Hi guys...
I have a windows 2000 laptop that has been running like a dying dog for the last while but now it has gotten so bad I can't even use it any more. I am quite close to a format at this stage it has gotten so bad. Programs seem to install of their own accord internet rarley works without crashing out and the cpu usage tops 100% regularly. I have the computer all virus scanned n' stuff and I am hoping one of you guys can see somethig I am missing. Thanks in advance. Damien
Logfile of HijackThis v1.98.2
Scan saved at 14:46:36, on 27/09/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\loadqm.exe
C:\Program Files\msconfiger\msconfiger.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINNT\System32\internat.exe
C:\freeserve\freeserveconnectionkit\atdialler12.exe
C:\Program Files\WinZip\WZQKPICK.EXE
\Server01\Common\stinger.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&ar=runonce&pver={SUB_PVER}&plcid={SUB_CLSID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&ar=runonce&pver={SUB_PVER}&plcid={SUB_CLSID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.caudwhflcvaayr.us/w_W7h/88sWLyU4XEKtzPx7m9QXKrZWfQtzmAW40vyM1nydfUduXqtHXeB0ecRnRi.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {02DB5607-A2E8-B402-238B-FB3703FD9D47} - C:\WINNT\System32\stehjkmr.dll
O2 - BHO: (no name) - {0EC96524-F7CA-2DD7-EE84-A59BF032256E} - C:\WINNT\System32\rtalomud.dll
O2 - BHO: (no name) - {10399C88-2780-EC28-7B24-7F7BF616932E} - C:\WINNT\System32\pgfxquvg.dll
O2 - BHO: (no name) - {1DAF5F66-DD9C-D2F7-849F-ACD3087E6B45} - C:\WINNT\System32\trnylxng.dll
O2 - BHO: (no name) - {1E696754-8733-89B4-3F76-9BA5C9482769} - C:\WINNT\System32\jwoqvvie.dll
O2 - BHO: (no name) - {21772E8B-3852-90A0-76F9-617D66980886} - C:\WINNT\System32\srphxkqd.dll (file missing)
O2 - BHO: (no name) - {226B46ED-7983-7BBE-EB5E-B9FE0E4346B7} - C:\WINNT\System32\phmgsbcb.dll
O2 - BHO: (no name) - {27F6438F-A317-270B-E24B-03FC8EF17F75} - C:\WINNT\System32\sllpnmiy.dll
O2 - BHO: (no name) - {2C31BD7A-514E-93F8-A1FB-1A12D6CA963C} - C:\WINNT\System32\ohzkfebw.dll
O2 - BHO: (no name) - {32C0FC2E-C346-8484-EB81-26EEF75D5919} - C:\WINNT\System32\puunlqxd.dll
O2 - BHO: (no name) - {4680B8DE-BDA7-9835-5EBA-E0A2D0814346} - C:\WINNT\System32\jnmnpwaz.dll
O2 - BHO: (no name) - {51CEF8A8-77F7-E188-32C0-FC2EC3468484} - C:\WINNT\System32\hamvrtsz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F0B05B-0B59-53FD-1A06-88524955DF69} - C:\WINNT\System32\wpdhlxkg.dll
O2 - BHO: (no name) - {5C0F1BBC-43E6-A2D5-3E25-6B5DCC27714B} - C:\WINNT\System32\mktiqazr.dll
O2 - BHO: (no name) - {5D9DC86D-8872-3ECC-E8A9-23DF5DFCF654} - C:\WINNT\System32\zrmmedvi.dll
O2 - BHO: (no name) - {5DAD761E-4EFE-D9C4-14AD-5A626DD27DDB} - C:\WINNT\System32\mzfptyjz.dll
O2 - BHO: (no name) - {5FB4063A-0773-549C-9544-146C379458FF} - C:\WINNT\System32\tiqvtvva.dll
O2 - BHO: (no name) - {64F765A0-BF2B-A946-4EEA-3A55CE27A4D8} - C:\WINNT\System32\wbhtfamh.dll (file missing)
