Help: Slow comp, missing address bar and weird chinese popup

[LoupArgent]

Hi im looking for someone who could analyze my HijackThis log. It said that i have a lot of hijacked domain and it requires me to delete the said "01 host files" in my C:/WINDOWS/System32/etc/hosts. . The problem is I notice that my address bar or the bar where i could type the destination is missing and I can't seems to fix it. Other symptoms I've experience in my comp is that I keep having those weird chinese popup ads and my comp seems to slow down as I connect to the internet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:15 PM, on 12/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\windates.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\f7a81.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\GuideMan\GMSoft.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\ipconfig.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\RSBS PROPERTY\My Documents\boom's stuff\ATF-Cleaner.exe
C:\Documents and Settings\RSBS PROPERTY\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.kzxf.net/?x
R3 - URLSearchHook: (no name) - _{0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 221.130.185.110 survey88.allyes.com
O1 - Hosts: 221.130.185.110 adtaobao.allyes.com
O1 - Hosts: 221.130.185.110 code.qihoo.com
O1 - Hosts: 221.130.185.110 union.mop.com
O1 - Hosts: 221.130.185.110 js.kkunion.com
O1 - Hosts: 221.130.185.110 v.kkunion.com
O1 - Hosts: 221.130.185.110 v.21cn.com
O1 - Hosts: 221.130.185.110 iplusms.allyes.com
O1 - Hosts: 221.130.185.110 mms.t2t2.com
O1 - Hosts: 221.130.185.110 ivr.dobig.net
O1 - Hosts: 221.130.185.110 www.u8u.com
O1 - Hosts: 221.130.185.110 u.u8u.com
O1 - Hosts: 221.130.185.110 img.zhangxiu.com
O1 - Hosts: 221.130.185.110 tl.linktone.com
O1 - Hosts: 221.130.185.110 channel.e78.com
O1 - Hosts: 221.130.185.110 u.7town.com
O1 - Hosts: 221.130.185.110 union.95ol.com.cn
O1 - Hosts: 221.130.185.110 mms1.95ol.com.cn
O1 - Hosts: 221.130.185.110 mfs.95ol.com.cn
O1 - Hosts: 221.130.185.110 tl.a8.com
O1 - Hosts: 221.130.185.110 ad01.a8.com
O1 - Hosts: 221.130.185.110 u2.caiku.com
O1 - Hosts: 221.130.185.110 mms.caiku.com
O1 - Hosts: 221.130.185.110 code1.caiku.com
O1 - Hosts: 221.130.185.110 pub.lele.com
O1 - Hosts: 221.130.185.110 u.lele.com
O1 - Hosts: 221.130.185.110 7town.com
O1 - Hosts: 221.130.185.110 tvsend.7town.com
O1 - Hosts: 221.130.185.110 ivrsend.7town.com
O1 - Hosts: 221.130.185.110 tlt.7town.com
O1 - Hosts: 221.130.185.110 gsend.7town.com
O1 - Hosts: 221.130.185.110 smssend.7town.com
O1 - Hosts: 221.130.185.110 mmssend.moyu.com
O1 - Hosts: 221.130.185.110 91ivr.com
O1 - Hosts: 221.130.185.110 myad.91ivr.com
O1 - Hosts: 221.130.185.110 u.91ivr.com
O1 - Hosts: 221.130.185.110 union.91ivr.com
O1 - Hosts: 221.130.185.110 cm.p4p.cn.yahoo.com
O1 - Hosts: 221.130.185.110 un.265.com
O1 - Hosts: 221.130.185.110 union.qq.com
O1 - Hosts: 221.130.185.110 view.aliunion.cn.yahoo.com
O1 - Hosts: 221.130.185.110 union.narrowad.com
O1 - Hosts: 221.130.185.110 ln.heima8.com
O1 - Hosts: 221.130.185.110 www.fboat.cn
O1 - Hosts: 221.130.185.110 cpro.baidu.com
O1 - Hosts: 221.130.185.110 unstat.baidu.com
O1 - Hosts: 221.130.185.110 y.cnxad.com
O1 - Hosts: 221.130.185.110 www.ewowo.com
O1 - Hosts: 221.130.185.110 template.union.163.com
O1 - Hosts: 221.130.185.110 new.is686.com
O1 - Hosts: 221.130.185.110 creative.unionsys.bolaa.com
O1 - Hosts: 221.130.185.110 www.qyule.com
O1 - Hosts: 221.130.185.110 99e.cc
O1 - Hosts: 221.130.185.110 www.91ivr.com
O1 - Hosts: 221.130.185.110 mg.ukaka.com
O1 - Hosts: 221.130.185.110 kooxoo2.ad4all.net
O1 - Hosts: 221.130.185.110 www.8fff.com
O1 - Hosts: 221.130.185.110 union.pomoho.com
O1 - Hosts: 221.130.185.110 202.107.233.211
O1 - Hosts: 221.130.185.110 www.end123.com
O1 - Hosts: 221.130.185.110 w1.7clink.com
O1 - Hosts: 221.130.185.110 w2.7clink.com
O1 - Hosts: 221.130.185.110 union01.com
O1 - Hosts: 221.130.185.110 click.8le8le.com
O1 - Hosts: 221.130.185.110 stbanner.allyes.com
O1 - Hosts: 221.130.185.110 mms1.moyu.com
O1 - Hosts: 221.130.185.110 u.moyu.com
O1 - Hosts: 221.130.185.110 mmsu.moyu.com
O1 - Hosts: 221.130.185.110 show.moyu.com
O1 - Hosts: 221.130.185.110 ivrsend.moyu.com
O1 - Hosts: 221.130.185.110 ivru.moyu.com
O1 - Hosts: 221.130.185.110 ivr1.moyu.com
O1 - Hosts: 221.130.185.110 corep.dmcast.com
O1 - Hosts: 221.130.185.110 m081.dmcast.com
O1 - Hosts: 221.130.185.110 dcww.dmcast.com
O1 - Hosts: 221.130.185.110 renren.dmcast.com
O1 - Hosts: 221.130.185.110 files.henbang.net
O1 - Hosts: 221.130.185.110 bannerbox.cn
O1 - Hosts: 221.130.185.110 www.bannerbox.cn
O1 - Hosts: 221.130.185.110 action.coopen.cn
O1 - Hosts: 221.130.185.110 u4.sky99.cn
O1 - Hosts: 221.130.185.110 u1.sky99.cn
O1 - Hosts: 221.130.185.110 u2.sky99.cn
O1 - Hosts: 221.130.185.110 u3.sky99.cn
O1 - Hosts: 221.130.185.110 sky99.cn
O1 - Hosts: 221.130.185.110 u.sky99.cn
O1 - Hosts: 221.130.185.110 u.ete.cn
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 www.365tan.com
O1 - Hosts: 221.130.185.110 www.winopen.cn
O1 - Hosts: 221.130.185.110 www.tanip.com
O1 - Hosts: 221.130.185.110 alexaanywhere.com
O1 - Hosts: 221.130.185.110 jssb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ns250.alexaanywhere.com
O1 - Hosts: 221.130.185.110 sb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 pop.9v.cn
O1 - Hosts: 221.130.185.110 xuni.myad.cn
O1 - Hosts: 221.130.185.110 iebar.t2t2.com
O1 - Hosts: 221.130.185.110 error.newcell.cn
O1 - Hosts: 221.130.185.110 auto.search.msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing)
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\System32\ef71.dll
O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
O2 - BHO: (no name) - {A0CB0C8A-BA9D-4B91-B659-5A6556C6F477} - C:\Program Files\scNine\Boos.dll
O3 - Toolbar: (no name) - {70969795-AC9C-4116-94A9-BE5383549A0E} - C:\Program Files\scNine\scNine.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Windows SSL File] winssv.exe
O4 - HKLM\..\Run: [Rout111] serv454.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tblgloqg] C:\Program Files\Ivpd\Lozq.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [GenProtect] C:\WINDOWS\GenProtect.exE
O4 - HKLM\..\Run: [scNine] C:\WINDOWS\windates.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [gmsoft] C:\Program Files\GuideMan\gusetup.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kawdcaz] C:\WINDOWS\system32\kawdcaz.exe
O4 - HKLM\..\RunServices: [Rout111] serv454.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] hpazlhehx.exe
O4 - HKCU\..\Run: [Windows SSL File] winssv.exe
O4 - HKCU\..\Run: [Window Monitor] winmon32.exe
O4 - HKCU\..\Run: [Rout111] serv454.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8
O4 - HKCU\..\Run: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Offices] msnmgd32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\RunServices: [Window Monitor] winmon32.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDEG32] LYLoader.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDOG32] LYLoador.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe
O4 - HKLM\..\Policies\Explorer\Run: [w4m2ce] rundll32 "C:\WINDOWS\Downlo~1\w4m2ce.dll",start
O4 - HKLM\..\Policies\Explorer\Run: [w3i4] rundll32 "C:\WINDOWS\Downlo~1\w3i4.dll",Run
O4 - HKCU\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Windows SSL File] winssv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows SSL File] winssv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows SSL File] winssv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows SSL File] winssv.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ATICheck] %SystemRoot%\system32\aticheck.exe (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O13 - DefaultPrefix: http://searchnine.cn/response.php?search=
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-...5.cab?fgiocv=1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB68D92A-7A91-4784-A719-2361CFC74347}: NameServer = 210.4.2.61 202.78.97.41
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB136EDD-AB4B-4DCF-811A-573705C96132}: NameServer = 203.172.11.21,203.172.11.25
O20 - AppInit_DLLs: kvdxskma.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Hhqclf32.dll (file missing)
O21 - SSODL: G0EBICIH - {3D4F05BA-0BD9-29C9-13C0-4C7538BA022C} - C:\WINDOWS\System32\Jofdqc32.dll (file missing)
O23 - Service: 309A17B - Unknown owner - C:\WINDOWS\System32\5F2C37EA.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NetWork Service (nkserv) - Unknown owner - c:\program files\common files\system\serv.exe (file missing)
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Advanced Manager (wamer) - Unknown owner - C:\Program Files\Microsoft Office\SYSTEM\dodolook_7493.exe

--
End of file - 20546 bytes


Any help would be nice. Thanks

[Pancake]

We will need to get Service pack 2 later so I need this info....

Please save and run the download.It will copy the results to your clipboard. Will you copy and paste them back here please.

http://go.microsoft.com/fwlink/?linkid=52012

===========================

Download Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify any malware on your system.
Please download Combofix from any of these locations:

Here
or
Here


Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.