I started a topic, but was away for several days, and it expired. This is a post of the most recent Hijack This file.. One thought with respect to the previous post... i ranremove.bat, CWWERVICEREMOVE, About Buster, Ad-Aware SE, CWShredder and Ewido... Ewido crashed twice after running an hour or so. So, I guess we can start fresh.
Thanks!
Mike
Logfile of HijackThis v1.99.1
Scan saved at 6:52:40 PM, on 5/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\qjdt\xcrkvu.exe
C:\WINDOWS\System32\hocaeqgj\gvoktn.exe
C:\WINDOWS\System32\bhohktor\odihfl.exe
C:\WINDOWS\System32\eejyvmnd\xnllgwgh.exe
C:\WINDOWS\System32\dsso\sqtnm.exe
C:\WINDOWS\System32\jimi\rcyjii.exe
C:\WINDOWS\System32\jcplxih\mwtugl.exe
C:\WINDOWS\System32\mgft\pjubdprf.exe
C:\WINDOWS\System32\onwvixlj\rlqka.exe
C:\WINDOWS\System32\kpphqn\fdqy.exe
C:\WINDOWS\System32\pwxkysx\qalkc.exe
C:\WINDOWS\System32\kevxy\vpnogrfg.exe
C:\WINDOWS\System32\hctycvyj\ovyft.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\nwxdmhx\rxlg.exe
C:\WINDOWS\System32\iduvfc\ldkgco.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\wqoabeby\xbhgbw.exe
C:\WINDOWS\System32\kgxpv\xqpyix.exe
C:\WINDOWS\System32\jffrknf\twehfrag.exe
C:\WINDOWS\System32\dbdexge\vropfh.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\ywrfy\demvb.exe
C:\WINDOWS\System32\haxjkjf\lpxjns.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\fejlai\fcykrqae.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\otqyprha\aiyygr.exe
C:\WINDOWS\System32\aqwf\keqfe.exe
C:\WINDOWS\System32\mdcsar\quknrc.exe
C:\WINDOWS\System32\cdocmugl\jehddo.exe
C:\WINDOWS\System32\mnwrfwj\oqpkn.exe
C:\WINDOWS\System32\pafpk\ihdqj.exe
C:\WINDOWS\System32\pirs\rnlt.exe
C:\WINDOWS\System32\bqclh\vysma.exe
C:\WINDOWS\System32\xgfbnlo\rtdbk.exe
C:\WINDOWS\System32\uvknmz.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\fbaceoar\qqeqw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: (no name) - {58359010-BF36-11D3-99A2-0050DA2EE1BE} - (no file)
O2 - BHO: (no name) - {83387907-50A3-C7D5-A44C-1FF0C613BD91} - C:\WINDOWS\System32\kfciynaf\hopwoisr.dll
O2 - BHO: Class - {FF3BB3EB-9FF6-0CC2-8A43-6DD043FE9317} - C:\WINDOWS\mslo32.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINDOWS\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Owner\LOCALS~1\Temp\pbsuthd.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [sjkp] C:\WINDOWS\System32\oxsaynow\sjkp.exe
O4 - HKLM\..\Run: [ntmcq] C:\WINDOWS\System32\moqsgf\ntmcq.exe
O4 - HKLM\..\Run: [jtutu] C:\WINDOWS\System32\ybuxb\jtutu.exe
O4 - HKLM\..\Run: [hshatpb] C:\WINDOWS\System32\qboa\hshatpb.exe
O4 - HKLM\..\Run: [evrad] C:\WINDOWS\System32\ynuul\evrad.exe
O4 - HKLM\..\Run: [wsagu] C:\WINDOWS\System32\hahm\wsagu.exe
O4 - HKLM\..\Run: [mhxo] C:\WINDOWS\System32\tlmtptg\mhxo.exe
O4 - HKLM\..\Run: [mefc] C:\WINDOWS\System32\yojsco\mefc.exe
O4 - HKLM\..\Run: [rgif] C:\WINDOWS\System32\hxrkgr\rgif.exe
O4 - HKLM\..\Run: [xcrkvu] C:\WINDOWS\System32\qjdt\xcrkvu.exe
O4 - HKLM\..\Run: [odihfl] C:\WINDOWS\System32\bhohktor\odihfl.exe
O4 - HKLM\..\Run: [oocdnjj] C:\WINDOWS\System32\bpapj\oocdnjj.exe
O4 - HKLM\..\Run: [doupdxwv] C:\WINDOWS\System32\chvuxco\doupdxwv.exe
O4 - HKLM\..\Run: [eimn] C:\WINDOWS\System32\iocotj\eimn.exe
O4 - HKLM\..\Run: [phvxbd] C:\WINDOWS\System32\pxdx\phvxbd.exe
O4 - HKLM\..\Run: [yqxjee] C:\WINDOWS\System32\xjwsh\yqxjee.exe
O4 - HKLM\..\Run: [ZMFGXAox] C:\PROGRA~1\wutorsr\pvptqr.exe
O4 - HKLM\..\Run: [vhodigq] C:\WINDOWS\System32\pwjrjuqe\vhodigq.exe
O4 - HKLM\..\Run: [qivgboox] C:\WINDOWS\System32\fnxfp\qivgboox.exe
O4 - HKLM\..\Run: [mwtugl] C:\WINDOWS\System32\jcplxih\mwtugl.exe
O4 - HKLM\..\Run: [pjubdprf] C:\WINDOWS\System32\mgft\pjubdprf.exe
O4 - HKLM\..\Run: [rlqka] C:\WINDOWS\System32\onwvixlj\rlqka.exe
O4 - HKLM\..\Run: [cexawejh] C:\WINDOWS\System32\amdhfp\cexawejh.exe
O4 - HKLM\..\Run: [reiu] C:\WINDOWS\System32\yslecioe\reiu.exe
O4 - HKLM\..\Run: [klqf] C:\WINDOWS\System32\kaxkgh\klqf.exe
O4 - HKLM\..\Run: [fdqy] C:\WINDOWS\System32\kpphqn\fdqy.exe
O4 - HKLM\..\Run: [ckbu] C:\WINDOWS\System32\ankjifjj\ckbu.exe
O4 - HKLM\..\Run: [qalkc] C:\WINDOWS\System32\pwxkysx\qalkc.exe
O4 - HKLM\..\Run: [vpnogrfg] C:\WINDOWS\System32\kevxy\vpnogrfg.exe
O4 - HKLM\..\Run: [dcejfgtk] C:\WINDOWS\System32\epvnb\dcejfgtk.exe
O4 - HKLM\..\Run: [ntqjhb] C:\WINDOWS\System32\wvaqvd\ntqjhb.exe
O4 - HKLM\..\Run: [rjctdjfj] C:\WINDOWS\System32\wmjsvgnj\rjctdjfj.exe
O4 - HKLM\..\Run: [nruewxrl] C:\WINDOWS\System32\bqwhyme\nruewxrl.exe
O4 - HKLM\..\Run: [ovyft] C:\WINDOWS\System32\hctycvyj\ovyft.exe
O4 - HKLM\..\Run: [rxlg] C:\WINDOWS\System32\nwxdmhx\rxlg.exe
O4 - HKLM\..\Run: [ldkgco] C:\WINDOWS\System32\iduvfc\ldkgco.exe
O4 - HKLM\..\Run: [xbhgbw] C:\WINDOWS\System32\wqoabeby\xbhgbw.exe
O4 - HKLM\..\Run: [xqpyix] C:\WINDOWS\System32\kgxpv\xqpyix.exe
O4 - HKLM\..\Run: [cdpbfu] C:\WINDOWS\System32\eypo\cdpbfu.exe
O4 - HKLM\..\Run: [twehfrag] C:\WINDOWS\System32\jffrknf\twehfrag.exe
O4 - HKLM\..\Run: [vropfh] C:\WINDOWS\System32\dbdexge\vropfh.exe
O4 - HKLM\..\Run: [eyytvw] C:\WINDOWS\System32\jelmu\eyytvw.exe
O4 - HKLM\..\Run: [smrr] C:\WINDOWS\System32\vwwskbjg\smrr.exe
O4 - HKLM\..\Run: [yvay] C:\WINDOWS\System32\anfpsx\yvay.exe
O4 - HKLM\..\Run: [lpxjns] C:\WINDOWS\System32\haxjkjf\lpxjns.exe
O4 - HKLM\..\Run: [fcykrqae] C:\WINDOWS\System32\fejlai\fcykrqae.exe
O4 - HKLM\..\Run: [hiujt] C:\WINDOWS\System32\nucy\hiujt.exe
O4 - HKLM\..\Run: [jyumtrt] C:\WINDOWS\System32\tsjbins\jyumtrt.exe
O4 - HKLM\..\Run: [aiyygr] C:\WINDOWS\System32\otqyprha\aiyygr.exe
O4 - HKLM\..\Run: [keqfe] C:\WINDOWS\System32\aqwf\keqfe.exe
O4 - HKLM\..\Run: [quknrc] C:\WINDOWS\System32\mdcsar\quknrc.exe
O4 - HKLM\..\Run: [jehddo] C:\WINDOWS\System32\cdocmugl\jehddo.exe
O4 - HKLM\..\Run: [xnllgwgh] C:\WINDOWS\System32\eejyvmnd\xnllgwgh.exe
O4 - HKLM\..\Run: [sqtnm] C:\WINDOWS\System32\dsso\sqtnm.exe
O4 - HKLM\..\Run: [rcyjii] C:\WINDOWS\System32\jimi\rcyjii.exe
O4 - HKLM\..\Run: [qqeqw] C:\WINDOWS\System32\fbaceoar\qqeqw.exe
O4 - HKLM\..\Run: [oqpkn] C:\WINDOWS\System32\mnwrfwj\oqpkn.exe
O4 - HKLM\..\Run: [ihdqj] C:\WINDOWS\System32\pafpk\ihdqj.exe
O4 - HKLM\..\Run: [rnlt] C:\WINDOWS\System32\pirs\rnlt.exe
O4 - HKLM\..\Run: [vysma] C:\WINDOWS\System32\bqclh\vysma.exe
O4 - HKLM\..\Run: [gvoktn] C:\WINDOWS\System32\hocaeqgj\gvoktn.exe
O4 - HKLM\..\Run: [demvb] C:\WINDOWS\System32\ywrfy\demvb.exe
O4 - HKLM\..\Run: [rtdbk] C:\WINDOWS\System32\xgfbnlo\rtdbk.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\uvknmz.exe reg_run
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINDOWS\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Adaware Bootup] C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\Ad-aware.exe /Auto /Log "C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b28578.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b28578.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://E:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: cexawejhamdhfp - Unknown owner - C:\WINDOWS\System32\amdhfp\cexawejh.exe
O23 - Service: dcejfgtkepvnb - Unknown owner - C:\WINDOWS\System32\epvnb\dcejfgtk.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: demvbywrfy - Unknown owner - C:\WINDOWS\System32\ywrfy\demvb.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: eimniocotj - Unknown owner - C:\WINDOWS\System32\iocotj\eimn.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eyytvwjelmu - Unknown owner - C:\WINDOWS\System32\jelmu\eyytvw.exe
O23 - Service: gsmnyflklrhrlo - Unknown owner - C:\WINDOWS\System32\lrhrlo\gsmnyflk.exe
O23 - Service: hiujtnucy - Unknown owner - C:\WINDOWS\System32\nucy\hiujt.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: klqfkaxkgh - Unknown owner - C:\WINDOWS\System32\kaxkgh\klqf.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: nruewxrlbqwhyme - Unknown owner - C:\WINDOWS\System32\bqwhyme\nruewxrl.exe
O23 - Service: ntmcqmoqsgf - Unknown owner - C:\WINDOWS\System32\moqsgf\ntmcq.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: oocdnjjbpapj - Unknown owner - C:\WINDOWS\System32\bpapj\oocdnjj.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: qqeqwfbaceoar - Unknown owner - C:\WINDOWS\System32\fbaceoar\qqeqw.exe
O23 - Service: smrrvwwskbjg - Unknown owner - C:\WINDOWS\System32\vwwskbjg\smrr.exe
O23 - Service: vhodigqpwjrjuqe - Unknown owner - C:\WINDOWS\System32\pwjrjuqe\vhodigq.exe
O23 - Service: vnymjxlqxqbfxv - Unknown owner - C:\WINDOWS\System32\qxqbfxv\vnymjxl.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe