saintsfanpk3
asked on
More slow computer stuff
Here is a hijack log from my computer, which is painfully slow again and I think it's infected with something - which of these items should I fix?
Logfile of HijackThis v1.98.2
Scan saved at 8:19:04 PM, on 9/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTou
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATC
C:\WINDOWS\System32\driver
C:\PROGRA~1\MOUSEW~1\SYSTE
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\WINDOWS\system32\cisvc.
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\CTsvcC
C:\WINDOWS\System32\RUNDLL
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\Dell\Support\Alert\b
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\behwvo
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\Microsoft.NET\i
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSP
C:\DOCUME~1\INCRED~1\bin\I
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Julie Ann Groth\Local Settings\Temporary Internet Files\Content.IE5\0LM341UR
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-2
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTr
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [xcfirnvvpuhe] C:\WINDOWS\System32\behwvo
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [*logpc] C:\WINDOWS\system32\Micros
O4 - HKLM\..\Run: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKLM\..\RunOnce: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: Sametime Meeting Room Client ST25DEV9 - http://tranmeeting01c.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01111F00-3E00-11D2-8470-0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
O17 - HKLM\System\CCS\Services\V
O17 - HKLM\System\CCS\Services\V
Logfile of HijackThis v1.98.2
Scan saved at 8:19:04 PM, on 9/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTou
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATC
C:\WINDOWS\System32\driver
C:\PROGRA~1\MOUSEW~1\SYSTE
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\WINDOWS\system32\cisvc.
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\CTsvcC
C:\WINDOWS\System32\RUNDLL
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\Dell\Support\Alert\b
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\behwvo
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\Microsoft.NET\i
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchos
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSP
C:\DOCUME~1\INCRED~1\bin\I
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Julie Ann Groth\Local Settings\Temporary Internet Files\Content.IE5\0LM341UR
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-2
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTr
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [xcfirnvvpuhe] C:\WINDOWS\System32\behwvo
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [*logpc] C:\WINDOWS\system32\Micros
O4 - HKLM\..\Run: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKLM\..\RunOnce: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\DOCUME~1\INCRED~1\bin\I
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToo
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToo
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToo
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToo
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToo
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: Sametime Meeting Room Client ST25DEV9 - http://tranmeeting01c.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01111F00-3E00-11D2-8470-0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-E
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
O17 - HKLM\System\CCS\Services\V
O17 - HKLM\System\CCS\Services\V
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Generally, you have a very large number of running processes - 45, and also a large number of autostarting items (the HKLM\..\Run: entries) - 25. A clean system would have like 20 and <5, respectively.
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
The above don't need to autostart, probably
These 2 are antivirus, i hope...
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
These don't need to autostart I guess. Low ink level will probably give an alert anyway, without having to run a monitor all the time... just as an example.
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
And what's this?
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Some Jukebox item again?
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
Even if you use MSWorks, you don't need to have a continuous watch for updates. run once in a while and not as autostart.
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
All these autostarting items will slow down startup and some keep up activity that uses CPU cycles and RAM, very probably for no benefit at all.
/RID
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTou
O4 - HKLM\..\Run: [Real Spy Monitor] C:\Program Files\Real Spy Monitor\Real Spy Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
The above don't need to autostart, probably
These 2 are antivirus, i hope...
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
These don't need to autostart I guess. Low ink level will probably give an alert anyway, without having to run a monitor all the time... just as an example.
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
And what's this?
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Some Jukebox item again?
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
Even if you use MSWorks, you don't need to have a continuous watch for updates. run once in a while and not as autostart.
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
All these autostarting items will slow down startup and some keep up activity that uses CPU cycles and RAM, very probably for no benefit at all.
/RID
Goto Start>Run>msconfig>Startup
and untick the applications which are un-needed !!
U have these BAD entries which are needed to be fixed.... so first move the hijakchtis folder to a New Folder on ur Desktop, then turn off ur System Restore and fix these lines !!
==========================
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-2
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-7
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E
O4 - HKLM\..\Run: [xcfirnvvpuhe] C:\WINDOWS\System32\behwvo
O4 - HKLM\..\Run: [*logpc] C:\WINDOWS\system32\Micros
O4 - HKLM\..\Run: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O4 - HKLM\..\RunOnce: [*imgxml] C:\WINDOWS\Microsoft.NET\i
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
==========================
Then Make sure u have all these tools installed on ur system !!
==========================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
==========================
Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:
1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool(Stinger) and delete all viruses it found
3. Run the Spyware Removal tools(use them all) and delete everything they detect
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
8. Goto C:\Windows\Temp and delete all files present here
9. Now perform an error checking(scandisk) on ur hard drive, and defrag it, also in safemode
10. Then Delete these three files, they are unknown
C:\WINDOWS\System32\behwvo
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\Microsoft.NET\i
After finishing ur work, Reboot back in Normal Mode and check if problems are gone or not
Also How old is ur system ?? especially ur hard drive ??