leafs420
2006-07-16, 18:47
hello everyone
i have spybot/HJT/ad-aware/nortons and iv dowloaded the fixwareout,and gipo/move on boot
iv tried i think,,everything,but it keeps coming back, kill and clean,,pipas.a and a few trojans,it just keeps coming back,my video driver needs to be re installed after every re boot!! iv posted all the text reports below,plz help this infected canadian mofo!!! hehe
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}464D61160D45-4E4B-A8E4-F4C6-5E447763{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}413A9A0E7465-E279-2BD4-2D32-B0568E60{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E2293F00F67-92FB-AAD4-1CB9-A44DE961{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24BA0D62ADD2-E8FB-3124-0C2F-88E12060{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2DB7AEEC8D81-0088-ADB4-F875-9C46AE21{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}77DCFB789053-2888-EFB4-439E-08890AA3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\qpomd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmopq.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSBKO.EXE
* csr.exe C:\WINDOWS\System32\CSDNY.EXE
* csr.exe C:\WINDOWS\System32\CSDVB.EXE
* csr.exe C:\WINDOWS\System32\CSQYA.EXE
* csr.exe C:\WINDOWS\System32\CSWAN.EXE
* csr.exe C:\WINDOWS\System32\CSYBP.EXE
* csr.exe C:\WINDOWS\System32\CSZKG.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBKO.EXE 51,239 2006-07-07
C:\WINDOWS\SYSTEM32\CSDNY.EXE 51,270 2006-07-08
C:\WINDOWS\SYSTEM32\CSDVB.EXE 51,233 2006-07-12
C:\WINDOWS\SYSTEM32\CSQYA.EXE 51,226 2006-07-12
C:\WINDOWS\SYSTEM32\CSWAN.EXE 51,256 2006-06-29
C:\WINDOWS\SYSTEM32\CSYBP.EXE 51,262 2006-07-07
C:\WINDOWS\SYSTEM32\CSZKG.EXE 51,202 2006-07-16
C:\WINDOWS\SYSTEM32\DMHLC.EXE 44,102 2002-06-25
C:\WINDOWS\SYSTEM32\DMKOO.EXE 44,112 2002-06-25
C:\WINDOWS\SYSTEM32\DMMMB.EXE 62,011 2001-08-23
C:\WINDOWS\SYSTEM32\DMOPQ.EXE 61,971 2001-08-23
C:\WINDOWS\SYSTEM32\DMVOU.EXE 44,085 2002-06-25
C:\WINDOWS\SYSTEM32\DMYZE.EXE 44,047 2002-06-25
C:\WINDOWS\SYSTEM32\DMYZW.EXE 61,976 2001-08-23
Other suspects
Directory of C:\WINDOWS\system32
{3AA09880-E934-4BFE-8882-350987BFCD77}.exe
{12EA64C9-578F-4BDA-8800-18D8CEEA7BD2}.exe
{06021E88-F2C0-4213-BF8E-2DDA26D0AB42}.exe
{169ED44A-9BC1-4DAA-BF29-76F00F3922E4}.exe
{06E8650B-23D2-4DB2-972E-5647E0A9A314}.exe
{41855C62-ED78-44C4-8FB8-507AEC233BFF}.exe
{3D30FEE3-21B8-4FFC-9649-15960CD1A5FE}.exe
{7ED999D0-E011-4C8A-A9E9-14E6D51AC17D}.exe
{54482E36-90EE-46BC-8B5E-12C34D775C71}.exe
{AC94542E-E053-4C59-A0AC-10558795E3B8}.exe
{35C42B30-64ED-431A-B9F9-14DD28FE25F2}.exe
{28A0C3B8-AE16-4BC6-892F-FCD0FD652EE8}.exe
{13D55080-AA69-4DB0-8231-272159EE021B}.exe
{ADB7269C-9007-447C-8A0C-86E1AA110189}.exe
{153FDDAB-365A-4211-BDB9-FED7F6B3E990}.exe
{11C35D63-26CB-403E-8A0E-D8C668211571}.exe
{55D711B2-9F7A-4090-96AC-BB525093FBB0}.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:42:55 PM, on 7/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
D:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\jamie\LOCALS~1\Temp\~AceTemp\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
i have spybot/HJT/ad-aware/nortons and iv dowloaded the fixwareout,and gipo/move on boot
iv tried i think,,everything,but it keeps coming back, kill and clean,,pipas.a and a few trojans,it just keeps coming back,my video driver needs to be re installed after every re boot!! iv posted all the text reports below,plz help this infected canadian mofo!!! hehe
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}464D61160D45-4E4B-A8E4-F4C6-5E447763{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}413A9A0E7465-E279-2BD4-2D32-B0568E60{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E2293F00F67-92FB-AAD4-1CB9-A44DE961{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24BA0D62ADD2-E8FB-3124-0C2F-88E12060{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2DB7AEEC8D81-0088-ADB4-F875-9C46AE21{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}77DCFB789053-2888-EFB4-439E-08890AA3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\qpomd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmopq.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSBKO.EXE
* csr.exe C:\WINDOWS\System32\CSDNY.EXE
* csr.exe C:\WINDOWS\System32\CSDVB.EXE
* csr.exe C:\WINDOWS\System32\CSQYA.EXE
* csr.exe C:\WINDOWS\System32\CSWAN.EXE
* csr.exe C:\WINDOWS\System32\CSYBP.EXE
* csr.exe C:\WINDOWS\System32\CSZKG.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBKO.EXE 51,239 2006-07-07
C:\WINDOWS\SYSTEM32\CSDNY.EXE 51,270 2006-07-08
C:\WINDOWS\SYSTEM32\CSDVB.EXE 51,233 2006-07-12
C:\WINDOWS\SYSTEM32\CSQYA.EXE 51,226 2006-07-12
C:\WINDOWS\SYSTEM32\CSWAN.EXE 51,256 2006-06-29
C:\WINDOWS\SYSTEM32\CSYBP.EXE 51,262 2006-07-07
C:\WINDOWS\SYSTEM32\CSZKG.EXE 51,202 2006-07-16
C:\WINDOWS\SYSTEM32\DMHLC.EXE 44,102 2002-06-25
C:\WINDOWS\SYSTEM32\DMKOO.EXE 44,112 2002-06-25
C:\WINDOWS\SYSTEM32\DMMMB.EXE 62,011 2001-08-23
C:\WINDOWS\SYSTEM32\DMOPQ.EXE 61,971 2001-08-23
C:\WINDOWS\SYSTEM32\DMVOU.EXE 44,085 2002-06-25
C:\WINDOWS\SYSTEM32\DMYZE.EXE 44,047 2002-06-25
C:\WINDOWS\SYSTEM32\DMYZW.EXE 61,976 2001-08-23
Other suspects
Directory of C:\WINDOWS\system32
{3AA09880-E934-4BFE-8882-350987BFCD77}.exe
{12EA64C9-578F-4BDA-8800-18D8CEEA7BD2}.exe
{06021E88-F2C0-4213-BF8E-2DDA26D0AB42}.exe
{169ED44A-9BC1-4DAA-BF29-76F00F3922E4}.exe
{06E8650B-23D2-4DB2-972E-5647E0A9A314}.exe
{41855C62-ED78-44C4-8FB8-507AEC233BFF}.exe
{3D30FEE3-21B8-4FFC-9649-15960CD1A5FE}.exe
{7ED999D0-E011-4C8A-A9E9-14E6D51AC17D}.exe
{54482E36-90EE-46BC-8B5E-12C34D775C71}.exe
{AC94542E-E053-4C59-A0AC-10558795E3B8}.exe
{35C42B30-64ED-431A-B9F9-14DD28FE25F2}.exe
{28A0C3B8-AE16-4BC6-892F-FCD0FD652EE8}.exe
{13D55080-AA69-4DB0-8231-272159EE021B}.exe
{ADB7269C-9007-447C-8A0C-86E1AA110189}.exe
{153FDDAB-365A-4211-BDB9-FED7F6B3E990}.exe
{11C35D63-26CB-403E-8A0E-D8C668211571}.exe
{55D711B2-9F7A-4090-96AC-BB525093FBB0}.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:42:55 PM, on 7/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
D:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\jamie\LOCALS~1\Temp\~AceTemp\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe