Logfile of HijackThis v1.99.1
Scan saved at 16:38:33, on 2006-11-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\Program Files\Internet Explorer\SVCHOSI.EXE
D:\Common Framework\FrameworkService.exe
D:\program flies\mcshield.exe
D:\program flies\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
D:\Common Framework\UpdaterUI.exe
D:\program flies\SHSTAT.EXE
D:\program flies\Maxthon\Thundermini\ThunderMini.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\CMMON32.EXE
D:\program flies\Maxthon\Maxthon.exe
D:\program flies\ha_hijackthis_1991\HijackThis.exe

R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll (file missing)
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\program flies\MagicSet\haokanbar.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\program flies\MagicSet\haokanbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "D:\program flies\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ati] C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - HKLM\..\Run: [thunder_mini] D:\program flies\Maxthon\Thundermini\ThunderMini.exe
O4 - HKLM\..\Run: [reg233] rundll32.exe C:\WINDOWS\system32\MsHelper4.dll,reg233
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: QQ群登快手(普通方式).lnk = D:\program flies\QQ\QQQS.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\program flies\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\program flies\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - D:\program flies\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\program flies\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\program flies\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\program flies\QQ\AddEmotion.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\mshelper4.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mshelper4.dll
O16 - DPF: _{52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5932517A-3326-4439-A708-1C98EDB5C549} (Downloader Class) - file://C:\Documents and Settings\All Users\Application Data\Share Helper\Cast\GGS\d79727418b\js\iMopDl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143374421156
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://img.5q.com/images/swflash.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7021C3E-9BD6-4322-BA3F-A2D252654DCE}: NameServer = 58.207.255.35 211.71.131.35
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Windows Fing (Fingrwx) - Unknown owner - C:\Program Files\Internet Explorer\SVCHOSI.EXE
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - D:\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\program flies\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\program flies\vstskmgr.exe

运行Hijackthis，把下面的选中打上钩，修复
R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mshelper4.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mshelper4.dll
结束进程删除

C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\Program Files\Internet Explorer\SVCHOSI.EXE

请下载LSPFix和WinsockXPFix这两个软件，
小软件下载
http://free5.ys168.com/?ufwihgu168
　　重新启动电脑, 进入安全模式。运行LSPFix.exe，删除：

mshelper4.dll
如果无法上网，请运行WinsockXPFix，
让它修复一下。