Author Topic: WIN32.P2P-WORM.ALCAN.A (Read 884 times)

Gummbee25 · « **on:** February 08, 2006, 11:11:32 AM »

on start up my putter takes a long time to open up or doesnt load at all and my adawre keeps detecting the WIN32.P2P-WORM.ALCAN.A i just got highjack THis and this is what i got from the log..... i dont know how to unintall it any help would be GREATLY appricated

Logfile of HijackThis v1.99.1
Scan saved at 11:01:08 AM, on 2/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\DRIVERS\PRINTER\540\StatMon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\steam\steam.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DellStatusMonitor] "C:\DRIVERS\PRINTER\540\StatMon.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

guestolo · « **Reply #1 on:** February 08, 2006, 11:12:56 PM »

Can you run ad-aware again
After you run it SAVE REPORT
Save a copy of the report to your desktop and copy and paste the whole contents back here please

Gummbee25 · « **Reply #2 on:** February 09, 2006, 03:24:29 AM »

its 3 am and i woke up to my harddrive or something spinning really load like never before my screen blank but mt putter sounded like it was a vacume something mega messed up... running slower now aswell

Ad-Aware SE Build 1.05
Logfile Created on:Thursday, February 09, 2006 3:06:09 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R90 03.02.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references.
Tracking Cookie(TAC index:3):8 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Include Alternate Datastream details in log file
Set : Play sound at scan completion if scan locates critical objects

2-9-2006 3:06:09 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Max\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1429500319-290001351-85024537-1006\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 624
ThreadCreationTime : 2-9-2006 8:02:58 AM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 2-9-2006 8:03:01 AM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 2-9-2006 8:03:03 AM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 2-9-2006 8:03:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 2-9-2006 8:03:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 2-9-2006 8:03:03 AM
BasePriority : Normal

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 2-9-2006 8:03:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 2-9-2006 8:03:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1104
ThreadCreationTime : 2-9-2006 8:03:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1228
ThreadCreationTime : 2-9-2006 8:03:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1272
ThreadCreationTime : 2-9-2006 8:03:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1328
ThreadCreationTime : 2-9-2006 8:03:04 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:13 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1348
ThreadCreationTime : 2-9-2006 8:03:04 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:14 [issvc.exe]
FilePath : C:\Program Files\Norton Personal Firewall\
ProcessID : 1424
ThreadCreationTime : 2-9-2006 8:03:04 AM
BasePriority : Normal
FileVersion : 8.0.5.14
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : ISSVC.exe

#:15 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1440
ThreadCreationTime : 2-9-2006 8:03:05 AM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:16 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1708
ThreadCreationTime : 2-9-2006 8:03:06 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1892
ThreadCreationTime : 2-9-2006 8:03:06 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:18 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 212
ThreadCreationTime : 2-9-2006 8:03:07 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:19 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 264
ThreadCreationTime : 2-9-2006 8:03:07 AM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:20 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 2-9-2006 8:03:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:21 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1052
ThreadCreationTime : 2-9-2006 8:03:14 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:22 [iaantmon.exe]
FilePath : C:\Program Files\Intel\Intel Application Accelerator\
ProcessID : 1076
ThreadCreationTime : 2-9-2006 8:03:14 AM
BasePriority : Normal
FileVersion : 4.0.0.6211
ProductVersion : 4.0.0.6211
ProductName : Intel IAANTmon
CompanyName : Intel Corporation
FileDescription : Intel Application Accelerator RAID Monitor
InternalName : IAANTmon
LegalCopyright : Copyright© Intel Corporation 2003-04
OriginalFilename : IAANTmon.exe

#:23 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 1096
ThreadCreationTime : 2-9-2006 8:03:14 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:24 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1136
ThreadCreationTime : 2-9-2006 8:03:14 AM
BasePriority : High

#:25 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 1212
ThreadCreationTime : 2-9-2006 8:03:14 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:26 [oasclnt.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1384
ThreadCreationTime : 2-9-2006 8:03:14 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client

#:27 [mcvsshld.exe]
FilePath : c:\program files\mcafee.com\vso\
ProcessID : 1868
ThreadCreationTime : 2-9-2006 8:03:15 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:28 [mcagent.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 2052
ThreadCreationTime : 2-9-2006 8:03:15 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:29 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 2060
ThreadCreationTime : 2-9-2006 8:03:15 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:30 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2308
ThreadCreationTime : 2-9-2006 8:03:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 2364
ThreadCreationTime : 2-9-2006 8:03:22 AM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:32 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2964
ThreadCreationTime : 2-9-2006 8:03:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:33 [intelmem.exe]
FilePath : C:\Program Files\Intel\Modem Event Monitor\
ProcessID : 3256
ThreadCreationTime : 2-9-2006 8:03:38 AM
BasePriority : Normal
FileVersion : 0, 1, 0, 10
ProductVersion : 0, 1, 0, 10
ProductName : Intel Modem Event Monitor Application
CompanyName : Intel Corporation
FileDescription : Modem Event Monitor Application
InternalName : Modem Event Monitor
LegalCopyright : Copyright © 2003
OriginalFilename : IntelMEM.exe

#:34 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\Musicmatch Jukebox\
ProcessID : 3456
ThreadCreationTime : 2-9-2006 8:03:41 AM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : © Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:35 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 3464
ThreadCreationTime : 2-9-2006 8:03:42 AM
BasePriority : Normal

#:36 [statmon.exe]
FilePath : C:\DRIVERS\PRINTER\540\
ProcessID : 3568
ThreadCreationTime : 2-9-2006 8:03:44 AM
BasePriority : Normal
FileVersion : 1.2.0.180
ProductVersion : 1.2.0.180
ProductName : Dell Photo Printer
CompanyName : Dell
FileDescription : Dell Photo Printer
InternalName : DPP Printer Driver Status Monitor
LegalCopyright : © Dell Inc, 2004-2005
LegalTrademarks : Unauthorized use of this material is strictly prohibited.
OriginalFilename : StatMon.EXE

#:37 [dlbkbmgr.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ProcessID : 3600
ThreadCreationTime : 2-9-2006 8:03:46 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Manager
InternalName : dlbkbmgr.exe
OriginalFilename : dlbkbmgr.exe

#:38 [dlbkbmon.exe]
FilePath : C:\Program Files\Dell AIO Printer A920\
ProcessID : 3616
ThreadCreationTime : 2-9-2006 8:03:46 AM
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Dell Computer Corporation
FileDescription : Dell AIO Printer A920Button Monitor
InternalName : dlbkbmon.exe
OriginalFilename : dlbkbmon.exe

#:39 [cac.exe]
FilePath : C:\Program Files\Computer Alarm Clock\
ProcessID : 3652
ThreadCreationTime : 2-9-2006 8:03:47 AM
BasePriority : Normal
FileVersion : 2.0.1.0
ProductVersion : 2.0.0.0
CompanyName : Think Art Computing.
FileDescription : Computer Alarm Clock

#:40 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3748
ThreadCreationTime : 2-9-2006 8:03:48 AM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:41 [steam.exe]
FilePath : C:\program files\steam\
ProcessID : 3804
ThreadCreationTime : 2-9-2006 8:03:50 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe

#:42 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ProcessID : 3844
ThreadCreationTime : 2-9-2006 8:03:51 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 1
ProductVersion : 5, 0, 0, 1
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2004 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:43 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 3928
ThreadCreationTime : 2-9-2006 8:03:54 AM
BasePriority : Normal

#:44 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3944
ThreadCreationTime : 2-9-2006 8:03:55 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:45 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1580
ThreadCreationTime : 2-9-2006 8:04:37 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:46 [opera.exe]
FilePath : C:\Program Files\Opera\
ProcessID : 2252
ThreadCreationTime : 2-9-2006 8:04:43 AM
BasePriority : Normal
FileVersion : 3929
ProductVersion : 7.54
ProductName : Opera Internet Browser
CompanyName : Opera Software
FileDescription : Opera Internet Browser
InternalName : Opera
LegalCopyright : Copyright © Opera Software 1995-2005
OriginalFilename : Opera.exe

#:47 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2688
ThreadCreationTime : 2-9-2006 8:05:59 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 15

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 15

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 15

Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 2-3-2026 2:57:46 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@adrevolver[1].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:[email protected]/
Expires : 2-8-2007 7:21:42 AM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@casalemedia[1].txt
Category : Data Miner
Comment : Hits:111
Value : Cookie:[email protected]/
Expires : 1-30-2007 10:05:18 PM
LastSync : Hits:111
UseCount : 0
Hits : 111

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@trafficmp[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 2-8-2007 3:32:56 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@adrevolver[2].txt
Category : Data Miner
Comment : Hits:20
Value : Cookie:[email protected]/adrevolver/
Expires : 10-23-2008 11:40:14 AM
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@realmedia[2].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:[email protected]/
Expires : 12-31-2020 7:00:00 PM
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 2-8-2007 11:38:26 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 8
Objects found so far: 23

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 23

Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 23

3:16:21 AM Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:12.187
Objects scanned:148845
Objects identified:8
Objects ignored:0
New Critical Objects:8

guestolo · « **Reply #3 on:** February 09, 2006, 09:03:50 PM »

I'm not see Alcan, but not to say there isn't residuals we must take care of
But first, what I do see is Symantec's and McAfee's running on your computer

It is not adviseable running more than one Anti-Virus software on your computer
or more than one software Firewall
This does not double your protection, it does more harm than good

Can you do this now please
Decide which Protection software your happiest with
Uninstall either Norton's completely or McAfee's

Reminder, having more than one AV and/or firewall running can cause conflicts and decrease system performance noticeably
Note: XP also has a built in Firewall, if you are using a firewall from Norton's or McAfee's
Ensure to disable the XP firewall

When you have the above done post back a fresh hijackthis log

Gummbee25 · « **Reply #4 on:** February 10, 2006, 01:36:58 AM »

Logfile of HijackThis v1.99.1
Scan saved at 1:35:59 AM, on 2/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\DRIVERS\PRINTER\540\StatMon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\Max\LOCALS~1\Temp\200621003156_mcinfo.exe
C:\program files\steam\steam.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DellStatusMonitor] "C:\DRIVERS\PRINTER\540\StatMon.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Max\LOCALS~1\Temp\200621003156_mcinfo.exe /insfin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

guestolo · « **Reply #5 on:** February 10, 2006, 10:00:56 AM »

OK, now you kept Nortons and rid yourself of McAfee's
But you installed AntiVir
Can you uninstall it please

Post back a fresh hijackthis log afterwards

We'll run a couple tools on your computer later to ensure you are clean

Gummbee25 · « **Reply #6 on:** February 11, 2006, 08:03:38 PM »

i dont have any virus protection now...

Logfile of HijackThis v1.99.1
Scan saved at 8:01:30 PM, on 2/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\DRIVERS\PRINTER\540\StatMon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\Max\LOCALS~1\Temp\200621003156_mcinfo.exe
C:\program files\steam\steam.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DellStatusMonitor] "C:\DRIVERS\PRINTER\540\StatMon.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Max\LOCALS~1\Temp\200621003156_mcinfo.exe /insfin
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

guestolo · « **Reply #7 on:** February 12, 2006, 12:49:58 PM »

Quote

i dont have any virus protection now...

Well, that's not true, you still have Norton's running?

Can you do the following please
Check for updates with Ad-Aware
Download them if any but don't run a scan yet

Open Ewido and check for updates, download them if any
Don't run a scan yet

==Download and Install
Windows Cleanup! 4.0
Don't run this yet,

******************************************************
When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Please download Brute Force Uninstaller
Reminder, choose SAVE rather than OPEN
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe

[color=\"#CC0000\"]RIGHT CLICK HERE[/color]
and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover.
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\p2pnetwork.bfu
*********************************************************

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
I don't see entries for Alcan, but let's make sure we do the following to ensure your clean

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the C:\BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

=Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Max\LOCALS~1\Temp\200621003156_mcinfo.exe /insfin

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware
Run the scan and clean any Criticals it finds

Reboot back to Normal mode

Post back all the following
1. Run a "Scan and Save logfile" with Hijackthis and post the fresh log
2. Post the whole report you saved earlier from Ewido's

Gummbee25 · « **Reply #8 on:** February 12, 2006, 04:45:32 PM »

"Well, that's not true, you still have Norton's running?"

i have norton firewall but thats it... no antivirus from norton...here all the logs you wanted

Logfile of HijackThis v1.99.1
Scan saved at 4:39:53 PM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\DRIVERS\PRINTER\540\StatMon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\steam\steam.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DellStatusMonitor] "C:\DRIVERS\PRINTER\540\StatMon.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         4:26:03 PM, 2/12/2006
+ Report-Checksum:      B62718DA

+ Scan result:

   C:\WINDOWS\SYSTEM32\dhtmcore(2).dll -> Adware.MediaBack : Cleaned with backup
   C:\WINDOWS\SYSTEM32\dhtmcore.dll -> Adware.MediaBack : Cleaned with backup

::Report End

thanks for all you help bro...

guestolo · « **Reply #9 on:** February 12, 2006, 05:49:43 PM »

Quote

i have norton firewall but thats it... no antivirus from norton...here all the logs you wanted

It appears that Norton's AV is installed because I seen this entry in your log
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
But I don't see the AV service running
Can you do the following please

Open Hijackthis>>Open Misc tools section>>Open Uninstall Manager
Click the SAVE LIST button
Save the list too desktop then copy and paste back here the whole contents please

If you don't have Symantec's AV running, by all means reinstall AntiVir AV
Sorry for the confusion

Gummbee25 · « **Reply #10 on:** February 12, 2006, 09:24:49 PM »

ACA Screen Recorder 2.03
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AntiVir PersonalEdition Classic Windows
AOL Instant Messenger
Arcade! Classic Arcade Pack 3.6
ATI Display Driver
BitTornado 0.3.14
Broadcom Advanced Control Suite 2
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Computer Alarm Clock
DeadAIM
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Photo Printer 540
Dell Support
DivX
DivX Player
ewido anti-malware
FinePixViewer Resource
FinePixViewer Ver.5.0
FUJIFILM USB Driver
HijackThis 1.99.1
ImageMixer VCD2 LE for FinePix
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
Internet Explorer Default Page
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_06
LimeWire
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft ActiveX Control Pad
Modem Event Monitor
Modem Helper
Modem On Hold
MSRedist
Musicmatch® Jukebox
Norton AntiSpam
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall
Norton Personal Firewall 2005 (Symantec Corporation)
Norton WMI Update
Opera
PowerDVD 5.1
PSP Max Media Manager
QuickTime
RAW FILE CONVERTER LE
RealPlayer
RipCast Streaming Audio Ripper 1.9
Screen Recorder Gold V2.1
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Sonic RecordNow!
Sonic Update Manager
SPBBC
Spybot - Search & Destroy 1.4
Spyware Doctor 2.1
Steam
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Veo Creative Studio - Connect
Veo Velocity Connect
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WordPerfect Office 12
XviD 1.1 final uninstall
Yahoo! Messenger

i got antivir back on ...

guestolo · « **Reply #11 on:** February 13, 2006, 01:35:36 PM »

Looks good
Is MySpace your preferred startup page?

*If everything is running better
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool[/url]

After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"

*Keep up to date on Windows updates
You appear to be set to AutoUpdate, good move
Keeping up on all latest High Priority updates with Windows Updates is one of the most important steps in keeping your system secure

*Check for updates with your anti-spyware programs and run a scan on a regular basis
Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Please Immunize after every update

You may also choose to hold onto Ewido and CleanUp!
Ewido will become a Limited version in a couple weeks after installation
It's still a very good scanner to update and run once a month

You can access your add/remove programs via control panel and remove the older versions and updates of Java
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_06

NOTE: I see multiple entries in your uninstall list for Norton's Firewall and Internet Security
Did you have problems with the installation earlier, are you having any conflicts with it?

Gummbee25 · « **Reply #12 on:** February 13, 2006, 11:58:48 PM »

thanks alot for all your help man.... in my uninstall list i only see one listing for the firewall?

guestolo · « **Reply #13 on:** February 14, 2006, 10:36:45 AM »

Quote

in my uninstall list i only see one listing for the firewall

Ok, no problem, I was just checking

As your problems appear resolved I'll lock this topic
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: WIN32.P2P-WORM.ALCAN.A (Read 884 times)

Gummbee25

WIN32.P2P-WORM.ALCAN.A

guestolo

WIN32.P2P-WORM.ALCAN.A

Gummbee25

WIN32.P2P-WORM.ALCAN.A

guestolo

WIN32.P2P-WORM.ALCAN.A

Gummbee25

WIN32.P2P-WORM.ALCAN.A

guestolo

WIN32.P2P-WORM.ALCAN.A

Gummbee25

WIN32.P2P-WORM.ALCAN.A

guestolo

WIN32.P2P-WORM.ALCAN.A

Gummbee25

WIN32.P2P-WORM.ALCAN.A

guestolo

WIN32.P2P-WORM.ALCAN.A

Gummbee25

WIN32.P2P-WORM.ALCAN.A

guestolo

WIN32.P2P-WORM.ALCAN.A

Gummbee25

WIN32.P2P-WORM.ALCAN.A

guestolo

WIN32.P2P-WORM.ALCAN.A