Logfile of HijackThis v1.99.1
Scan saved at 21:49:43, on 2006-5-20
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\KAV2006\KWatch.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
D:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\KAV2006\KAVStart.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\internat.exe
D:\KAV2006\KMailMon.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
D:\Program Files\GlobalSCAPE\CuteFTP 7 Professional\ftpte.exe
D:\Program Files\tastgd\ishare_user.exe
E:\Orca Browser\orca.exe
D:\Opera Download\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v14.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: AdSwpr - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - D:\PROGRA~1\IE修复~1\IERBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - D:\PROGRA~1\IE修复~1\IERBar.dll
O4 - HKLM\..\Run: [KavStart] "D:\KAV2006\KAVStart.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [RealPlayer] "D:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog0.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog0.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog0.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdogr0.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdogr0.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18254D37-D38A-41E3-B657-5F93DB5A1A9A}: NameServer = 211.97.168.129,211.136.17.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{18254D37-D38A-41E3-B657-5F93DB5A1A9A}: NameServer = 211.97.168.129,211.136.17.107
O17 - HKLM\System\CS2\Services\Tcpip\..\{18254D37-D38A-41E3-B657-5F93DB5A1A9A}: NameServer = 211.97.168.129,211.136.17.107
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KAV2006\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KAV2006\KWatch.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

谢谢

双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
复制C:\WINDOWS\system32\msibm，打开我的电脑，把C:\WINDOWS\system32\msibm复制到地址栏上，回车，看看是否能进入msibm文件夹，如果能回到。
找到一个叫uninstall的程序，双击卸载。
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll（这项有些顽固，可以考虑到模式下修复。
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
删除
C:\WINDOWS\system32\spoolsv（整个文件夹
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\msibm
修复后，请重启
如果还没有解决问题
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，不要修改。