serious virus

[only_lonely]

i download a software,when install it,my pc hang awhile.
then i realize my pc affected virus.
my eSET antivirus program is missing.
my desktop background is changed,and alots of porn software install at my pc
i can't see my C&D drive at "My computer"
what do I do?
i boot into safemode,and my Eset antivirus program can only run in cmd mode.
it looks like many virus in my harddrive now
pls help

[only_lonely]

updated
i remove the hdd
make it as usb hdd and attach it to another pc
run the symantec antivirus scan
found 6 virus callled"Downloader.Zlob!gen.3" under F:\windows
the program remove the risks.
does it safe now if i boot to this hdd?

[evilfantasy]

You should run this tool. There are likely many more files that Symantec didn't find.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in the next post.

[only_lonely]

Press any Key and it will restart the PC.

When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.

Copy and paste the contents of the results file Report.txt in the next post.
when pc restart,should i boot into safe mode again to complete the process?or normal boot?

[evilfantasy]

Normal boot mode please.

[only_lonely]

SDFix: Version 1.219
Run by Administrator on 08/25/2008 Mon at 11:49 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Windows Product ID To Remove Fake Virus Alert

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\WINDOWS\system32\wvUmmKCV.dll - Deleted
C:\Program Files\PCHealthCenter\0.exe - Deleted
C:\Program Files\PCHealthCenter\0.gif - Deleted
C:\Program Files\PCHealthCenter\1.exe - Deleted
C:\Program Files\PCHealthCenter\1.gif - Deleted
C:\Program Files\PCHealthCenter\1.ico - Deleted
C:\Program Files\PCHealthCenter\2.exe - Deleted
C:\Program Files\PCHealthCenter\2.gif - Deleted
C:\Program Files\PCHealthCenter\2.ico - Deleted
C:\Program Files\PCHealthCenter\3.exe - Deleted
C:\Program Files\PCHealthCenter\3.gif - Deleted
C:\Program Files\PCHealthCenter\4.exe - Deleted
C:\Program Files\PCHealthCenter\5.exe - Deleted
C:\Program Files\PCHealthCenter\7.exe - Deleted
C:\Program Files\PCHealthCenter\sc.html - Deleted
C:\WINDOWS\system32\rtl60.bpl  - Deleted



Folder C:\Program Files\PCHealthCenter - Removed
Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 11:56:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Adobe Acrobat 8 Professional - English, Fran鑊s, Deutsch]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,a0,85,68,00,00,00,00,70,2a,b2,76,2a,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 8 Professional - English, Fran鑊s, Deutsch]
"UninstallString"="msiexec /I {AC76BA86-1033-F400-7760-000000000003}"
"Size"=""
"DisplayIcon"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe,0"
"DisplayName"="Adobe Acrobat 8.1.0 Professional"
"Language"=dword:00000409
"VersionMinor"=dword:00000000
"VersionMajor"=dword:00000008
"URLUpdateInfo"="http://www.adobe.com/acrofamily/main.html"
"URLInfoAbout"="http://www.adobe.com"
"Readme"="C:\Program Files\Adobe\Acrobat 8.0\Readme.htm"
"Publisher"="Adobe Systems"
"InstallSource"="C:\DOCUME~1\john\LOCALS~1\Temp\Adobe Acrobat 8\"
"InstallLocation"="C:\Program Files\Adobe\Acrobat 8.0\"
"InstallDate"="4/2/2008"
"HelpTelephone"="   "
"HelpLink"=str(2):"http://www.adobe.com/support/main.html"
"DisplayVersion"="8.1.0"
"Contact"="Customer Support"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 29 May 2006       116,224 A.SHR --- "C:\1KEYGHO.SYS"
Thu  3 Apr 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 12 Aug 2008        45,056 A..H. --- "C:\Documents and Settings\john\Application Data\Microsoft\Emulator for Windows CE\VPCKeyboard.dll"

Finished!

[only_lonely]

i still cannot access my C and D drive..
cannot found under my computer.

[evilfantasy]

Hopefully the OS isn't damaged too badly. At least you have a way to run scans on it so hopefully we will start making good progress now. Users who can't jump their drives have been having to reformat lately with this particular infection.

Download Malwarebytes' Anti-Malware (MBAM)

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download TrendMicro HijackThis.exe (HJT)

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.

• Click on the Do a system scan and save a log file button
  
• HijackThis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  
• Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

----------

Next post please add:

• MBAM log
• HijackThis log

[only_lonely]

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

1:26:53 PM 8/25/2008
mbam-log-08-25-2008 (13-26-53).txt

Scan type: Quick Scan
Objects scanned: 53853
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12f1c4c5-8b8d-33e1-8d9b-048e2bac4384} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12f1c4c5-8b8d-33e1-8d9b-048e2bac4384} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sue8db.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully.

