Hello All -
I'm new to this board and I need help. I have managed to keep my computer clean for some time now, but things have been acting weird as of late. I was hoping you guys could help me. I ran Adaware, Spybot S&D and Pestcontrol (although i wasn't able to use the last b/c it was an evaluation copy...).
My problem is, I keep getting popups. Couple things stand out:
1. The pop up always has the address: C:\Documents and Settings\Saleem\Local Settings\Temp\~DlfnTmp5\index.html
2. I have some weird file running called "prjMensagem" and I don't know what it is.
3. I ran HJT and here is the log. Any help/advice would be appreciated.
Logfile of HijackThis v1.99.0
Scan saved at 2:30:46 AM, on 2/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Saleem\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.159.20.52 www1.ndhosting.com
O1 - Hosts: 66.159.20.52 www3.ndhosting.com
O1 - Hosts: 66.159.20.52 www2.ndhosting.com
O1 - Hosts: 66.159.20.52 www.ndhosting.com
O1 - Hosts: 66.159.20.52 www.kinghost.com
O1 - Hosts: 66.159.20.52 kinghost.com
O1 - Hosts: 66.159.20.52 www1.kinghost.com
O1 - Hosts: 66.159.20.52 www2.kinghost.com
O1 - Hosts: 66.159.20.52 www3.kinghost.com
O1 - Hosts: 66.159.20.52 www4.kinghost.com
O1 - Hosts: 66.159.20.52 www5.kinghost.com
O1 - Hosts: 66.159.20.52 www6.kinghost.com
O1 - Hosts: 66.159.20.52 www7.kinghost.com
O1 - Hosts: 66.159.20.52 www8.kinghost.com
O1 - Hosts: 66.159.20.52 www9.kinghost.com
O1 - Hosts: 66.159.20.52 www10.kinghost.com
O1 - Hosts: 66.159.20.52 smutserver.com
O1 - Hosts: 66.159.20.52 www30.smutserver.com
O1 - Hosts: 66.159.20.52 www31.smutserver.com
O1 - Hosts: 66.159.20.52 www32.smutserver.com
O1 - Hosts: 66.159.20.52 agreathost.net
O1 - Hosts: 66.159.20.52 www.agreathost.net
O1 - Hosts: 66.159.20.52 hotfreehost.com
O1 - Hosts: 66.159.20.52 www.hotfreehost.com
O1 - Hosts: 66.159.20.52 greatfreehost.com
O1 - Hosts: 66.159.20.52 www.greatfreehost.com
O1 - Hosts: 66.159.20.52 freesmutpages.com
O1 - Hosts: 66.159.20.52 www.freesmutpages.com
O1 - Hosts: 66.159.20.52 apornhost.com
O1 - Hosts: 66.159.20.52 www.apornhost.com
O1 - Hosts: 66.159.20.52 nasty-pages.com
O1 - Hosts: 66.159.20.52 www.nasty-pages.com
O1 - Hosts: 66.159.20.52 sexyfreehost.com
O1 - Hosts: 66.159.20.52 www.sexyfreehost.com
O1 - Hosts: 66.159.20.52 x4web.com
O1 - Hosts: 66.159.20.52 www.x4web.com
O1 - Hosts: 66.159.20.52 sexplanets.com
O1 - Hosts: 66.159.20.52 www.sexplanets.com
O1 - Hosts: 66.159.20.52 maxismut.com
O1 - Hosts: 66.159.20.52 www.maxismut.com
O1 - Hosts: 66.159.20.52 tgpfriendly.com
O1 - Hosts: 66.159.20.52 www.tgpfriendly.com
O1 - Hosts: 66.159.20.52 tgp-server.com
O1 - Hosts: 66.159.20.52 www.tgp-server.com
O1 - Hosts: 66.159.20.52 magnaplza.com
O1 - Hosts: 66.159.20.52 www.magnaplza.com
O1 - Hosts: 66.159.20.52 free-xxx-server.com
O1 - Hosts: 66.159.20.52 www.free-xxx-server.com
O1 - Hosts: 66.159.20.52 libereco.net
O1 - Hosts: 66.159.20.52 www.libereco.net
O1 - Hosts: 66.159.20.52 0190-dialer.com
O1 - Hosts: 66.159.20.52 www.0190-dialer.com
O1 - Hosts: 66.159.20.52 xxxod.net
O1 - Hosts: 66.159.20.52 www.xxxod.net
O1 - Hosts: 66.159.20.52 altsights.com
O1 - Hosts: 66.159.20.52 www.altsights.com
O1 - Hosts: 66.159.20.52 adulthosting.com
O1 - Hosts: 66.159.20.52 www.adulthosting.com
O1 - Hosts: 66.159.20.52 superhova.com
O1 - Hosts: 66.159.20.52 www.superhova.com
O1 - Hosts: 66.159.20.52 bestpornhost.com
