That seemed to go smoothly although I got a strange pop-up that said "the document contains no data" when I logged on to the internet.
L2m log:
L2Mfix 1.02a
Running From:
C:\Documents and Settings\admin\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry
keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software
(
http://www.heysoft.de)
This program is Freeware, use it on your own
risk!
Access Control List for Registry key
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access
BUILTIN\Administrators
(ID-IO) ALLOW Full access
BUILTIN\Administrators
(ID-NI) ALLOW Full access NT
AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT
AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry
keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software
(
http://www.heysoft.de)
This program is Freeware, use it on your own
risk!
Denying C access for really "Everyone"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry
keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software
(
http://www.heysoft.de)
This program is Freeware, use it on your own
risk!
Access Control List for Registry key
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access
BUILTIN\Administrators
(ID-IO) ALLOW Full access
BUILTIN\Administrators
(ID-NI) ALLOW Full access NT
AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT
AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\admin\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\admin\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender
for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]
Killing PID 1356 'explorer.exe'
Command Line Process Viewer/Killer/Suspender
for Windows NT/2000/XP V2.03
Copyright© 2002-2003
[email protected]
Error, Cannot find a process with an image name
of rundll32.exe
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\cimodem.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmmsrpcn.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\hr6q05j5e.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\jtl2073oe.dll
1 file(s) copied.
Backing Up:
C:\WINDOWS\system32\m4820eloehqc0.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mbimsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mlmxsdk.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\myrating.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mzvfw32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\paustab.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\s2pulc791f.dll
1 file(s) copied.
deleting: C:\WINDOWS\system32\cimodem.dll
Successfully Deleted:
C:\WINDOWS\system32\cimodem.dll
deleting: C:\WINDOWS\system32\dmmsrpcn.dll
Successfully Deleted:
C:\WINDOWS\system32\dmmsrpcn.dll
deleting: C:\WINDOWS\system32\hr6q05j5e.dll
Successfully Deleted:
C:\WINDOWS\system32\hr6q05j5e.dll
deleting: C:\WINDOWS\system32\jtl2073oe.dll
Successfully Deleted:
C:\WINDOWS\system32\jtl2073oe.dll
deleting: C:\WINDOWS\system32\m4820eloehqc0.dll
Successfully Deleted:
C:\WINDOWS\system32\m4820eloehqc0.dll
deleting: C:\WINDOWS\system32\mbimsg.dll
Successfully Deleted:
C:\WINDOWS\system32\mbimsg.dll
deleting: C:\WINDOWS\system32\mlmxsdk.dll
Successfully Deleted:
C:\WINDOWS\system32\mlmxsdk.dll
deleting: C:\WINDOWS\system32\myrating.dll
Successfully Deleted:
C:\WINDOWS\system32\myrating.dll
deleting: C:\WINDOWS\system32\mzvfw32.dll
Successfully Deleted:
C:\WINDOWS\system32\mzvfw32.dll
deleting: C:\WINDOWS\system32\paustab.dll
Successfully Deleted:
C:\WINDOWS\system32\paustab.dll
deleting: C:\WINDOWS\system32\s2pulc791f.dll
Successfully Deleted:
C:\WINDOWS\system32\s2pulc791f.dll
Desktop.ini sucessfully removed
Zipping up files for submission:
adding: cimodem.dll (164 bytes security)
(deflated 4%)
adding: dmmsrpcn.dll (164 bytes security)
(deflated 3%)
adding: hr6q05j5e.dll (164 bytes security)
(deflated 4%)
adding: jtl2073oe.dll (164 bytes security)
(deflated 4%)
adding: m4820eloehqc0.dll (164 bytes
security) (deflated 4%)
adding: mbimsg.dll (164 bytes security)
(deflated 3%)
adding: mlmxsdk.dll (164 bytes security)
(deflated 4%)
adding: myrating.dll (164 bytes security)
(deflated 4%)
adding: mzvfw32.dll (164 bytes security)
(deflated 4%)
adding: paustab.dll (164 bytes security)
(deflated 4%)
adding: s2pulc791f.dll (164 bytes security)
(deflated 4%)
adding: clear.reg (164 bytes security)
(deflated 61%)
adding: echo.reg (164 bytes security)
(deflated 9%)
adding: desktop.ini (164 bytes security)
(deflated 14%)
adding: direct.txt (164 bytes security)
(stored 0%)
adding: lo2.txt (164 bytes security)
(deflated 78%)
adding: readme.txt (164 bytes security)
(deflated 49%)
adding: report.txt (164 bytes security)
(deflated 67%)
adding: test.txt (164 bytes security)
(deflated 72%)
adding: test2.txt (164 bytes security)
(deflated 42%)
adding: test3.txt (164 bytes security)
(deflated 42%)
adding: test5.txt (164 bytes security)
(deflated 42%)
adding: xfind.txt (164 bytes security)
(deflated 65%)
adding:
backregs/193B602B-D0D7-41F5-A2FC-955787764002.r
eg (164 bytes security) (deflated 69%)
adding:
backregs/1EB4FDF6-37E9-4BB0-ADB7-3630A7F4CE54.r
eg (164 bytes security) (deflated 69%)
adding:
backregs/A084D182-0FAA-4F7D-AA16-205A3DB8D881.r
eg (164 bytes security) (deflated 69%)
adding:
backregs/C5CADD79-6D75-4162-8C49-CFB5722A1B9E.r
eg (164 bytes security) (deflated 69%)
adding:
backregs/C9217A3F-F749-4B83-B5B5-3E8966202372.r
eg (164 bytes security) (deflated 69%)
adding:
backregs/EAD9DF33-FF75-4AF9-BA1B-AB8052126203.r
eg (164 bytes security) (deflated 69%)
adding:
backregs/ED8E36A5-8F98-49CA-B519-304F31DD8D76.r
eg (164 bytes security) (deflated 69%)
adding:
backregs/F6E0995C-B438-4197-866C-F90A7982C46D.r
eg (164 bytes security) (deflated 69%)
adding: backregs/shell.reg (164 bytes
security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry
keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software
(
http://www.heysoft.de)
This program is Freeware, use it on your own
risk!
