I i'm having a problem with a virus / trojan, i've done all that i could, and now i need u guys to see if you can find something i didnt noticed.
I've scanned with avg, avast, used hijack this, Kaspersky,
it found a few trojans,
the last trj i found was called: gaopdxsuhveheb.dll in C:\windws\system32 (Win32:Fasec [Trj] )
here's a few logs.
Please help, i really dont want to reformat
- Kaspersky -
<AVZ_CollectSysInfo>
--------------------
Start time: 13/02/2009 2:19:23 PM
Duration: 00:02:44
Finish time: 13/02/2009 2:22:07 PM
<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
13/02/2009 2:19:25 PM Windows version: Windows Vista (TM) Home Premium, Build=6001, SP="Service Pack 1"
13/02/2009 2:19:25 PM System Restore: enabled
13/02/2009 2:19:31 PM 1.1 Searching for user-mode API hooks
13/02/2009 2:19:31 PM Analysis: kernel32.dll, export table found in section .text
13/02/2009 2:19:31 PM Function kernel32.dll:CreateProcessA (151) intercepted, method ProcAddressHijack.GetProcAddress ->75E81C36->61F03F42
13/02/2009 2:19:31 PM Hook kernel32.dll:CreateProcessA (151) blocked
13/02/2009 2:19:31 PM Function kernel32.dll:CreateProcessW (154) intercepted, method ProcAddressHijack.GetProcAddress ->75E81C01->61F04040
13/02/2009 2:19:31 PM Hook kernel32.dll:CreateProcessW (154) blocked
13/02/2009 2:19:31 PM Function kernel32.dll:FreeLibrary (335) intercepted, method ProcAddressHijack.GetProcAddress ->75EC08F8->61F041FC
13/02/2009 2:19:31 PM Hook kernel32.dll:FreeLibrary (335) blocked
13/02/2009 2:19:31 PM Function kernel32.dll:GetModuleFileNameA (503) intercepted, method ProcAddressHijack.GetProcAddress ->75EC440D->61F040FB
13/02/2009 2:19:31 PM Hook kernel32.dll:GetModuleFileNameA (503) blocked
13/02/2009 2:19:31 PM Function kernel32.dll:GetModuleFileNameW (504) intercepted, method ProcAddressHijack.GetProcAddress ->75EC58E5->61F041A0
13/02/2009 2:19:31 PM Hook kernel32.dll:GetModuleFileNameW (504) blocked
13/02/2009 2:19:31 PM Function kernel32.dll:GetProcAddress (54 intercepted, method ProcAddressHijack.GetProcAddress ->75ECB8B6->61F04648
13/02/2009 2:19:31 PM Hook kernel32.dll:GetProcAddress (54 blocked
13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryA (759) intercepted, method ProcAddressHijack.GetProcAddress ->75EA9491->61F03C6F
13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryA (759) blocked
13/02/2009 2:19:31 PM >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryExA (760) intercepted, method ProcAddressHijack.GetProcAddress ->75EA9469->61F03DAF
13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryExA (760) blocked
13/02/2009 2:19:31 PM >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryExW (761) intercepted, method ProcAddressHijack.GetProcAddress ->75EA30C3->61F03E5A
13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryExW (761) blocked
13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryW (762) intercepted, method ProcAddressHijack.GetProcAddress ->75EA361F->61F03D0C
13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryW (762) blocked
13/02/2009 2:19:31 PM IAT modification detected: LoadLibraryW - 01AA0010<>75EA361F
13/02/2009 2:19:31 PM Analysis: ntdll.dll, export table found in section .text
13/02/2009 2:19:31 PM Analysis: user32.dll, export table found in section .text
13/02/2009 2:19:31 PM Analysis: advapi32.dll, export table found in section .text
13/02/2009 2:19:31 PM Analysis: ws2_32.dll, export table found in section .text
13/02/2009 2:19:31 PM Analysis: wininet.dll, export table found in section .text
13/02/2009 2:19:31 PM Analysis: rasapi32.dll, export table found in section .text
13/02/2009 2:19:31 PM Analysis: urlmon.dll, export table found in section .text
13/02/2009 2:19:31 PM Analysis: netapi32.dll, export table found in section .text
13/02/2009 2:19:32 PM 1.2 Searching for kernel-mode API hooks
13/02/2009 2:19:34 PM Driver loaded successfully
13/02/2009 2:19:34 PM SDT found (RVA=12C8C0)
13/02/2009 2:19:34 PM Kernel ntoskrnl.exe found in memory at address 81C07000
13/02/2009 2:19:34 PM SDT = 81D338C0
13/02/2009 2:19:34 PM KiST = 81C748D0 (391)
13/02/2009 2:19:34 PM Function NtEnumerateKey (85) - machine code modification Method of JmpTo. jmp 860992DC
13/02/2009 2:19:34 PM >>> Function restored successfully !
13/02/2009 2:19:34 PM Function NtFlushInstructionCache (8D) - machine code modification Method of JmpTo. jmp 860937EC
13/02/2009 2:19:34 PM >>> Function restored successfully !
13/02/2009 2:19:34 PM Function NtQueryValueKey (FC) - machine code modification Method of JmpTo. jmp 860937B4
13/02/2009 2:19:34 PM >>> Function restored successfully !
13/02/2009 2:19:34 PM Function IofCallDriver (81C4D169) - machine code modification Method of JmpTo. jmp 86099B7A
13/02/2009 2:19:34 PM >>> Function restored successfully !
13/02/2009 2:19:34 PM Function IofCompleteRequest (81C4D1D6) - machine code modification Method of JmpTo. jmp 86FD8CD3
13/02/2009 2:19:34 PM >>> Function restored successfully !
13/02/2009 2:19:35 PM Functions checked: 391, intercepted: 0, restored: 5
13/02/2009 2:19:35 PM 1.3 Checking IDT and SYSENTER
13/02/2009 2:19:35 PM Analysis for CPU 1
13/02/2009 2:19:35 PM Analysis for CPU 2
13/02/2009 2:19:35 PM Checking IDT and SYSENTER - complete
13/02/2009 2:19:36 PM 1.4 Searching for masking processes and drivers
13/02/2009 2:19:36 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
13/02/2009 2:19:36 PM Driver loaded successfully
13/02/2009 2:19:36 PM 1.5 Checking of IRP handlers
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_CREATE] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_CLOSE] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_WRITE] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_EA] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_PNP] = 8461E1F8 -> hook not defined
13/02/2009 2:19:36 PM \driver\tcpip[IRP_MJ_CREATE_NAMED_PIPE] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:36 PM \driver\tcpip[IRP_MJ_READ] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_WRITE] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_QUERY_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_SET_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_QUERY_EA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_SET_EA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_FLUSH_BUFFERS] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_QUERY_VOLUME_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_SET_VOLUME_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_DIRECTORY_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_FILE_SYSTEM_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_SHUTDOWN] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_LOCK_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_CREATE_MAILSLOT] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_QUERY_SECURITY] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_SET_SECURITY] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_POWER] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_SYSTEM_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_DEVICE_CHANGE] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_QUERY_QUOTA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_SET_QUOTA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_PNP] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
13/02/2009 2:19:39 PM Checking - complete
13/02/2009 2:19:40 PM C:\Windows\system32\avgrsstx.dll --> Suspicion for Keylogger or Trojan DLL
13/02/2009 2:19:40 PM C:\Windows\system32\avgrsstx.dll>>> Behavioral analysis
13/02/2009 2:19:40 PM Behaviour typical for keyloggers not detected
13/02/2009 2:19:42 PM Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
13/02/2009 2:19:58 PM Latent loading of libraries through AppInit_DLLs suspected: "avgrsstx.dll"
13/02/2009 2:19:59 PM >>> C:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
13/02/2009 2:19:59 PM >>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
13/02/2009 2:19:59 PM >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-26
13/02/2009 2:19:59 PM >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
13/02/2009 2:19:59 PM >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
13/02/2009 2:19:59 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
13/02/2009 2:19:59 PM >> Security: disk drives' autorun is enabled
13/02/2009 2:19:59 PM >> Security: administrative shares (C$, D$ ...) are enabled
13/02/2009 2:19:59 PM >> Security: anonymous user access is enabled
13/02/2009 200 PM >> Security: sending Remote Assistant queries is enabled
13/02/2009 204 PM >> Disable HDD autorun
13/02/2009 204 PM >> Disable autorun from network drives
13/02/2009 204 PM >> Disable CD/DVD autorun
13/02/2009 204 PM >> Disable removable media autorun
13/02/2009 205 PM System Analysis in progress
13/02/2009 2:22:07 PM System Analysis - complete
13/02/2009 2:22:07 PM Delete file:C:\Users\Big Shu\Desktop\Virus Removal Tool\is-OCAVP\LOG\avptool_syscheck.htm
13/02/2009 2:22:07 PM Delete file:C:\Users\Big Shu\Desktop\Virus Removal Tool\is-OCAVP\LOG\avptool_syscheck.xml
13/02/2009 2:22:07 PM Deleting service/driver: utmwntcz
13/02/2009 2:22:07 PM Delete file:C:\Windows\system32\Drivers\utmwntcz.sys
13/02/2009 2:22:07 PM Deleting service/driver: ujmwntcz
13/02/2009 2:22:07 PM Script executed without errors
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:10 PM, on 13/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\rundll32.exe
C:\Users\Big Shu\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Big Shu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [googletalk] C:\Users\Big Shu\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Big Shu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: is-OCAVP.lnk = C:\Users\Big Shu\Desktop\Virus Removal Tool\is-OCAVP\startup.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/reso...PUplden-ca.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7080 bytes