PDA

View Full Version : Virtumonde



Nickfury99
2009-01-15, 13:43
Hi Gents,
Here is my log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 8:30:50, on 2009-01-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TCOstream\client\tsrvctl_nt.exe
C:\Program Files\TCOstream\client\tclient.exe
C:\WINDOWS\system32\sysagboot.exe
C:\Program Files\TCOstream\client\TAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\epk5.tmp
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O3 - Toolbar: (no name) - {90222687-F593-4738-B738-FBEE9C7B26DF} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: *.acegolf.com
O15 - Trusted Zone: *.americanexpress.co.kr
O15 - Trusted Zone: creative365.cafe24.com
O15 - Trusted Zone: *.mpi.dacom.net
O15 - Trusted Zone: http://*.kcp.co.kr
O15 - Trusted Zone: http://*.korea7.co.kr
O15 - Trusted Zone: *.kumhoresort.co.kr
O15 - Trusted Zone: *.lotte.com
O15 - Trusted Zone: http://*.lottecard.co.kr
O15 - Trusted Zone: *.lottecardflower.co.kr
O15 - Trusted Zone: *.lottetown.com
O15 - Trusted Zone: http://*.siren24.co.kr
O15 - Trusted Zone: http://*.siren24.com
O15 - Trusted Zone: http://*.telec.co.kr
O15 - Trusted Zone: http://*.vpay.co.kr
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {02431A5A-0036-4851-AB6A-69783F89364A} - http://www.ebsi.co.kr/ebs/ActiveX/iEBSWAX.cab
O16 - DPF: {02FE7E8D-9DBD-4F77-8824-26C45D56CA9A} (CHZERO MAP CTRL) - http://gisweb4.chzero.com/zeromap/IMAPOCX_WEB.CAB
O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg6.cyworld.com/ImageUpload/CyImageUpload_10217.cab
O16 - DPF: {0A4E624A-F7EA-4313-B721-C5669E0C6266} (TrustSiteAuction Control) - http://download.auction.co.kr/activexpay/TrustSiteAuctionCtrl.cab
O16 - DPF: {0c72835a-34c5-4273-a700-a2347e784b58} -
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1545689F-FB2C-4941-B7B5-FE21D1F789E7} (TrustSite 1.0 Control) - http://img.telec.co.kr/file/trustsitex/trustsitex.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {15C4019C-C917-4905-999A-99B4EC71B7CF} (DaumPlayerPan Class) - http://listen.daum.net/52st/DaumMPlayer/DaumMPlayer.dll
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2022EE84-1E1F-45B0-8D35-FF9DA75366BC} (ExpressViewer Class) - http://download.softforum.co.kr/Published/XecureExpressI/v2.4.1.0/xei_install2.cab
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} (XacsPop Control) - https://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20080924.cab
O16 - DPF: {216FC5D2-962D-4DD6-A000-02754CF91231} (MxMenu Class) - http://k7store.korea7.co.kr/upload/download/component/MxMenu.cab
O16 - DPF: {2506B38B-0FF7-4249-BA3E-8BC1DC399FBB} (MxDataSet Class) - http://k7store.korea7.co.kr/upload/download/component/MxDataSet.cab
O16 - DPF: {2A8C9C77-DA27-4D81-BBC9-873A892CEE38} (CHZERO REMOTE CTRL) - http://gisweb4.chzero.com/zeromap/IMAPOCX_WEB.CAB
O16 - DPF: {2A99B1B3-E263-4A00-A167-C1B967716DE2} (MxChart Class) - http://k7store.korea7.co.kr/upload/download/component/MxChart.cab
O16 - DPF: {2B0B1D8B-CAAA-4E06-BD9A-A09A916BD67A} (MxImageSet Class) - http://k7store.korea7.co.kr/upload/download/component/MxImageSet.cab
O16 - DPF: {2F5DF8D9-F63C-460E-B5CB-399E816B0274} (MxTextArea Class) - http://k7store.korea7.co.kr/upload/download/component/MxTextArea.cab
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} (INISAFE Updater Control) - http://www.hanabank.com/shttp/install/down/INIS70.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://www.wetax.go.kr/fileRepository/setup/SoftCamp/scsk4.cab
O16 - DPF: {42E8651D-C437-4203-93F5-24E20C2C4465} (KvpVCardCtl Control) - https://www.vpay.co.kr/kvpfiles/KVPCyberCard.cab
O16 - DPF: {46681002-27E5-4759-8200-E7097D1C3CDD} (SKCrypAX Control) - http://www.lotte.com/common/cabs/SKCrypAX.cab
O16 - DPF: {476384DC-43F5-49F0-9803-DEFB13DD7CFE} (JwEditor Professional 2.3) - http://k7store.korea7.co.kr/upload/download/component/JwEditorPro.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
O16 - DPF: {4A35BB2C-B831-4199-A486-FEA332D085D9} (MxBinder Class) - http://k7store.korea7.co.kr/upload/download/component/MxBinder.cab
O16 - DPF: {4AEAFD66-8D65-41AC-B1D1-57E7FF2A734F} (MxMaskEdit Class) - http://k7store.korea7.co.kr/upload/download/component/MxMaskEdit.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.lll.guri.go.kr/ictenglish/install/setup.exe
O16 - DPF: {50640DA2-6367-400D-9B77-18F6969F1D47} (WebPriKTF Control) - http://www.ktfmembers.com/download/web_prt/WebPri_KTF.cab
O16 - DPF: {56C13C6F-9A84-4287-920A-513F1184C250} (SaferCrypto Control) - http://www.lotte.com/signkorea_cert/crypto/SaferCrypto.cab
O16 - DPF: {6368221B-31D9-4BE6-8937-B4F37B3930B8} (NpZoneMgr Control) - http://update.nprotect.net/npzone/lottecard/npZoneMgr.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://ec2.kicc.co.kr/PLUGIN_GS/EasyPlugX.cab
O16 - DPF: {6BA6E0F6-E3A1-45ED-9E03-CBFC682EC63C} (MxTab Class) - http://k7store.korea7.co.kr/upload/download/component/MxTab.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://www.gmarket.co.kr/CKKeyPro/CKKeyPro.cab
O16 - DPF: {6DD1CE9F-1722-46F0-AF93-B2BC58383CD2} (MxTree Class) - http://k7store.korea7.co.kr/upload/download/component/mxtree.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.letskt.com/imas/IniMasPlugin.cab
O16 - DPF: {72DB436D-05E9-45D1-9E3D-FCC4749EBDE7} (IssacWebSE_AE Class) - http://www.wetax.go.kr/fileRepository/setup/IssacWebSE_AE_3_2_0_1.cab
O16 - DPF: {78E24950-4295-43D8-9B1A-1F41CD7130E5} (MxLogicalTR Class) - http://k7store.korea7.co.kr/upload/download/component/MxLogicalTR.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.gsestore.co.kr/XecureObject/xw_install.cab
O16 - DPF: {857BAFDB-41FC-4A02-86D9-78B884AF6437} (mkdiniswCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdinisw.cab
O16 - DPF: {884E8485-BAA8-4081-BFA9-2E12C7DAFDEB} (WebProtectorControlEx Control) - http://www.albamon.com/WebSecuritySetup/webprotectorcontrolex.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPictureU1.cab?20080604
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - https://v3d.kcp.co.kr/file/kcp_ansimclick.cab
O16 - DPF: {9B72B706-C578-4B7A-9C05-2324C95970A4} (EPMpi Control) - https://kspay.ksnet.to/vistampi/KSNetMPI.cab
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/down/NaverFile.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - https://acs1.lottecard.co.kr/visa3d/kdfense/kdfense8305.cab
O16 - DPF: {A56A1518-A259-4109-98B3-06A30F09AB1B} (JXMailViewer Control) - http://www.ktfmembers.com/download/cyberbillSecure/JXmailActiveX.cab
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - http://pgdownload.lgdacom.net/dacom/IssacWebProCMS_4_2_6_8_DACOM.cab
O16 - DPF: {AD9C353A-6F31-11D4-8923-00404401537A} (NScanner Control) - http://k7store.korea7.co.kr/upload/download/component/NScanner.cab
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - http://download.auction.co.kr/activexpay/20080430/BankPayEFT.cab
O16 - DPF: {B22DC058-80A2-438F-A64D-08B3B04AD7E0} (MxRadio Class) - http://k7store.korea7.co.kr/upload/download/component/MxRadio.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2
O16 - DPF: {BB154B2E-8D5A-4A22-9B0A-0AC1FEBB7E3F} (Korea7 Control) - http://k7store.korea7.co.kr/upload/download/component/Korea7.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - https://acs2.lottecard.co.kr/visa3d/infovine/VineTransfer.cab
O16 - DPF: {C16D796C-337C-11DB-8C7F-0003FF053800} (BrainPower_EBSi.BrainPower) - http://www.ebsi.co.kr/ebs/ActiveX/megabrain/BrainPower_EBSi.CAB
O16 - DPF: {C722848E-C7EE-4DC6-947E-C2CD49BBA9DE} (MxFileControl Class) - http://k7store.korea7.co.kr/upload/download/component/MxFileControl.cab
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworld.com/cymusic/package/skcinst.cab
O16 - DPF: {CC26E2A9-760B-4EA6-8DDF-DB423FD24089} (MxReport Class) - http://k7store.korea7.co.kr/upload/download/component/mxreport.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/module/npx.cab
O16 - DPF: {D1045FA5-B671-4A2A-8ADC-FA10CA427B88} (GfpdInfo Control) - http://k7store.korea7.co.kr/upload/download/component/GfpdInfo.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://image.gsestore.co.kr/sr07/nProtect/npkcx.cab
O16 - DPF: {D8BCC087-4710-427D-B2E4-A4B93B6EA197} (MxCombo Class) - http://k7store.korea7.co.kr/upload/download/component/MxCombo.cab
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} (INIwallet60 Control) - http://plugin.inicis.com/wallet60/INIwallet60.cab
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://pg.banktown.com/wallet/plugin/BtPmntClient.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {EA8B6EE6-3DD8-4534-B4BB-27148CF0042B} (MxGrid Class) - http://k7store.korea7.co.kr/upload/download/component/mxgrid.cab
O16 - DPF: {F290B058-CB26-460E-B3D4-8F36AEEDBE44} (IEPrint Control) - http://k7store.korea7.co.kr/upload/download/component/IEPrint.cab
O16 - DPF: {F7BBD0BD-CB3D-40BB-ADC1-85E7D46D0581} (RegKFB Control) - http://www.scfirstbank.com/newweb/ko_KR/common/classes/RegKFB.cab
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - https://www.isaackorea.net/update/ansim/ilkactx.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.10113.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Apple 모바일 장비 (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour 서비스 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\fci.exe.exe:ext.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper (getplus(r) helper) - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Boot Service (SystemBootService) - Unknown owner - C:\WINDOWS\system32\sysagboot.exe
O23 - Service: System Loader (SystemLoader) - Medialand, Inc - C:\WINDOWS\system32\SysLoader.exe
O23 - Service: TCO!stream Client Service (TClientService) - Medialand, Inc. - C:\Program Files\TCOstream\client\tclient.exe
O23 - Service: TCO!stream Control Service (tcontrolservice) - Medialand, Inc - C:\Program Files\TCOstream\client\tsrvctl_nt.exe

--
End of file - 17422 bytes