O2 - BHO: (no name) - {65DE985A-6C89-6EB0-F9F7-055A77BC73EB} - C:\WINNT\System32\cvyvfsmd.dll
O2 - BHO: (no name) - {699A9270-84FF-E8DC-F41A-B0A505B73CDD} - C:\WINNT\System32\gppetkuv.dll
O2 - BHO: (no name) - {6C0683C8-23BA-D8FA-D627-CF70AE77B785} - C:\WINNT\System32\fpiweinh.dll
O2 - BHO: (no name) - {7086CFA7-B8DE-C221-7928-8D7AB5A99879} - C:\WINNT\System32\argxvwng.dll
O2 - BHO: (no name) - {7422D283-9BAC-A4DD-A981-19B99A1107ED} - C:\WINNT\System32\aerwatpd.dll
O2 - BHO: (no name) - {78662DDC-EBBB-071A-4042-03BCE3D54E26} - C:\WINNT\System32\vocqaiwj.dll
O2 - BHO: (no name) - {79288D7A-B5A9-9879-EA5D-7D0CD21B3F2B} - C:\WINNT\System32\mzanvlho.dll
O2 - BHO: (no name) - {7E771EFD-F7B6-C493-7E31-91D5B2C45BA4} - C:\WINNT\System32\ekbaflwb.dll
O2 - BHO: (no name) - {8A6A73AF-CACD-258B-ADC3-CDC763DB9AFB} - C:\WINNT\System32\wajzwmyq.dll
O2 - BHO: (no name) - {8D95135A-8AD0-9020-AB1F-653595226067} - C:\WINNT\System32\fvvjcecv.dll
O2 - BHO: (no name) - {8F8F02F6-017B-FC28-5B2B-A4C512D06C96} - C:\WINNT\System32\zbrbznpk.dll
O2 - BHO: (no name) - {93E0EF44-D67E-864C-9039-F12E028769CB} - C:\WINNT\System32\dgdxkdia.dll
O2 - BHO: (no name) - {9ACEF6B7-E96C-FE78-ABD4-6F0BB4BE4F0F} - C:\WINNT\System32\sialcnjg.dll
O2 - BHO: (no name) - {AA99B822-34E3-64B3-1C3D-6C85ECF5C8BA} - C:\WINNT\System32\jjeyyujc.dll
O2 - BHO: (no name) - {AD6A8290-5F58-1F69-4EAA-A905E4C3F3EA} - C:\WINNT\System32\quzqunjo.dll
O2 - BHO: (no name) - {B526B6A6-F002-FD37-8F8F-02F6017BFC28} - C:\WINNT\System32\mcftcquy.dll
O2 - BHO: (no name) - {B61493A4-0F63-2CB8-E02E-2C95A5F81461} - C:\WINNT\System32\vvjlvulm.dll
O2 - BHO: (no name) - {D44DDB4B-E373-BCAF-92EB-6A60391847F0} - C:\WINNT\System32\imuepnbr.dll
O2 - BHO: (no name) - {DDA827F7-9F86-7174-82B1-F82F96016953} - C:\WINNT\System32\bszrkxhj.dll
O2 - BHO: (no name) - {EAA88949-17B2-8E72-18C7-D229B4DBED96} - C:\WINNT\System32\hbrhypde.dll
O2 - BHO: (no name) - {EFD29412-8304-915B-8C54-98224AEAC719} - C:\WINNT\System32\zxorfipg.dll
O2 - BHO: (no name) - {EFF40382-47AF-1FA3-6888-EE01F7CB26DA} - C:\WINNT\System32\bifxuqjn.dll
O2 - BHO: (no name) - {F15218A7-67F6-43EE-6AA4-BB8ED9CCC98A} - C:\WINNT\System32\bmfrujua.dll
O2 - BHO: (no name) - {F1D33D85-4A69-AA17-E0AC-8FA4B891C4B8} - C:\WINNT\System32\mxickdns.dll
O2 - BHO: (no name) - {F2AA9CB0-4FC8-6C62-EAAB-4E12728D9217} - C:\WINNT\System32\uhumlftm.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msconfiger lptt01] "C:\Program Files\msconfiger\msconfiger.exe"
O4 - HKLM\..\Run: [<H] c:\WINNT\System32\
O4 - HKLM\..\Run: [ Error</TI] c:\WINNT\System32\ Error
O4 - HKLM\..\Run: [</H] c:\WINNT\System32\
O4 - HKLM\..\Run: [<B] c:\WINNT\System32\
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINNT\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINNT\System32\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINNT\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [GANDI then par] c:\WINNT\System32\GANDI then parked.
