saintsfanpk3
asked on
More slow computer stuff
Here is a hijack log from my computer, which is painfully slow again and I think it's infected with something - which of these items should I fix?
Logfile of HijackThis v1.98.2
Scan saved at 8:19:04 PM, on 9/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTou ch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe
C:\WINDOWS\System32\driver s\CDAC11BA .EXE
C:\PROGRA~1\MOUSEW~1\SYSTE M\EM_EXEC. EXE
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\CTsvcC DA.exe
C:\WINDOWS\System32\RUNDLL 32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mmtask.exe
C:\Program Files\Dell\Support\Alert\b in\NotifyA lert.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\behwvo .exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\WINDOWS\Microsoft.NET\i mgxml.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSP Sv.exe
C:\DOCUME~1\INCRED~1\bin\I MApp.exe
C:\WINDOWS\System32\wuaucl t.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Julie Ann Groth\Local Settings\Temporary Internet Files\Content.IE5\0LM341UR \HijackThi s[1].exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.msnbc.msn.com/Default.aspx?p1=0
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dellnet.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-2 16055BF991 8} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7 6E68DC4AB2 E} - (no file)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3 ECD647AA55 4} - C:\Program Files\MyWay\SrchAstt\1.bin \MYSRCHAS. DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0 003470BB48 E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C CEFF1E3949 E} - C:\DOCUME~1\JULIEA~1\LOCAL S~1\Temp\l mxgmi.dat
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\windows\googletoolbar2. dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6 B2202066F9 5} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E 1B4C16F92E B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\windows\googletoolbar2. dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou ch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap w32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE M\EM_EXEC. EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe" startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTr ay.dll,NvT askbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mmtask.exe
O4 - HKLM\..\Run: [xcfirnvvpuhe] C:\WINDOWS\System32\behwvo .exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [*logpc] C:\WINDOWS\system32\Micros oft\logpc. exe
O4 - HKLM\..\Run: [*imgxml] C:\WINDOWS\Microsoft.NET\i mgxml.exe
O4 - HKLM\..\RunOnce: [*imgxml] C:\WINDOWS\Microsoft.NET\i mgxml.exe rerun
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\INCRED~1\bin\I ncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo lbar2.dll/ cmsearch.h tml
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo lbar2.dll/ cmbacklink s.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo lbar2.dll/ cmcache.ht ml
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo lbar2.dll/ cmsimilar. html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo lbar2.dll/ cmtrans.ht ml
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Sametime Meeting Room Client ST25DEV9 - http://tranmeeting01c.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01111F00-3E00-11D2-8470-0 060089874E D} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9 63509EAE56 B} (SysProWmi Class) - http://support.dell.com/us/en/systemprofiler/SysPro.CAB
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E B0E5584767 D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0 F47A330807 8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7 C6C9569B8C 7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\V xD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\V xD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
Logfile of HijackThis v1.98.2
Scan saved at 8:19:04 PM, on 9/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTou
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATC
C:\WINDOWS\System32\driver
C:\PROGRA~1\MOUSEW~1\SYSTE
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\WINDOWS\system32\cisvc.
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\CTsvcC
C:\WINDOWS\System32\RUNDLL
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\Dell\Support\Alert\b
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\behwvo
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\Microsoft.NET\i
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSP
C:\DOCUME~1\INCRED~1\bin\I
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Julie Ann Groth\Local Settings\Temporary Internet Files\Content.IE5\0LM341UR
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-2
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTr
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [xcfirnvvpuhe] C:\WINDOWS\System32\behwvo
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [*logpc] C:\WINDOWS\system32\Micros
O4 - HKLM\..\Run: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKLM\..\RunOnce: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: Sametime Meeting Room Client ST25DEV9 - http://tranmeeting01c.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01111F00-3E00-11D2-8470-0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
O17 - HKLM\System\CCS\Services\V
O17 - HKLM\System\CCS\Services\V
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Generally, you have a very large number of running processes - 45, and also a large number of autostarting items (the HKLM\..\Run: entries) - 25. A clean system would have like 20 and <5, respectively.
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou ch.exe
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
The above don't need to autostart, probably
These 2 are antivirus, i hope...
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap w32.exe
These don't need to autostart I guess. Low ink level will probably give an alert anyway, without having to run a monitor all the time... just as an example.
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE M\EM_EXEC. EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe" startup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
And what's this?
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Some Jukebox item again?
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mmtask.exe
Even if you use MSWorks, you don't need to have a continuous watch for updates. run once in a while and not as autostart.
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
All these autostarting items will slow down startup and some keep up activity that uses CPU cycles and RAM, very probably for no benefit at all.
/RID
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
The above don't need to autostart, probably
These 2 are antivirus, i hope...
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
These don't need to autostart I guess. Low ink level will probably give an alert anyway, without having to run a monitor all the time... just as an example.
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
And what's this?
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Some Jukebox item again?
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
Even if you use MSWorks, you don't need to have a continuous watch for updates. run once in a while and not as autostart.
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
All these autostarting items will slow down startup and some keep up activity that uses CPU cycles and RAM, very probably for no benefit at all.
/RID
Goto Start>Run>msconfig>Startup
and untick the applications which are un-needed !!
U have these BAD entries which are needed to be fixed.... so first move the hijakchtis folder to a New Folder on ur Desktop, then turn off ur System Restore and fix these lines !!
==========================
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-2
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E
O4 - HKLM\..\Run: [xcfirnvvpuhe] C:\WINDOWS\System32\behwvo
O4 - HKLM\..\Run: [*logpc] C:\WINDOWS\system32\Micros
O4 - HKLM\..\Run: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKLM\..\RunOnce: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
==========================
Then Make sure u have all these tools installed on ur system !!
==========================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
==========================
Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:
1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool(Stinger) and delete all viruses it found
3. Run the Spyware Removal tools(use them all) and delete everything they detect
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
8. Goto C:\Windows\Temp and delete all files present here
9. Now perform an error checking(scandisk) on ur hard drive, and defrag it, also in safemode
10. Then Delete these three files, they are unknown
C:\WINDOWS\System32\behwvo
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\Microsoft.NET\i
After finishing ur work, Reboot back in Normal Mode and check if problems are gone or not
Also How old is ur system ?? especially ur hard drive ??