEM32\Driver
s\DadTray.
exe
C:\Program Files\I8kfanGUI\i8kfangui.
exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Page
_URL =
http://www.dellnet.comR0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH
elper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
F10577473F
7} - c:\program files\google\googletoolbar
1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
ADC6B08487
2} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
859DF00B1D
6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
09027A5CD4
F} - c:\program files\google\googletoolbar
1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynT
PLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynT
PEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Driver
s\dadapp.e
xe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdat
e.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPCon
trol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMem
Check.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\Cooki
ePatrol.ex
e
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDe
tector.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEA
L~1\zlclie
nt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\i8kfangui.
exe /startup
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCLE
AN~1.EXE" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
1.dll/cmse
arch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
1.dll/cmba
cklinks.ht
ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
1.dll/cmca
che.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\Office10\
EXCEL.EXE/
3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
1.dll/cmsi
milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
1.dll/cmtr
ans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\WINDOWS\System32\msjava
.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
0010333D0A
D} - C:\Program Files\Yahoo!\Messenger\yhe
xbmes0411.
dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
0010333D0A
D} - C:\Program Files\Yahoo!\Messenger\yhe
xbmes0411.
dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
0C0F0318AF
E} - C:\WINDOWS\System32\Shdocv
w.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ppctlcab -
http://www.pestscan.com/scanner/ppctlcab.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
0105AA9B6A
E} (Symantec AntiVirus scanner) -
http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {2FC9A21E-2069-4E47-8235-3
6318989DB1
3} (PPSDKActiveXScanner.MainS
creen) -
http://www.pestscan.com/scanner/axscanner.cabO16 - DPF: {41F17733-B041-4099-A042-B
518BB6A408
C} -
http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exeO16 - DPF: {556DDE35-E955-11D0-A707-0
0000052195
7} -
http://www.xblock.com/download/xclean_micro.exeO16 - DPF: {556DDE36-E951-11D1-A708-0
0000052195
8} -
http://www.xblock.com/members/files/xcleaner_full_setup.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0
050DA18DE7
1} -
http://207.188.7.150/0151ad898784087d7b04/netzip/RdxIE2.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
0105AA9B6A
E} (Symantec RuFSI Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8
E447D12930
0} - C:\Program Files\HP\hpcoretech\comp\h
puiprot.dl
l