O1 - Hosts: 66.159.20.52 www.bestpornhost.com
O1 - Hosts: 66.159.20.52 hostingfree.com
O1 - Hosts: 66.159.20.52 www.hostingfree.com
O1 - Hosts: 66.159.20.52 xfreehosting.com
O1 - Hosts: 66.159.20.52 www.xfreehosting.com
O1 - Hosts: 66.159.20.52 blinghosting.com
O1 - Hosts: 66.159.20.52 www.blinghosting.com
O1 - Hosts: 66.159.20.52 x-x-x-hosting.com
O1 - Hosts: 66.159.20.52 www.x-x-x-hosting.com
O1 - Hosts: 66.159.20.52 pornparks.com
O1 - Hosts: 66.159.20.52 www.pornparks.com
O1 - Hosts: 66.159.20.52 sexls.com
O1 - Hosts: 66.159.20.52 www.sexls.com
O1 - Hosts: 66.159.20.52 royalfreehost.com
O1 - Hosts: 66.159.20.52 www.royalfreehost.com
O1 - Hosts: 66.159.20.52 pleasuremedia.com
O1 - Hosts: 66.159.20.52 www.pleasuremedia.com
O1 - Hosts: 66.159.20.52 www.mtree.com
O1 - Hosts: 66.159.20.52 mtree.com
O1 - Hosts: 66.159.20.52 www.dialacom.com
O1 - Hosts: 66.159.20.52 dialacom.com
O1 - Hosts: 66.159.20.52 nocreditcard.com
O1 - Hosts: 66.159.20.52 www.nocreditcard.com
O1 - Hosts: 66.159.20.52 movies-etc.com
O1 - Hosts: 66.159.20.52 www.movies-etc.com
O1 - Hosts: 66.159.20.52 22469.com
O1 - Hosts: 66.159.20.52 alehina.com
O1 - Hosts: 66.159.20.52 allowednet.com
O1 - Hosts: 66.159.20.52 amateurnudephoto.com
O1 - Hosts: 66.159.20.52 amateursgonebad.com
O1 - Hosts: 66.159.20.52 badbimbo.com
O1 - Hosts: 66.159.20.52 beautifulbondage.com
O1 - Hosts: 66.159.20.52 big-xxx-movies.com
O1 - Hosts: 66.159.20.52 bizshura.com
O1 - Hosts: 66.159.20.52 boyanxxx.com
O1 - Hosts: 66.159.20.52 cleanadulthost.com
O1 - Hosts: 66.159.20.52 cleanpornhost.com
O1 - Hosts: 66.159.20.52 cyberxxxhost.com
O1 - Hosts: 66.159.20.52 discretesex.com
O1 - Hosts: 66.159.20.52 easythumbs.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\system32\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\system32\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [TimeUp] C:\Documents and Settings\Saleem\Desktop\TimeUp.exe /T
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BMail Installation] C:\Program Files\iMesh\Client\FTP_back.exe
O4 - HKLM\..\Run: [setFTPBack] C:\WINDOWS\System32\createsw.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [popuppers] C:\WINDOWS\newpop62.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: iMesh Auto Update.lnk = ?
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\system32\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\system32\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\windows\system32\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud4.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud14.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/dell/site/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c336.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://citrix.mdcp.com/Citrix/ICAWEB/en/ica32/ica32t.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20cda06cbaddb675c223/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1.1.48-deleon/GoogleNav.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//install/gtdowngc.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4240/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E83837F-8D2A-45E2-8781-EA98AE8FA1F9}: NameServer = 207.69.188.185,207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E83837F-8D2A-45E2-8781-EA98AE8FA1F9}: NameServer = 207.69.188.185,207.69.188.186
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe