MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Please Help - 69s*xsearch issue with a few twists
November 22, 2019, 08:19:40 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 22, 2019, 08:19:40 PM

Login with username, password and session length
 Featured Sites:
News
New  We now offer MyTechSupport.ca Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting MyTechSupport.ca!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Please Help - 69s*xsearch issue with a few twists  (Read 921 times)
lekdahl
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« on: December 28, 2004, 03:41:59 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:MS WindowsXP SP2
Problem Application Name & Version: IE6
Problem Hardware Make & Model: Gateway P4
Error Messages:



Trying hard to make this maching usable.  I know there are several related posts but I think this may be slightly different or multiple issues at play with one another.

Have recently downloaded and installed all MS security updates. Have run:
CWShredder, XCleaner-Free, Spy Sweeper, Norton AV 2005 & Spybot S&D.  

On boot Spy Sweeper finds 2 unknown processes at startup and a new file had been generated in Winnt/system32 (these are 9kb application files with random letter names).  These get killed everytime but new & different processes and files will generate every boot up.  There is also a new and unsavory favorite generated for the IE Favorites folder - even though that gets destroyed everytime.  There was a change in homepage defualt to realseach.cc/  but spysweep seems to have defeated that.

Any use of IE will eventually spawn a cascading browser hijack - as many as 30 windows get generated all from 69s*xsearch or related (passion search).

Spybot S&D finds 4 registry entries for DSO Exploit and 1 entry for coolwwwsearch.winproc32 that it can't seem to get rid of.  (File favico.dat on Winnt/system32 folder gets generated everytime)

Like I say I know there are similar posts but don't want to just whack away at registry files without some more experienced guidance.  Here is the HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 7:44:34 PM, on 12/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Aardvark\aardvark.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\alg.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\xpsp2fw.exe
C:\WINNT\system32\klindlg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINNT\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [A1DA3B66] C:\WINNT\system32\klindlg.exe
O4 - HKLM\..\Run: [A0D91BD6] C:\WINNT\system32\luertipvc.exe
O4 - HKLM\..\Run: [5118D776] C:\WINNT\system32\vicathlb.exe
O4 - HKLM\..\Run: [DE1A4446] C:\WINNT\system32\arkttitivt.exe
O4 - HKLM\..\Run: [E02229F6] C:\WINNT\system32\acludsaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINNT\system32\wuclient.exe
O4 - HKCU\..\Run: [A1DA3B66] C:\WINNT\system32\klindlg.exe
O4 - HKCU\..\Run: [A0D91BD6] C:\WINNT\system32\luertipvc.exe
O4 - HKCU\..\Run: [5118D776] C:\WINNT\system32\vicathlb.exe
O4 - HKCU\..\Run: [DE1A4446] C:\WINNT\system32\arkttitivt.exe
O4 - HKCU\..\Run: [E02229F6] C:\WINNT\system32\acludsaxx.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.69s*xsearch.com
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O23 - Service: Aardvark Professional Audio Manager - Unknown - C:\Program Files\Aardvark\aardvark.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

thanks for your hardwork and dedication!
« Last Edit: December 28, 2004, 05:13:13 PM by lekdahl » Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: December 28, 2004, 08:42:49 PM »

Set Windows to show Hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.



**(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. This is where it will save the backup files needed if there's a problem.)**

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)


xpsp2fw.exe
klindlg.exe
luertipvc.exe
vicathlb.exe
arkttitivt.exe
acludsaxx.exe
wuclient.exe


Turn off System Restore WinXP WinME. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINNT\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [A1DA3B66] C:\WINNT\system32\klindlg.exe
O4 - HKLM\..\Run: [A0D91BD6] C:\WINNT\system32\luertipvc.exe
O4 - HKLM\..\Run: [5118D776] C:\WINNT\system32\vicathlb.exe
O4 - HKLM\..\Run: [DE1A4446] C:\WINNT\system32\arkttitivt.exe
O4 - HKLM\..\Run: [E02229F6] C:\WINNT\system32\acludsaxx.exe