O4 - HKLM\..\Run: [</B] c:\WINNT\System32\
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [tsaxzn] C:\WINNT\System32\wsxfynk.exe
O4 - HKLM\..\Run: [OSS] C:\WINNT\SYSTEM32\ossproxy.exe -boot
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler12.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn298.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = REDElectrics.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A8468A-C0B9-45C2-ADB7-82DD8BBE47EA}: NameServer = 10.0.0.5,10.0.0.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = REDElectrics.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = REDElectrics.com
O18 - Protocol: bega - {A57721C9-B905-49B3-8BCA-B99FBB8C627E} - C:\Program Files\Common Files\BEGA\DatabaseTools.dll
I have a windows 2000 laptop that has been running like a dying dog for the last while but now it has gotten so bad I can't even use it any more. I am quite close to a format at this stage it has gotten so bad. Programs seem to install of their own accord internet rarley works without crashing out and the cpu usage tops 100% regularly. I have the computer all virus scanned n' stuff and I am hoping one of you guys can see somethig I am missing. Thanks in advance. Damien
Logfile of HijackThis v1.98.2
Scan saved at 14:46:36, on 27/09/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\loadqm.exe
C:\Program Files\msconfiger\msconfiger.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINNT\System32\internat.exe
C:\freeserve\freeserveconnectionkit\atdialler12.exe
C:\Program Files\WinZip\WZQKPICK.EXE
\Server01\Common\stinger.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&ar=runonce&pver={SUB_PVER}&plcid={SUB_CLSID}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&ar=runonce&pver={SUB_PVER}&plcid={SUB_CLSID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.caudwhflcvaayr.us/w_W7h/88sWLyU4XEKtzPx7m9QXKrZWfQtzmAW40vyM1nydfUduXqtHXeB0ecRnRi.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {02DB5607-A2E8-B402-238B-FB3703FD9D47} - C:\WINNT\System32\stehjkmr.dll
O2 - BHO: (no name) - {0EC96524-F7CA-2DD7-EE84-A59BF032256E} - C:\WINNT\System32\rtalomud.dll
O2 - BHO: (no name) - {10399C88-2780-EC28-7B24-7F7BF616932E} - C:\WINNT\System32\pgfxquvg.dll
O2 - BHO: (no name) - {1DAF5F66-DD9C-D2F7-849F-ACD3087E6B45} - C:\WINNT\System32\trnylxng.dll
O2 - BHO: (no name) - {1E696754-8733-89B4-3F76-9BA5C9482769} - C:\WINNT\System32\jwoqvvie.dll
O2 - BHO: (no name) - {21772E8B-3852-90A0-76F9-617D66980886} - C:\WINNT\System32\srphxkqd.dll (file missing)
O2 - BHO: (no name) - {226B46ED-7983-7BBE-EB5E-B9FE0E4346B7} - C:\WINNT\System32\phmgsbcb.dll
O2 - BHO: (no name) - {27F6438F-A317-270B-E24B-03FC8EF17F75} - C:\WINNT\System32\sllpnmiy.dll
O2 - BHO: (no name) - {2C31BD7A-514E-93F8-A1FB-1A12D6CA963C} - C:\WINNT\System32\ohzkfebw.dll
O2 - BHO: (no name) - {32C0FC2E-C346-8484-EB81-26EEF75D5919} - C:\WINNT\System32\puunlqxd.dll
O2 - BHO: (no name) - {4680B8DE-BDA7-9835-5EBA-E0A2D0814346} - C:\WINNT\System32\jnmnpwaz.dll
O2 - BHO: (no name) - {51CEF8A8-77F7-E188-32C0-FC2EC3468484} - C:\WINNT\System32\hamvrtsz.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F0B05B-0B59-53FD-1A06-88524955DF69} - C:\WINNT\System32\wpdhlxkg.dll
O2 - BHO: (no name) - {5C0F1BBC-43E6-A2D5-3E25-6B5DCC27714B} - C:\WINNT\System32\mktiqazr.dll
O2 - BHO: (no name) - {5D9DC86D-8872-3ECC-E8A9-23DF5DFCF654} - C:\WINNT\System32\zrmmedvi.dll
O2 - BHO: (no name) - {5DAD761E-4EFE-D9C4-14AD-5A626DD27DDB} - C:\WINNT\System32\mzfptyjz.dll
O2 - BHO: (no name) - {5FB4063A-0773-549C-9544-146C379458FF} - C:\WINNT\System32\tiqvtvva.dll
O2 - BHO: (no name) - {64F765A0-BF2B-A946-4EEA-3A55CE27A4D8} - C:\WINNT\System32\wbhtfamh.dll (file missing)
O2 - BHO: (no name) - {65DE985A-6C89-6EB0-F9F7-055A77BC73EB} - C:\WINNT\System32\cvyvfsmd.dll
O2 - BHO: (no name) - {699A9270-84FF-E8DC-F41A-B0A505B73CDD} - C:\WINNT\System32\gppetkuv.dll
O2 - BHO: (no name) - {6C0683C8-23BA-D8FA-D627-CF70AE77B785} - C:\WINNT\System32\fpiweinh.dll
O2 - BHO: (no name) - {7086CFA7-B8DE-C221-7928-8D7AB5A99879} - C:\WINNT\System32\argxvwng.dll
O2 - BHO: (no name) - {7422D283-9BAC-A4DD-A981-19B99A1107ED} - C:\WINNT\System32\aerwatpd.dll
O2 - BHO: (no name) - {78662DDC-EBBB-071A-4042-03BCE3D54E26} - C:\WINNT\System32\vocqaiwj.dll
O2 - BHO: (no name) - {79288D7A-B5A9-9879-EA5D-7D0CD21B3F2B} - C:\WINNT\System32\mzanvlho.dll
O2 - BHO: (no name) - {7E771EFD-F7B6-C493-7E31-91D5B2C45BA4} - C:\WINNT\System32\ekbaflwb.dll
O2 - BHO: (no name) - {8A6A73AF-CACD-258B-ADC3-CDC763DB9AFB} - C:\WINNT\System32\wajzwmyq.dll
O2 - BHO: (no name) - {8D95135A-8AD0-9020-AB1F-653595226067} - C:\WINNT\System32\fvvjcecv.dll
O2 - BHO: (no name) - {8F8F02F6-017B-FC28-5B2B-A4C512D06C96} - C:\WINNT\System32\zbrbznpk.dll
O2 - BHO: (no name) - {93E0EF44-D67E-864C-9039-F12E028769CB} - C:\WINNT\System32\dgdxkdia.dll
O2 - BHO: (no name) - {9ACEF6B7-E96C-FE78-ABD4-6F0BB4BE4F0F} - C:\WINNT\System32\sialcnjg.dll
O2 - BHO: (no name) - {AA99B822-34E3-64B3-1C3D-6C85ECF5C8BA} - C:\WINNT\System32\jjeyyujc.dll
O2 - BHO: (no name) - {AD6A8290-5F58-1F69-4EAA-A905E4C3F3EA} - C:\WINNT\System32\quzqunjo.dll
O2 - BHO: (no name) - {B526B6A6-F002-FD37-8F8F-02F6017BFC28} - C:\WINNT\System32\mcftcquy.dll
O2 - BHO: (no name) - {B61493A4-0F63-2CB8-E02E-2C95A5F81461} - C:\WINNT\System32\vvjlvulm.dll
O2 - BHO: (no name) - {D44DDB4B-E373-BCAF-92EB-6A60391847F0} - C:\WINNT\System32\imuepnbr.dll
O2 - BHO: (no name) - {DDA827F7-9F86-7174-82B1-F82F96016953} - C:\WINNT\System32\bszrkxhj.dll
O2 - BHO: (no name) - {EAA88949-17B2-8E72-18C7-D229B4DBED96} - C:\WINNT\System32\hbrhypde.dll
O2 - BHO: (no name) - {EFD29412-8304-915B-8C54-98224AEAC719} - C:\WINNT\System32\zxorfipg.dll
O2 - BHO: (no name) - {EFF40382-47AF-1FA3-6888-EE01F7CB26DA} - C:\WINNT\System32\bifxuqjn.dll
O2 - BHO: (no name) - {F15218A7-67F6-43EE-6AA4-BB8ED9CCC98A} - C:\WINNT\System32\bmfrujua.dll
O2 - BHO: (no name) - {F1D33D85-4A69-AA17-E0AC-8FA4B891C4B8} - C:\WINNT\System32\mxickdns.dll
O2 - BHO: (no name) - {F2AA9CB0-4FC8-6C62-EAAB-4E12728D9217} - C:\WINNT\System32\uhumlftm.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msconfiger lptt01] "C:\Program Files\msconfiger\msconfiger.exe"
O4 - HKLM\..\Run: [<H] c:\WINNT\System32\
O4 - HKLM\..\Run: [ Error</TI] c:\WINNT\System32\ Error
O4 - HKLM\..\Run: [</H] c:\WINNT\System32\
O4 - HKLM\..\Run: [<B] c:\WINNT\System32\
O4 - HKLM\..\Run: [The site you have requested doesn't ex] c:\WINNT\System32\The site you have requested doesn't exist.
O4 - HKLM\..\Run: [] c:\WINNT\System32\
O4 - HKLM\..\Run: [The associated domain name has probably been reserved by a client ] c:\WINNT\System32\The associated domain name has probably been reserved by a client from
O4 - HKLM\..\Run: [GANDI then par] c:\WINNT\System32\GANDI then parked.
O4 - HKLM\..\Run: [</B] c:\WINNT\System32\
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.6.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [tsaxzn] C:\WINNT\System32\wsxfynk.exe
O4 - HKLM\..\Run: [OSS] C:\WINNT\SYSTEM32\ossproxy.exe -boot
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler12.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn298.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = REDElectrics.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8A8468A-C0B9-45C2-ADB7-82DD8BBE47EA}: NameServer = 10.0.0.5,10.0.0.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = REDElectrics.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = REDElectrics.com
O18 - Protocol: bega - {A57721C9-B905-49B3-8BCA-B99FBB8C627E} - C:\Program Files\Common Files\BEGA\DatabaseTools.dll