Win32.P2P-Worm.Alcan.a

[Sev]

I have the Win32.P2P-Worm.Alcan.a  in my C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\

I Have used  killbox,ewido, clean up, ad-aware and hijack this but it still seems to show up in my C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP134\


Logfile of HijackThis v1.99.1
Scan saved at 5:39:36 PM, on 10/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Updater.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sunny\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I have also lost my search function, restore, help and support
any help would be great

[guestolo]

He Sev, can you do the following please
I want to check on something

==Download and save WinPFind.zip
UNZIP the contents to your desktop

Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive

Post the results of the WindPFind.txt located in the WinPFind folder

Can you also let me know if you can do the following
Go to START>>Run>>Type in services.msc
Hit Ok

Does a new window open?
Or do you get an error message

[guestolo]

Oh, I forgot to mention, don't worry about Win32.P2P-Worm.Alcan.a in the C:\System Volume Information folder right now
That's your System Restore folder
We'll have to clean that out in a bit

[Sev]

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2                 04/08/2004 3:00:00 AM       41397      C:\WINDOWS\SYSTEM32\DFRG.MSC
UPX!                 15/05/2004 4:10:42 PM       75264      C:\WINDOWS\SYSTEM32\MACDec.dll
UPX!                 19/06/2004 6:28:44 PM       177152     C:\WINDOWS\SYSTEM32\MonkeySource.ax
PECompact2           04/08/2005 6:31:38 PM       1449304    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               04/08/2005 6:31:38 PM       1449304    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               04/08/2004 3:00:00 AM       708096     C:\WINDOWS\SYSTEM32\NTDLL.DLL
Umonitor             04/08/2004 3:00:00 AM       657920     C:\WINDOWS\SYSTEM32\RASDLG.DLL
winsync              04/08/2004 3:00:00 AM       1309184    C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     10/09/2005 5:17:10 PM     S 2048       C:\WINDOWS\BOOTSTAT.DAT
                     28/08/2005 10:43:42 AM   HS 7680       C:\WINDOWS\Thumbs.db
                     19/07/2005 7:18:10 PM     S 18913      C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
                     10/09/2005 5:18:54 PM    H  1024       C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
                     10/09/2005 5:17:28 PM    H  1024       C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
                     10/09/2005 5:27:18 PM    H  1024       C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
                     10/09/2005 5:51:46 PM    H  1024       C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
                     10/09/2005 5:21:46 PM    H  1024       C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
                     13/08/2005 10:12:28 AM   H  1024       C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
                     08/08/2005 9:00:04 PM    HS 388        C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\09e16a00-aac4-484b-a3ac-c03a8b0a5f2e
                     08/08/2005 9:00:04 PM    HS 24         C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
                     10/09/2005 5:17:12 PM    H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          04/08/2004 3:00:00 AM       68608      C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       549888     C:\WINDOWS\SYSTEM32\APPWIZ.CPL
Borland Software Corporation   07/10/2003 11:39:00 AM      184320     C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation          04/08/2004 3:00:00 AM       110592     C:\WINDOWS\SYSTEM32\BTHPROPS.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       135168     C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       80384      C:\WINDOWS\SYSTEM32\FIREWALL.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       155136     C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Intel Corporation              23/01/2005 10:33:44 AM      94208      C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG              23/12/2003 3:40:52 PM       57344      C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation          04/08/2004 3:00:00 AM       358400     C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       129536     C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       380416     C:\WINDOWS\SYSTEM32\IRPROPS.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       68608      C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems               19/11/2003 3:48:12 PM       61555      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          04/08/2004 3:00:00 AM       187904     C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       618496     C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       35840      C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       25600      C:\WINDOWS\SYSTEM32\NETSETUP.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       257024     C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       32768      C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       114688     C:\WINDOWS\SYSTEM32\POWERCFG.CPL
Intel® Corporation           02/03/2004 9:39:06 AM       77824      C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc.           23/09/2004 6:57:40 PM       323072     C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation          04/08/2004 3:00:00 AM       298496     C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       28160      C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       94208      C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation          04/08/2004 3:00:00 AM       148480     C:\WINDOWS\SYSTEM32\WSCUI.CPL
Microsoft Corporation          26/05/2005 4:16:30 AM       174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          26/05/2005 4:16:30 AM       174360     C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation              10/02/2004 9:53:24 AM       94208      C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     10/08/2004 11:04:12 AM   HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
                     12/04/2005 9:41:38 PM       493        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     10/08/2004 10:57:42 AM   HS 62         C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
                     10/08/2004 11:04:12 AM   HS 84         C:\Documents and Settings\sunny\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
                     10/08/2004 10:57:42 AM   HS 62         C:\Documents and Settings\sunny\Application Data\DESKTOP.INI
                     17/08/2005 7:16:30 PM       12358      C:\Documents and Settings\sunny\Application Data\PFP120JCM.{PB
                     17/08/2005 7:16:30 PM       61678      C:\Documents and Settings\sunny\Application Data\PFP120JPR.{PB

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   SV1    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
   DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
   MenuText    =    :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =    :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} =    :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   SoundMAXPnP   C:\Program Files\Analog Devices\Core\smax4pnp.exe
   IgfxTray   C:\WINDOWS\system32\igfxtray.exe
   HotKeysCmds   C:\WINDOWS\system32\hkcmd.exe
   SunJavaUpdateSched   C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
   DVDLauncher   "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
   UpdateManager   "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
   dla   C:\WINDOWS\system32\dla\tfswctrl.exe
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   NeroFilterCheck   C:\WINDOWS\system32\NeroCheck.exe
   iRiver Updater   \Updater.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   DellSupport   "C:\Program Files\Dell Support\DSAgnt.exe" /startup
   MSMSGS   "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
   UPnPMonitor                       {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    = igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.9   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/09/2005 5:53:36 PM


services.msc opens without  any errors

[guestolo]

I'm just stepping out for a bit

Can you explain what you mean by this

I have also lost my search function, restore, help and support
any help would be great

Just to make sure I know what your talking about

Search function>>Is this the Search feature from within XP
or in IE?

help and support>>If you go back to Services.msc
On the right hand side can you double click on Help and Support
Is the service started and set to Automatic?

restore>>Is this your System restore feature
It appears enabled that's where you are finding the bad guy
Also check in services.msc to ensure System Restore is enabled and set to Automatic

What program is finding Win32.P2P-Worm.Alcan.a in  C:\System Volume Information?

Are you logged into the computer with a user that has Admin privileges?

I see one service running related too Symantec's
Do you still run it's AV or are you running without any Anti-Virus software on your computer?

[Sev]

My search function within xp when i click on search no fields come up
but i see the dog

Help and support are started and set to automatic

system restore is enabled and automatic

all three of these things come up with a blank screen

 Win32.P2P-Worm.Alcan.a in C:\System Volume Information was found with ad-aware

I have avg waiting to install my nortons has expired

[guestolo]

Let's try the following and see what happens

Go to START>>Run>>type in the following in bold and then hit OK
Notice the single space after regsvr32 also
Or simply copy and paste each one in and hit OK after each

regsvr32 jscript.dll

Do the same for the next ones, hit OK after entering each one

regsvr32 vbscript.dll

and

regsvr32 Mshtml.dll

Let me know how things are working after

If things are ok we still have to clear the system restore folder

[Sev]

Succeeded http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />
Everything works thank you

[guestolo]

Good work
You should still make sure you do the following

You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2 as well

Afterwards
You should properly uninstall Norton's AV
And then install AVG and run a full system scan

Let me know how things are afterwards