O4 - HKCU\..\Run: [A1DA3B66] C:\WINNT\system32\klindlg.exe
O4 - HKCU\..\Run: [A0D91BD6] C:\WINNT\system32\luertipvc.exe
O4 - HKCU\..\Run: [5118D776] C:\WINNT\system32\vicathlb.exe
O4 - HKCU\..\Run: [DE1A4446] C:\WINNT\system32\arkttitivt.exe
O4 - HKCU\..\Run: [E02229F6] C:\WINNT\system32\acludsaxx.exe

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab


Go to Control Panel / Add/Remove Programs and remove the
 following if they are there:


RealSearch
XP Firewall

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)


C:\WINNT\system32\xpsp2fw.exe
C:\WINNT\system32\klindlg.exe
C:\WINNT\system32\luertipvc.exe
C:\WINNT\system32\vicathlb.exe
C:\WINNT\system32\arkttitivt.exe
C:\WINNT\system32\acludsaxx.exe


Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and Reboot.


Turn on System Restore

Before opening your browser goto START>CONTROL PANEL>INTERNET OPTIONSand make sure your Homepage is correct,if not ,type the URL you would like in the HomePage box.

Now re-run HJT and post a new logfile back here.

Cactus
« Last Edit: December 28, 2004, 09:46:29 PM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
lekdahl
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #2 on: December 28, 2004, 09:13:50 PM »

Thanks Cactus, I'll do as you say although I question shutting down and removing Aardvark from registry. That is highend PC based sound and audio recording gear that took some to get set up in the first place.  Is it ok to try your recommended process but leave that alone?
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: December 28, 2004, 09:49:16 PM »

Your right...I edited the Fix above..Embarrassed

I'm not at home,and don't have access to my TOOLS Folder.
I blew the EPROM chip in my Cable Modem and am trying to locate one for this afternoon...

Go ahead with the fix now.. Wink

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
lekdahl
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #4 on: December 29, 2004, 12:54:59 AM »

Cactus, Sorry to hear about your hardware problems.Sad  Hope you located that EPROM.

Anyway ran the fix as suggested. I was very confident that we had it! However on re-entry Spy Sweeper located a Trojan_downloader_Tibs the Tibs3 dialer as well as the unsavory Myfavorites entry.  Blew those away and ran the browser a few times all was well.  Rebooted again and ARRGHHHH - "It's Back!!!" This time Spy Sweeper finds 2 new programs and 2 corresponding registry entries (p32avme.exe & cldeskmon.exe) along with the unsavory link.  Spybot S&D shows Coolwwwsearch.winproc32 (which is the Favico.dat that keeps getting added to WINNT/System32) as well as a TIBS registry entry. I tried the browser and all was fine for a few sites then bango the whole 69s*xsearch thing starts upagain.

check the HJT log - basically everything is back with a few names changed.
Logfile of HijackThis v1.99.0
Scan saved at 5:04:17 PM, on 12/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Aardvark\aardvark.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\alg.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\xpsp2fw.exe
C:\WINNT\system32\p32avme.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\tibs3.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearch.cc/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearch.cc/?a=2
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINNT\system32\xpsp2fw.exe
O4 - HKLM\..\Run: [58019F56] C:\WINNT\system32\p32avme.exe
O4 - HKLM\..\Run: [8B792356] C:\WINNT\system32\cldreskmon.exe
O4 - HKLM\..\Run: [tibs3] C:\WINNT\system32\tibs3.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINNT\system32\wuclient.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [58019F56] C:\WINNT\system32\p32avme.exe
O4 - HKCU\..\Run: [8B792356] C:\WINNT\system32\cldreskmon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.69s*xsearch.com
O23 - Service: Aardvark Professional Audio Manager - Unknown - C:\Program Files\Aardvark\aardvark.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 18, 2018, 11:13:31 AM