Revoking access for really "Everyone"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry
keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software
(
http://www.heysoft.de)
This program is Freeware, use it on your own
risk!
Access Control List for Registry key
HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access
BUILTIN\Administrators
(ID-IO) ALLOW Full access
BUILTIN\Administrators
(ID-NI) ALLOW Full access NT
AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT
AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators
... successful
deleting local copy: cimodem.dll
deleting local copy: dmmsrpcn.dll
deleting local copy: hr6q05j5e.dll
deleting local copy: jtl2073oe.dll
deleting local copy: m4820eloehqc0.dll
deleting local copy: mbimsg.dll
deleting local copy: mlmxsdk.dll
deleting local copy: myrating.dll
deleting local copy: mzvfw32.dll
deleting local copy: paustab.dll
deleting local copy: s2pulc791f.dll
The following Is the Current Export of the
Winlogon notify key:
***********************************************
*****************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,
33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,
6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,
69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,
74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,
69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent
"
"Logoff"="UnregisterTicketExpiredNotificationEv
ent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
***********************************************
*****************************
C:\WINDOWS\system32\cimodem.dll
C:\WINDOWS\system32\dmmsrpcn.dll
C:\WINDOWS\system32\hr6q05j5e.dll
C:\WINDOWS\system32\jtl2073oe.dll
C:\WINDOWS\system32\m4820eloehqc0.dll
C:\WINDOWS\system32\mbimsg.dll
C:\WINDOWS\system32\mlmxsdk.dll
C:\WINDOWS\system32\myrating.dll
C:\WINDOWS\system32\mzvfw32.dll
C:\WINDOWS\system32\paustab.dll
C:\WINDOWS\system32\s2pulc791f.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there
are backups in the backreg folder.
***********************************************
*****************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Shell Extensions\Approved]
"{F6E0995C-B438-4197-866C-F90A7982C46D}"=-
"{EAD9DF33-FF75-4AF9-BA1B-AB8052126203}"=-
"{A084D182-0FAA-4F7D-AA16-205A3DB8D881}"=-
"{193B602B-D0D7-41F5-A2FC-955787764002}"=-
"{C9217A3F-F749-4B83-B5B5-3E8966202372}"=-
"{C5CADD79-6D75-4162-8C49-CFB5722A1B9E}"=-
"{1EB4FDF6-37E9-4BB0-ADB7-3630A7F4CE54}"=-
"{ED8E36A5-8F98-49CA-B519-304F31DD8D76}"=-
[-HKEY_CLASSES_ROOT\CLSID\{F6E0995C-B438-4197-8
66C-F90A7982C46D}]
[-HKEY_CLASSES_ROOT\CLSID\{EAD9DF33-FF75-4AF9-B
A1B-AB8052126203}]
[-HKEY_CLASSES_ROOT\CLSID\{A084D182-0FAA-4F7D-A
A16-205A3DB8D881}]
[-HKEY_CLASSES_ROOT\CLSID\{193B602B-D0D7-41F5-A
2FC-955787764002}]
[-HKEY_CLASSES_ROOT\CLSID\{C9217A3F-F749-4B83-B
5B5-3E8966202372}]
[-HKEY_CLASSES_ROOT\CLSID\{C5CADD79-6D75-4162-8
C49-CFB5722A1B9E}]
[-HKEY_CLASSES_ROOT\CLSID\{1EB4FDF6-37E9-4BB0-A
DB7-3630A7F4CE54}]
[-HKEY_CLASSES_ROOT\CLSID\{ED8E36A5-8F98-49CA-B
519-304F31DD8D76}]
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Internet Settings\User
Agent\Post Platform]
"{CC8D2095-A2A8-4F25-83EB-C82C389FC8A2}"=-
"SV1"=""
***********************************************
*****************************
Desktop.ini Contents:
***********************************************
*****************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
<IDone>{CC8D2095-A2A8-4F25-83EB-C82C389FC8A2}</
IDone>
<IDtwo>VT01</IDtwo>
<VERSION>200</VERSION>
***********************************************
*****************************
Hijackthis Log:
Logfile of HijackThis v1.99.0
Scan saved at 3:21:09 PM, on 2/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rryiwr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2AE183-5AB4-4C4C-B36E-DC82C04D5183}: NameServer = 204.174.64.1 204.174.65.1
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe