but I cannot find the file
C:\Windows\popuper.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
Here's my hjackthis log
can anyone help me?Thanks
Logfile of HijackThis v1.99.1
Scan saved at 7:18:51 PM, on 4/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
D:\Documents and Settings\Fai\Desktop\quicktime\iTunesHelper.exe
D:\Documents and Settings\Fai\Desktop\ICQLite\ICQLite.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\spysubstract\SpySub.exe
D:\WINDOWS\System32\gearsec.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Documents and Settings\Fai\Desktop\KillBox.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Sleipnir_cht\Sleipnir.exe
D:\Sleipnir_cht\FvEditor.exe
D:\Documents and Settings\Fai\Desktop\HijackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Documents and Settings\Fai\Desktop\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Documents and Settings\Fai\Desktop\pdf\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Documents and Settings\Fai\Desktop\nettran\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Documents and Settings\Fai\Desktop\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MMTray] D:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Documents and Settings\Fai\Desktop\quicktime\iTunesHelper.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Documents and Settings\Fai\Desktop\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Security iGuard] D:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = D:\Program Files\spysubstract\SpySub.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Documents and Settings\Fai\Desktop\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 FlashGet 下載 - D:\Documents and Settings\Fai\Desktop\nettran\flashget\jc_link.htm
O8 - Extra context menu item: 使用影音傳送帶下載 - D:\Documents and Settings\Fai\Desktop\nettran\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - D:\Documents and Settings\Fai\Desktop\nettran\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用雪??聆通播放 - D:\Documents and Settings\Fai\Desktop\xy\GetUrl.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - D:\Documents and Settings\Fai\Desktop\nettran\flashget\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java ¥D±±¥x - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ2003propro\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ2003propro\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Documents and Settings\Fai\Desktop\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Documents and Settings\Fai\Desktop\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\DOCUME~1\Fai\Desktop\flashget\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\DOCUME~1\Fai\Desktop\flashget\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {E38C7F62-3996-4033-87ED-E060C51253BF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E38C7F62-3996-4033-87ED-E060C51253BF} - (no file) (HKCU)
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.baben...cabs/videox.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5....v45/yacscom.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B73A7C1C-37DB-4F27-9F33-7A952596D485}: NameServer = 218.102.62.71 205.252.144.120
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - D:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multimedia_Interface - Prism Microsystems, Inc. - D:\WINDOWS\system32\mm\aysshell.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe