Options
HSA on my pc/My HJT-Log/Kyver
Hello there!
It seems like google is working very well cause i was searching for a way to get rid of this annoying HSA animal on my pc when i found you guys! I keep getting popups and ads of HSA, and in the beginning my homepage changed too (the "about:blank" page). I ran the HSRemove.exe program, AdAware, Spybot and my virusscan. The homepage problem seems to be solved, but i keep getting the popups... Now i've run HJT and this is my log. Can you guys give me some help please? Thanx a lot!
Another question: does it make a difference that i'm working on a pc with several user accounts? In other words, can this problem be solved for every account on this pc? I hope this is not a stupid question...
Anyway, i hope we can solve this!
Thank you!
Greets, David
This is my log:
Logfile of HijackThis v1.98.2
Scan saved at 16:12:57, on 15/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\croh.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
C:\WINDOWS\apitj32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\croh.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F0FE5597-AC67-144F-6580-291D05E958EF} - C:\WINDOWS\netbc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [apvyzkznwzpo] C:\WINDOWS\System32\xjkhlwdv.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [apitj32.exe] C:\WINDOWS\apitj32.exe
O4 - HKLM\..\RunOnce: [croh.exe] C:\WINDOWS\croh.exe
O4 - HKLM\..\RunOnce: [ograox.dat] C:\WINDOWS\ograox.dat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.bcn.es/vserver/AxisCamControl.ocx
It seems like google is working very well cause i was searching for a way to get rid of this annoying HSA animal on my pc when i found you guys! I keep getting popups and ads of HSA, and in the beginning my homepage changed too (the "about:blank" page). I ran the HSRemove.exe program, AdAware, Spybot and my virusscan. The homepage problem seems to be solved, but i keep getting the popups... Now i've run HJT and this is my log. Can you guys give me some help please? Thanx a lot!
Another question: does it make a difference that i'm working on a pc with several user accounts? In other words, can this problem be solved for every account on this pc? I hope this is not a stupid question...
Anyway, i hope we can solve this!
Thank you!
Greets, David
This is my log:
Logfile of HijackThis v1.98.2
Scan saved at 16:12:57, on 15/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\croh.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
C:\WINDOWS\apitj32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\croh.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F0FE5597-AC67-144F-6580-291D05E958EF} - C:\WINDOWS\netbc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [apvyzkznwzpo] C:\WINDOWS\System32\xjkhlwdv.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [apitj32.exe] C:\WINDOWS\apitj32.exe
O4 - HKLM\..\RunOnce: [croh.exe] C:\WINDOWS\croh.exe
O4 - HKLM\..\RunOnce: [ograox.dat] C:\WINDOWS\ograox.dat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.bcn.es/vserver/AxisCamControl.ocx
0
Comments
Please refer to Post # 2 of the Home Search Assistant Removal Guide to learn how to generate a log of your active services. Do that, post it here, and we will help you as soon as we can.
Dexter...
I hope this is what you asked me to do:
David
These are the Current Active Services:
Network Security Service: O?’ŽrtñåȲ$Ó
"C:\WINDOWS\croh.exe" /s
Windows Audio: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs
Computer Browser: Browser
C:\WINDOWS\System32\svchost.exe -k netsvcs
Services voor cryptografie: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
DHCP Client: Dhcp
C:\WINDOWS\System32\svchost.exe -k netsvcs
Logical Disk Manager: dmserver
C:\WINDOWS\System32\svchost.exe -k netsvcs
Service voor het rapporteren van fouten: ERSvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+-gebeurtenissysteem: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs
Compatibiliteit voor Snelle gebruikerswisseling: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs
Help en ondersteuning: helpsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
Server: lanmanserver
C:\WINDOWS\System32\svchost.exe -k netsvcs
Workstation: lanmanworkstation
C:\WINDOWS\System32\svchost.exe -k netsvcs
Messenger: Messenger
C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Connections: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA): Nla
C:\WINDOWS\System32\svchost.exe -k netsvcs
Verbindingsbeheer voor RAS: RasMan
C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs
System Restore-service: srservice
C:\WINDOWS\System32\svchost.exe -k netsvcs
Telephony: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services: TermService
C:\WINDOWS\System32\svchost.exe -k netsvcs
Thema's: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client: TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs
Uploadbeheer: uploadmgr
C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Time: W32Time
C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs
Automatische updates: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs
Wireless Zero Configuration-service: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs
DNS Client: Dnscache
C:\WINDOWS\System32\svchost.exe -k NetworkService
Event Log: Eventlog
C:\WINDOWS\system32\services.exe
Plug and Play: PlugPlay
C:\WINDOWS\system32\services.exe
TCP/IP NetBIOS Helper: LmHosts
C:\WINDOWS\System32\svchost.exe -k LocalService
Remote Registry: RemoteRegistry
C:\WINDOWS\system32\svchost.exe -k LocalService
SSDP Discovery-service: SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalService
WebClient: WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService
McAfee Framework Service: McAfeeFramework
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
Network Associates McShield: McShield
"C:\Program Files\Network Associates\VirusScan\mcshield.exe"
Network Associates Task Manager: McTaskManager
"C:\Program Files\Network Associates\VirusScan\vstskmgr.exe"
IPSEC-services: PolicyAgent
C:\WINDOWS\System32\lsass.exe
Protected Storage: ProtectedStorage
C:\WINDOWS\system32\lsass.exe
Security Accounts Manager: SamSs
C:\WINDOWS\system32\lsass.exe
Remote Procedure Call (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss
Print Spooler: Spooler
C:\WINDOWS\system32\spoolsv.exe
Windows Image Acquisition (WIA): stisvc
C:\WINDOWS\System32\svchost.exe -k imgsvc
Network Security Service: O?’ŽrtñåȲ$Ó
"C:\WINDOWS\croh.exe" /s
Go back to the removal guide and look at Step 4. Use the Services.msc control panel to find and STOP that service, then DISABLE it. Then, use the rest of the steps to remove the rest of the problem. According to your last HJT log, your problem HJT entries/files are:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyvds.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/Plus18Point/Portal/portal.html
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F0FE5597-AC67-144F-6580-291D05E958EF} - C:\WINDOWS\netbc.dll
O4 - HKLM\..\Run: [apvyzkznwzpo] C:\WINDOWS\System32\xjkhlwdv.exe
O4 - HKLM\..\Run: [apitj32.exe] C:\WINDOWS\apitj32.exe
O4 - HKLM\..\RunOnce: [croh.exe] C:\WINDOWS\croh.exe
O4 - HKLM\..\RunOnce: [ograox.dat] C:\WINDOWS\ograox.dat
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
(Some of those are related to another problem, but you can fix them all at once.)
Follow the guide to quarantine those files.
I also recommend you uninstall Kazaa and remove these entries:
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
Both of those files contain adware which install on your system. Use an adware free version (paid version) of Kazaa, or download Kazaa Lite as an alternative.
Come back and let us know how that works for you.
Dexter...
I made a new HJLog and just followed the removal guide (which is very clear btw!!)
Everything seems ok until now (homepage ok, no popups, no searchpages after using google...), but i just wanted to post a new log to get your opinion...
Thanx! & keep up the good work!
Logfile of HijackThis v1.98.2
Scan saved at 18:15:15, on 19/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [apitj32.exe] C:\WINDOWS\apitj32.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.bcn.es/vserver/AxisCamControl.ocx
O4 - HKLM\..\Run: [apitj32.exe] C:\WINDOWS\apitj32.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Reboot after deleting those, and post a new log.