Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jan 8th, 2009, 1:21pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Worm-P2P.SDDrop and Adware.BookedSpace.106		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Worm-P2P.SDDrop and Adware.BookedSpace.106  (Read 803 times)
photon
Newbie
*





   


Posts: 14
Worm-P2P.SDDrop and Adware.BookedSpace.106
« on: Sep 28th, 2006, 11:51pm »		 Quote Quote  Modify Modify
Hi,
  I just started using TrojanHunter 4.6 today. I am using the 30 day trial to make sure it works for me before I buy it.
 
I ran a full scan and this is the result:
Found trojan file: C:\Program Files\360 Degrees of Freedom\Virtual Tour Business Kit 6.1\360 Image Assembler\Twain\new_twunk_32.exe (Worm-P2P.SDDrop)
 
I am sure this a false positive as since I bought this program (Virtual Tour Business Kit 6.1-360 Image Assembler)online and I have been using it for almost 2 years.
 
Is there a way to send the file in to be checked?
 
It also gave me a warning about my DAP (Download Accelerator Plus) program. This is the warning:
      Adware.BookedSpace.106
 
I have the paid version of that program and not the free version. Is this a real problem? I have been using the program for 4-5 years. Thanks,Photon
 
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #1 on: Sep 29th, 2006, 12:41am »		 Quote Quote  Modify Modify
Welcome to the forum photon  Cheesy
 
It certainly would appear the new_twunk-32.exe is an FP.
 
Please submit it per the instructions in the link below:
 
http://www.misec.net/forum/board/FAQ/1139308293  
 
Please be sure that your submittal explains that this file is a False Positive.  I will also email Gavin to check this post.
 
Please clarify as to what the exact warning message stated for DAP.
 
Keep in mind that the new rulesets and definitions for TH are updated daily.  You need to follow the instructions in the link below to manually update your rulesets for the Trial version.
 
http://www.misec.net/trojanhunter/updating/
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #2 on: Sep 29th, 2006, 12:49am »		 Quote Quote  Modify Modify
Hi,
 
    I am trying to submit it now, but I am having a problem.
In using both my ISP email and Hotmail the zip file is being rejected because it is password protected. See below:
 
This message has been processed by Symantec's AntiVirus Technology.
 
new_twunk_32.exe was not scanned for viruses because it is encrypted.
 
   What should I do? Thanks
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #3 on: Sep 29th, 2006, 12:51am »		 Quote Quote  Modify Modify
Try sending it as a ZIP without password protection and we'll see if it gets on through.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #4 on: Sep 29th, 2006, 1:00am »		 Quote Quote  Modify Modify
Here is the DAP info.
 
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} (matches Adware.BookedSpace.106) (Regedit Jump)
Registry key exists: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6 69695BC-A811-4A9D-8CDF-BA8C795F261C} (matches Adware.BookedSpace.106) (Regedit Jump)
 
When I click on (Regedit Jump){HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C} (matches Adware.BookedSpace.106) it takes me to where I can see DAP mentioned.}
 
I don't see DAP mentioned when I click the other (Regedit Jump){HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\St ats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} (matches Adware.BookedSpace.106)}, but I assume it is also DAP because numbers are the same.
 
I have properly updated the program manually. (85607)Thanks.Photon
IP Logged
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #5 on: Sep 29th, 2006, 1:00am »		 Quote Quote  Modify Modify
Ok, sending now.  Thanks,Photon
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #6 on: Sep 29th, 2006, 1:29am »		 Quote Quote  Modify Modify
The warning message indicates that there is a possible parasite named ftbar.dll on your system.  
 
Please go to the link below and change the Windows defaults so that you can view all files and folders.  
 
http://www.misec.net/forum/board/FAQ/1139610900
 
Then do a search for ftbar.dll.  If you find it, please submit it to Mischel Internet Security for analysis.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #7 on: Sep 29th, 2006, 1:35am »		 Quote Quote  Modify Modify
Let's take a look at a couple of things.  Please go to the link below and download HiJackthis 1.99.1  
 
http://www.majorgeeks.com/download3155.html  
 
Install it in its own dedicated folder on your main hard drive....such as a folder named  HiJackThis at C:\Program Files\HiJackThis.  
 
Once you get it installed, please change the name of HiJackthis.exe to some unique name such as AnalyzeIt.exe.  The reason for the rename is that some of the latest critters prevent HiJackThis.exe from displaying properly.  The rename fools the critters.  
 
Then run a HiJackThis scan and post the scan log back here so we can take a look to see if there are any infections showing up.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #8 on: Sep 29th, 2006, 1:41am »		 Quote Quote  Modify Modify
I got the file from MajorGeeks, but let me ask you something before I continue. I realize that site(majorgeeks) is trying to make money and all, but is it safe to put an obstacle when trying to click a download site for the file? I clicked and got sent to Circuit City.  I am now paranoid that this is a new security issue for me.
« Last Edit: Sep 29th, 2006, 3:03am by photon » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #9 on: Sep 29th, 2006, 1:51am »		 Quote Quote  Modify Modify
Do you have IE's popup blocker turned on?  Perhaps that was a popup ad for Circuit City.  I don't get anything such as this and I have IE's popup blocker on.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #10 on: Sep 29th, 2006, 1:56am »		 Quote Quote  Modify Modify
I don't use a pop up blocker. When I clicked the link the ads appeared. I bet if you turn off yours, you will see it too.
IP Logged
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #11 on: Sep 29th, 2006, 2:05am »		 Quote Quote  Modify Modify
I just clicked the link again and it is still happening. I clicked the download link right away the first time. This time I waited a few seconds and the ad that covered the download links went up to the top of the page as a banner ad. I have never seen this before. If not a security risk that was kinda cool.
 
I did a search on my computer for the ftbar.dll
and I didn't find it.
 
Here is the Highjackthis info:
 
Logfile of HijackThis v1.99.1
Scan saved at 3:02:06 AM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Power Mixer\pwmixer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Highkackthis\AnalyzeIt.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q105&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q105&bd=pavilion&pf=desktop
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\PROGRA~1\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE" /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power Mixer] "C:\Program Files\Power Mixer\pwmixer.exe" /t
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http: //www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?2&6&04.00.03.15&unknown&unknown&file:///C:/Documents%20and%20Settings/HP_Owner/Desktop/DSCF0029.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wu web_site.cab?1125791897578
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
 
« Last Edit: Sep 29th, 2006, 3:04am by photon » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #12 on: Sep 29th, 2006, 2:32am »		 Quote Quote  Modify Modify
Okay, here are a couple of items that you may wish to consider removing.  
 
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE  
 
Here's what is said about this item (see link below)
 
http://www.bleepingcomputer.com/startups/Alcxmntr.exe-245.html
 
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll  
 
Here is what is said about this item (see link below)
 
http://www.neuber.com/taskmanager/process/dapbho.dll.html
 
http://www.greatis.com/appdata/d/PROGRAM_FILES/d/dap_dapbho.dll.htm
 
None of these are HIGH Risk, but they are collecting data, etc.  
 
If you want to remove these, please do the following.
 
1.  Run another HJT scan
 
2.  After the scan is completed, place a check mark in the box next to the items below.  BE SURE these are the only ones with a checkmark:
 
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll  
 
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE  
 
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)  
 
 
NOTE: The O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)  
 item should be removed at any rate.  It is a leftover from Webroot Spy Sweeper that you apparently had on your system at some time.
 
3.  Then click on Fix Checked at the bottom left of the HJT window.  Confirm that you want to FIX these and let HJT fix them.
 
4.  After the fixes are completed, close HJT and Reboot.
 
5.  Post a new HJT scan back here.  
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #13 on: Sep 29th, 2006, 2:42am »		 Quote Quote  Modify Modify
The O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
is my Realtek Azalia Audio - Event Monitor. Will my sound card work without it? This program doesn't access the internet. (Update)Deleting it causes my sound card to not function.
This is my third computer with a realtek sound card, so I will put it back.
 
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll   This is part of my DAP program. Will this program work without it?
 
The SpySweeper program was causing to many system problems for me,so I deleted it. Infact that is why I am testing out TrojanHunter.
 
« Last Edit: Sep 29th, 2006, 2:53am by photon » IP Logged
photon
Newbie
*





   


Posts: 14
Re: Worm-P2P.SDDrop and Adware.BookedSpace.106
« Reply #14 on: Sep 29th, 2006, 2:57am »		 Quote Quote  Modify Modify
Since these are not major problems I will leave the items the way they are, except for the SpySweeper entry. So, does this mean that the Adware.BookedSpace.106 issue is put to rest or not? Thanks for your time, Photon
IP Logged
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register