[only_lonely]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:27 PM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [\VIE8D7.exe] C:\Windows\System32\VIE8D7.exe
O4 - HKLM\..\Run: [\VIE8D8.exe] C:\Windows\System32\VIE8D8.exe
O4 - HKLM\..\Run: [\VIE8D9.exe] C:\Windows\System32\VIE8D9.exe
O4 - HKLM\..\Run: [\VIE8DA.exe] C:\Windows\System32\VIE8DA.exe
O4 - HKLM\..\Run: [\VIE11.exe] C:\Windows\System32\VIE11.exe
O4 - HKLM\..\Run: [\VIE12.exe] C:\Windows\System32\VIE12.exe
O4 - HKLM\..\Run: [\VIE15.exe] C:\Windows\System32\VIE15.exe
O4 - HKLM\..\Run: [\VIE16.exe] C:\Windows\System32\VIE16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.ges.com.sg/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207181156285
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207185880443
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pdoskegl - {B8FB1278-13F4-4FA6-95A8-E5C5B348BA83} - C:\WINDOWS\pdoskegl.dll (file missing)
O21 - SSODL: rqbmvpso - {F7FF8F10-1A88-4649-B8EF-EFBA71D93EB5} - C:\WINDOWS\rqbmvpso.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows_IE7.0 - Unknown owner - C:\WINDOWS\IE7.0.exe (file missing)

--
End of file - 7810 bytes

[only_lonely]

the above log was done under safe mode
i run again the anti malware again in normal boot windows now.

[evilfantasy]

Post a HijackThis log from Normal mode. I need to see what all is running from Normal mode,

[only_lonely]

ok..
the new malware log under normal boot
Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

01:41:44 PM 25-Aug-08
mbam-log-08-25-2008 (13-41-44).txt

Scan type: Quick Scan
Objects scanned: 57174
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sue8db.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\john\Local Settings\Temp\HDVideodll_ver1.5006.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Local Settings\Temp\smchk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\john\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

after remove the virus,reboot pc then the hijack log under normal mode
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:02 PM, on 25-Aug-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\System32\VIE4.exe
C:\Windows\System32\VIE5.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [\VIE8D7.exe] C:\Windows\System32\VIE8D7.exe
O4 - HKLM\..\Run: [\VIE8D8.exe] C:\Windows\System32\VIE8D8.exe
O4 - HKLM\..\Run: [\VIE8D9.exe] C:\Windows\System32\VIE8D9.exe
O4 - HKLM\..\Run: [\VIE8DA.exe] C:\Windows\System32\VIE8DA.exe
O4 - HKLM\..\Run: [\VIE11.exe] C:\Windows\System32\VIE11.exe
O4 - HKLM\..\Run: [\VIE12.exe] C:\Windows\System32\VIE12.exe
O4 - HKLM\..\Run: [\VIE15.exe] C:\Windows\System32\VIE15.exe
O4 - HKLM\..\Run: [\VIE16.exe] C:\Windows\System32\VIE16.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [MSCalsClocks] C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
O4 - HKCU\..\Run: [\VIE8D7.exe] C:\Windows\System32\VIE8D7.exe
O4 - HKCU\..\Run: [\VIE8D8.exe] C:\Windows\System32\VIE8D8.exe
O4 - HKCU\..\Run: [\VIE8D9.exe] C:\Windows\System32\VIE8D9.exe
O4 - HKCU\..\Run: [\VIE8DA.exe] C:\Windows\System32\VIE8DA.exe
O4 - HKCU\..\Run: [\VIE11.exe] C:\Windows\System32\VIE11.exe
O4 - HKCU\..\Run: [\VIE12.exe] C:\Windows\System32\VIE12.exe
O4 - HKCU\..\Run: [\VIE15.exe] C:\Windows\System32\VIE15.exe
O4 - HKCU\..\Run: [\VIE16.exe] C:\Windows\System32\VIE16.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKCU\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKCU\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - Startup: eCentral.lnk = C:\Program Files\Eshasoft\Calendar and Day Planner (USA Edition)\eCentral.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: http://www.sheepshow.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.ges.com.sg/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207181156285
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207185880443
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: pdoskegl - {B8FB1278-13F4-4FA6-95A8-E5C5B348BA83} - C:\WINDOWS\pdoskegl.dll (file missing)
O21 - SSODL: rqbmvpso - {F7FF8F10-1A88-4649-B8EF-EFBA71D93EB5} - C:\WINDOWS\rqbmvpso.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows_IE7.0 - Unknown owner - C:\WINDOWS\IE7.0.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 12356 bytes

[only_lonely]

it is now better
i can access my c,d drive
but the desktop background still messy.
and a windows(empty html) always pop up at startup

[evilfantasy]

I can tell the drives are now showing. We are making good progress but there is still more left.

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
• O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll (file missing)
• O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
• O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll (file missing)
• O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
• O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
• O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
• O21 - SSODL: pdoskegl - {B8FB1278-13F4-4FA6-95A8-E5C5B348BA83} - C:\WINDOWS\pdoskegl.dll (file missing)
• O21 - SSODL: rqbmvpso - {F7FF8F10-1A88-4649-B8EF-EFBA71D93EB5} - C:\WINDOWS\rqbmvpso.dll (file missing)
• O24 - Desktop Component 0: Privacy Protection - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Go to start > Control panel > Display > Desktop > Customize Desktop... >  Web tab
Make sure Lock desktop items is unchecked.
Select everything you find in there (except for "My current home page") and press the delete button on the right.
Hit OK below > apply in previous window.


Be sure to restart now to make sure the HijackThis changes and desktop settings are registered.

----------

Do you know what these are? There are a whole bunch of them.

O4 - HKCU\..\Run: [\VIE11.exe] C:\Windows\System32\VIE11.exe

And also these?

O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm