Logfile of HijackThis v1.99.1
Scan saved at 14:53:35, on 2006-7-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\rav\Update\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\SkyNet\FireWall\pfw.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\res.exe
C:\Program Files\Common Files\UPDAT\Update.exe
C:\PROGRA~1\baigoo\bgoomain.exe
E:\Program Files\Netease\popo2004\popo.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Netease\popo2004\popo.exe
E:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\rising\rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Tencent\qq\QQ.exe
E:\Program Files\eclipse-SDK-3.1\eclipse\eclipse.exe
E:\Program Files\j2sdk1.4.2_05\bin\javaw.exe
E:\Program Files\eclipse-SDK-3.1\eclipse\MyProject\girl\mapEdit\ZnGMapEditor.exe
D:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\msdev.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mspaint.exe
E:\Program Files\Macromedia\Fireworks 8\Fireworks.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\rising\rav\Rav.exe
C:\Program Files\rising\rav\RsLogVw.exe
E:\Program Files\MYIE2\MyIE.exe
E:\Program Files\winRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\halvonne\LOCALS~1\Temp\Rar$EX06.578\HijackThis.exe

R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\mngg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O2 - BHO: IExpress - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINDOWS\system32\iexpress.dll
O2 - BHO: FesFohrd Class - {2C24A6F8-3AAE-D74D-5962-FCD3545AF82C} - C:\WINDOWS\DOWNLO~1\wene.dll (file missing)
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - (no file)
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\WINDOWS\Downlo~1\izpser.dll
O2 - BHO: AdsHlpObj Class - {49A94665-B1F5-4F05-B9C7-FB6E336E49BD} - C:\WINDOWS\system32\AdsObj.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\MicrosoftNet.dll (file missing)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: AdsObj2 Class - {7DDEA238-3E32-43FD-8223-A5E15D9666FF} - C:\WINDOWS\system32\AdsHlp2.dll
O2 - BHO: AlxTBK - {832C0563-0820-4fef-83D8-418261DBC233} - C:\WINDOWS\system32\popkiller.dll
O2 - BHO: Router Video 40 - {8465D755-AFE0-40ef-BC5E-2290D2C1F31F} - C:\WINDOWS\system32\rv40.dll (file missing)
O2 - BHO: PplYveqm Class - {8B51715C-A8AD-0241-D026-1C1495DE8E65} - C:\WINDOWS\DOWNLO~1\wqlzmwaa.dll (file missing)
O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: Internet_Explorer_Service - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} - C:\WINDOWS\system32\HelperService.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll (file missing)
O2 - BHO: (no name) - {BC4E44B2-FA5D-42DB-9CDE-3A7D4BF41E34} - C:\WINDOWS\system32\Krak.dll (file missing)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: AdsHlpObj Class - {C74332D8-097F-41E7-8F8A-2E4D5A07A31E} - C:\WINDOWS\system32\AdsHlp.dll
O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - C:\WINDOWS\system32\svchost.dll
O2 - BHO: (no name) - {CE8373AC-9724-4C74-885D-7D3E07CA63DD} - C:\WINDOWS\system32\Uahfw.dll (file missing)
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - C:\Program Files\CoolWebsite\QuickLink.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: ZggRrxqo Class - {FA4FEC6E-A2ED-0E3A-C9D8-6AC47B6D5399} - C:\WINDOWS\DOWNLO~1\hfhyhca.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - Toolbar: (no name) - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - (no file)
O3 - Toolbar: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll (file missing)
O3 - Toolbar: IE标准栏 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb.dll
O3 - Toolbar: (no name) - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - (no file)
O3 - Toolbar: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [popo2004] E:\Program Files\Netease\popo2004\Start.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Winrun] C:\WINDOWS\bqq.exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\Program Files\SkyNet\FireWall\pfw.exe
O4 - HKLM\..\Run: [u302] RunDll32 "C:\WINDOWS\Downlo~1\szj4.dll",Run
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [res] C:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [YOKAssiant] Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [DAEMON Tools-2052] "E:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: IE-BAR.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: VeryCD超级搜索 - C:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 导出当前页到超星阅览器(&A) - E:\Program Files\SSREADER36\ss_all.htm
O8 - Extra context menu item: 导出选中部分到超星阅览器(&S) - E:\Program Files\SSREADER36\ss_select.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 火狐Flash保存 - E:\Program Files\FoxFlashplayer\PlugIns\GetFlash.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 易得优播放器 - {009541A0-3B81-101C-92F3-040224009C04} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 易得优播放器 - {009541A0-3B81-101C-92F3-040224009C04} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT]  中文上网
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\rav\Update\Ravmond.exe