how-to block ads
|
siggyx
Siggy
Premium
join:2003-12-10
Cambridge
| reply to omahahaha
Re: HJT Log Pop Up Crazy
Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
[COLOR=red]IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so![/COLOR]
--
90% of sports is mental, the other half is physical | |
omahahaha
join:2005-08-09
Omaha, NE
| Ok, here are the two logs:
l2mfix log:
L2Mfix 1.03a
Running From:
C:\Documents and Settings\Owner\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (»www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (»www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (»www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Owner\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Owner\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1404 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1888 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINNT\system32\kcdycc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kcdycc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\lFprxy.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\lFprxy.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pyd.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\pyd.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINNT\system32\kcdycc.dll
Successfully Deleted: C:\WINNT\system32\kcdycc.dll
deleting: C:\WINNT\system32\kcdycc.dll
Successfully Deleted: C:\WINNT\system32\kcdycc.dll
deleting: C:\WINNT\system32\lFprxy.dll
Successfully Deleted: C:\WINNT\system32\lFprxy.dll
deleting: C:\WINNT\system32\lFprxy.dll
Successfully Deleted: C:\WINNT\system32\lFprxy.dll
deleting: C:\WINNT\system32\pyd.dll
Successfully Deleted: C:\WINNT\system32\pyd.dll
deleting: C:\WINNT\system32\pyd.dll
Successfully Deleted: C:\WINNT\system32\pyd.dll
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
Zipping up files for submission:
adding: kcdycc.dll (164 bytes security) (deflated 48%)
adding: lFprxy.dll (164 bytes security) (deflated 48%)
adding: pyd.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 69%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 79%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 72%)
adding: test.txt (164 bytes security) (deflated 78%)
adding: test2.txt (164 bytes security) (deflated 49%)
adding: test3.txt (164 bytes security) (deflated 49%)
adding: test5.txt (164 bytes security) (deflated 49%)
adding: xfind.txt (164 bytes security) (deflated 75%)
adding: backregs/078D69CF-C341-4E9B-A52D-5074F202EA9E.reg (164 bytes security) (deflated 70%)
adding: backregs/0B2D1FB3-FCD7-4488-AF93-105C9A23C6BD.reg (164 bytes security) (deflated 70%)
adding: backregs/0DCAE0B0-AA89-497B-8A10-EF71F90FCE02.reg (164 bytes security) (deflated 70%)
adding: backregs/13F3DCCA-922D-45FE-BA86-2C9DB0726196.reg (164 bytes security) (deflated 70%)
adding: backregs/26BF3A1E-18B3-4716-85F3-B8A489940270.reg (164 bytes security) (deflated 70%)
adding: backregs/26E57069-3022-4BCC-B064-D652B9F2566D.reg (164 bytes security) (deflated 70%)
adding: backregs/27BF7C41-05B4-4BD3-9F72-0B5FD7C14A8D.reg (164 bytes security) (deflated 70%)
adding: backregs/4C3A4E18-A6E6-4548-B118-A1207A2F3573.reg (164 bytes security) (deflated 70%)
adding: backregs/59F72E88-ED79-4A0A-8454-C4276136C2CF.reg (164 bytes security) (deflated 70%)
adding: backregs/5BB86C6F-638A-46A0-BEA2-90C042C0AD82.reg (164 bytes security) (deflated 70%)
adding: backregs/625A1123-24C2-4AE4-BE62-D85657525C3A.reg (164 bytes security) (deflated 70%)
adding: backregs/81B58352-6C76-4432-B318-9D4CDF58F501.reg (164 bytes security) (deflated 70%)
adding: backregs/86B94619-36E3-488D-ADB4-9F20198662F2.reg (164 bytes security) (deflated 70%)
adding: backregs/8C8C8E4B-7B0B-4E24-A1D2-3F0A3AD92112.reg (164 bytes security) (deflated 70%)
adding: backregs/9C098505-0FBB-45F2-A68E-8CD04030B944.reg (164 bytes security) (deflated 70%)
adding: backregs/CBD09C9E-AF70-40D3-8046-17B554AA462A.reg (164 bytes security) (deflated 70%)
adding: backregs/D4F4B892-68FC-4F0C-823B-8EBAC4C46C3F.reg (164 bytes security) (deflated 71%)
adding: backregs/E05B95CF-DFB8-49CE-AFA1-A1A46029CA52.reg (164 bytes security) (deflated 70%)
adding: backregs/E457ACCF-22DF-4021-A903-6AD0DD76661B.reg (164 bytes security) (deflated 70%)
adding: backregs/F126C9A6-C542-43FF-A1A9-EA0BEC678787.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (»www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (»www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: kcdycc.dll
deleting local copy: kcdycc.dll
deleting local copy: lFprxy.dll
deleting local copy: lFprxy.dll
deleting local copy: pyd.dll
deleting local copy: pyd.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
The following are the files found:
****************************************************************************
C:\WINNT\system32\kcdycc.dll
C:\WINNT\system32\kcdycc.dll
C:\WINNT\system32\lFprxy.dll
C:\WINNT\system32\lFprxy.dll
C:\WINNT\system32\pyd.dll
C:\WINNT\system32\pyd.dll
C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{26BF3A1E-18B3-4716-85F3-B8A489940270}"=-
"{0B2D1FB3-FCD7-4488-AF93-105C9A23C6BD}"=-
"{E05B95CF-DFB8-49CE-AFA1-A1A46029CA52}"=-
"{078D69CF-C341-4E9B-A52D-5074F202EA9E}"=-
"{86B94619-36E3-488D-ADB4-9F20198662F2}"=-
"{9C098505-0FBB-45F2-A68E-8CD04030B944}"=-
"{8C8C8E4B-7B0B-4E24-A1D2-3F0A3AD92112}"=-
"{F126C9A6-C542-43FF-A1A9-EA0BEC678787}"=-
"{81B58352-6C76-4432-B318-9D4CDF58F501}"=-
"{0DCAE0B0-AA89-497B-8A10-EF71F90FCE02}"=-
"{E457ACCF-22DF-4021-A903-6AD0DD76661B}"=-
"{5BB86C6F-638A-46A0-BEA2-90C042C0AD82}"=-
"{27BF7C41-05B4-4BD3-9F72-0B5FD7C14A8D}"=-
"{4C3A4E18-A6E6-4548-B118-A1207A2F3573}"=-
"{CBD09C9E-AF70-40D3-8046-17B554AA462A}"=-
"{59F72E88-ED79-4A0A-8454-C4276136C2CF}"=-
"{13F3DCCA-922D-45FE-BA86-2C9DB0726196}"=-
"{D4F4B892-68FC-4F0C-823B-8EBAC4C46C3F}"=-
"{26E57069-3022-4BCC-B064-D652B9F2566D}"=-
"{625A1123-24C2-4AE4-BE62-D85657525C3A}"=-
[-HKEY_CLASSES_ROOT\CLSID\{26BF3A1E-18B3-4716-85F3-B8A489940270}]
[-HKEY_CLASSES_ROOT\CLSID\{0B2D1FB3-FCD7-4488-AF93-105C9A23C6BD}]
[-HKEY_CLASSES_ROOT\CLSID\{E05B95CF-DFB8-49CE-AFA1-A1A46029CA52}]
[-HKEY_CLASSES_ROOT\CLSID\{078D69CF-C341-4E9B-A52D-5074F202EA9E}]
[-HKEY_CLASSES_ROOT\CLSID\{86B94619-36E3-488D-ADB4-9F20198662F2}]
[-HKEY_CLASSES_ROOT\CLSID\{9C098505-0FBB-45F2-A68E-8CD04030B944}]
[-HKEY_CLASSES_ROOT\CLSID\{8C8C8E4B-7B0B-4E24-A1D2-3F0A3AD92112}]
[-HKEY_CLASSES_ROOT\CLSID\{F126C9A6-C542-43FF-A1A9-EA0BEC678787}]
[-HKEY_CLASSES_ROOT\CLSID\{81B58352-6C76-4432-B318-9D4CDF58F501}]
[-HKEY_CLASSES_ROOT\CLSID\{0DCAE0B0-AA89-497B-8A10-EF71F90FCE02}]
[-HKEY_CLASSES_ROOT\CLSID\{E457ACCF-22DF-4021-A903-6AD0DD76661B}]
[-HKEY_CLASSES_ROOT\CLSID\{5BB86C6F-638A-46A0-BEA2-90C042C0AD82}]
[-HKEY_CLASSES_ROOT\CLSID\{27BF7C41-05B4-4BD3-9F72-0B5FD7C14A8D}]
[-HKEY_CLASSES_ROOT\CLSID\{4C3A4E18-A6E6-4548-B118-A1207A2F3573}]
[-HKEY_CLASSES_ROOT\CLSID\{CBD09C9E-AF70-40D3-8046-17B554AA462A}]
[-HKEY_CLASSES_ROOT\CLSID\{59F72E88-ED79-4A0A-8454-C4276136C2CF}]
[-HKEY_CLASSES_ROOT\CLSID\{13F3DCCA-922D-45FE-BA86-2C9DB0726196}]
[-HKEY_CLASSES_ROOT\CLSID\{D4F4B892-68FC-4F0C-823B-8EBAC4C46C3F}]
[-HKEY_CLASSES_ROOT\CLSID\{26E57069-3022-4BCC-B064-D652B9F2566D}]
[-HKEY_CLASSES_ROOT\CLSID\{625A1123-24C2-4AE4-BE62-D85657525C3A}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
�
HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 12:36:53 PM, on 8/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = »dnaads.com/servlet/ajrotator/121···enternet
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .pdf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - »housecall60.trendmicro.com/house···an60.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1540.g.akamai.net/7/1540/52/200···ller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »update.microsoft.com/windowsupda···17594515
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - »fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} (SpyBouncer.SBDownloader) - »www.spybouncer.com/downloader/downloader.ocx
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe | |
|
