HijackThis error when trying to remove HSA.

Unknown

I am having a serious problem with HijackThis.exe when trying to complete Step 1 of HSA Removal(btw, hsremove program does not work for me). When I run HijackThis(HJT), the program opens for a few seconds before closing, I am unable to do anything as the window closes too soon. I experience the same problem when trying to run MSCONFIG. AboutBuster.exe seems to work just fine. Will I be able to continue with HSA removal WITHOUT HJT.exe? If not so, how do I fix the problem with HJT.exe as described above. Please help me, Home Search is $^&*^%$ annoying!

P.S. Is the FireFox browser all that good?

Access_Denied

sounds like you have some sort of virus/spyware not wanting you to get rid of it.. i bet it does the same thign to task maneger too.. try to start in safemode and run HJT,AdAware and Spybot to get rid of the nastys on there.

primesuspect

1) I'm moving this thread to the SVT forum, as it doesn't qualify for "emergency help" (i.e. your computer won't turn on)

2) Try running HJT in safe mode. It may work that way. Also, are you using the latest version? 1.98.2? Try renaming the executable from hijackthis.exe to runme.exe or something like that.

3) Technically, you can remove HSA without using HJT, but it will involve a ton of research and manually editing the registry on your part. What we need to do instead is figure out what piece of spyware is stopping HJT.

4) Yes, firefox IS that much better. I highly recommend it.

primesuspect

Also: Read this, and like Access_denied said, try running a full scan with spybot and adaware before using HJT.

GreatWideLeong

Thanks for the advice guys. This forum really is really good! Will tell you the the results of the safe startup.

GreatWideLeong

Fixed the HSA problem, had to do the process twice, missed a few files...
Btw, I am still getting popups like crazy! Which files do I have to get rid off?

I used HJT after Ad-Aware and Spybot:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\libsysmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe
C:\WINDOWS\System32\WIND0WS.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svcohst.exe
C:\Program Files\Kazaa Lite\kazaalite.kpp
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe"
O4 - HKLM\..\Run: [WIND0WS] WIND0WS.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bgzyfw.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [NDIS TCP AUTO] xpnis.exe
O4 - HKLM\..\Run: [Win32 NDIS Driver] xpndis.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [system] system32.exe
O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] upd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [blah services] bet.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Microszoft Update Mach1nezs] svcohst.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\RunServices: [blah services] bet.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] upd.exe
O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [WIND0WS] WIND0WS.exe
O4 - HKLM\..\RunServices: [Win32 NDIS Driver] xpndis.exe
O4 - HKLM\..\RunServices: [NDIS TCP AUTO] xpnis.exe
O4 - HKLM\..\RunServices: [system] system32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [Microszoft Update Mach1nezs] svcohst.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Irht] C:\Documents and Settings\Woo Wai Leong\Application Data\ebue.exe
O4 - HKCU\..\Run: [Cjqjawye] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [Win32 NDIS Driver] xpndis.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [NDIS TCP AUTO] xpnis.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] upd.exe
O4 - HKCU\..\Run: [Microszoft Update Mach1nezs] svcohst.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\ISTbar\istbar.dll"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\fpmicbdm.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://search-search.net/ws2.chm::/w.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=218506986cd842e18508cd758df8f0f3e2294716a3c8ff030330eb02c21a3ed6529a2fddd9c51d8a8e4692f35f44971bbf19285c7b18:7ac7309620b01a864415ce530baee4ed
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B52D8858-091B-4046-901C-DBA914E540A0}: NameServer = 165.21.83.88 165.21.100.88
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

SpywareShooter

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O4 - HKLM\..\Run: [WIND0WS] WIND0WS.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\bgzyfw.exe
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [NDIS TCP AUTO] xpnis.exe
O4 - HKLM\..\Run: [Win32 NDIS Driver] xpndis.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [system] system32.exe
O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [blah services] bet.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\RunServices: [blah services] bet.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] upd.exe
O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [WIND0WS] WIND0WS.exe
O4 - HKLM\..\RunServices: [Win32 NDIS Driver] xpndis.exe
O4 - HKLM\..\RunServices: [NDIS TCP AUTO] xpnis.exe
O4 - HKLM\..\RunServices: [system] system32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [Microszoft Update Mach1nezs] svcohst.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Irht] C:\Documents and Settings\Woo Wai Leong\Application Data\ebue.exe
O4 - HKCU\..\Run: [Cjqjawye] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [Win32 NDIS Driver] xpndis.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [NDIS TCP AUTO] xpnis.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] upd.exe
O4 - HKCU\..\Run: [Microszoft Update Mach1nezs] svcohst.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\ISTbar\istbar.dll"
O9 - Extra button: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file)
O9 - Extra button: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {CC78B83A-132D-4CA1-BBEC-8A2F0024BCC3} - (no file) (HKCU)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\fpmicbdm.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://search-search.net/ws2.chm::/w.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...415ce530baee4ed
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing)

Fix those entries then find and delete the files listed above (except for rundll32.exe and advpack.dll), then reboot and post a new log.

GreatWideLeong

Thanks for the help, although I think that theres still something wrong with my PC. When I am surfing the net, my browser suddenly transfers me to this site http://ns1.hvnetworks.net/, some PHP Version 4.3.9 kinda thingmajig. As per your instructions, I conducted an Ad-Aware, Spybot and HJT scan and the said log is below. Thanks for all the help, you guys sure are great!

Logfile of HijackThis v1.98.2
Scan saved at 7:18:28 PM, on 11/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\libsysmgr.exe
C:\WINDOWS\Sti_Trace.log:tqcnd
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\tss.exe
C:\WINDOWS\System32\svcohst.exe
C:\WINDOWS\System32\tss.exe
C:\WINDOWS\System32\svcohst.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - URLSearchHook: MailTo Class - {FDE3577A-6254-181C-4E11-339E4F746BD3} - C:\WINDOWS\System32\wins32t.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] upd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKLM\..\Run: [Microszoft Update Mach1nezs] svcohst.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microszoft Update Mach1nezs] svcohst.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tapisys] C:\WINDOWS\System32\tss.exe
O4 - HKCU\..\Run: [Microszoft Update Mach1nezs] svcohst.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=218506986cd842e18508cd758df8f0f3e2294716a3c8ff030330eb02c21a3ed6529a2fddd9c51d8a8e4692f35f44971bbf19285c7b18:7ac7309620b01a864415ce530baee4ed
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

Tokakeke

You have the W32.DONK virus. Go into safe mode, kill the process, and delete the new entries in your hosts file (these will make it impossible to surf to the following sites):
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com

Then visit symantec.com's security response site for more removal instructions.