Scan saved at 22:04:59, on 2006-1-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {6671A431-5C3D-463d-A7CF-5587F9B7E191} -
C:\PROGRA~1\COMMON~1\qqsp\.dll (file missing)
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus
Shield\avp.exe"
O4 - HKLM\..\RunOnce: [sxagf] %systemroot%\system32\Rundll32.exe
%systemroot%\system32\sxagf.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program
Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Transaction Provisioning Service (dosls578) - Unknown
owner - C:\WINDOWS\system32\service.exe
O23 - Service: fan.eeewl.com - Unknown owner -
C:\WINDOWS\system32\nsvce32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Provisioning Transaction Service (ttt_13) - Unknown
owner - C:\WINDOWS\system32\win.exe
fix the line below
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\Userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} -
C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll
fan.eeewl.com
O23 - Service: fan.eeewl.com - Unknown owner -
C:\WINDOWS\system32\nsvce32.exe
O23 - Service: Provisioning Transaction Service (ttt_13) - Unknown
owner - C:\WINDOWS\system32\win.exe
C:\WINDOWS\system32\conime.exe <-- has been deleted
all the line has been fix using avenger coz some line they couldn't be fix using killbox and hijackthis tool.however still facing some problem.. cannot online even using winsock to repair and lan driver gone automatically after install couldn't detected however .. plenty off rundll32.exe runing in process.. automatically need advice.. >.<" this is my friend hijackthis.log weird..