Tech Support Forum - View Single Post - HijackThis log for non-working cmd, regeidt, msconfig, taskmanager

sgu · 04-21-2006, 07:13 PM

Hello,

Sorry about the delay; here are the requested logs. Kaspersky's scan still doesn't start after download. Attached below are

1) PandaSoftware's scan log
2) Ewido's scan log
3) HijackThis' log

Please advice.

Thanks,

--Suresh

1) PandaSoftware:

Incident Status Location

Spyware:spyware/searchcentrix Not disinfected Windows Registry

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@bluestreak[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ehg.hitbox[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@questionmarket[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@servedby.advertising[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@tribalfusion[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@www.affiliatefuel[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@zedo[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@bluestreak[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ehg.hitbox[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@questionmarket[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@servedby.advertising[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@tribalfusion[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@www.affiliatefuel[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@zedo[1].txt

Potentially unwanted tool:Application/Pskill.A Not disinfected C:\admin\tools\pskill.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\admin\tools\VundoFix\VundoFix\process.exe
Potentially unwanted tool:Application/Pskill.K Not disinfected C:\opt\wu\pskill.exe

2) Ewido:

__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\sgu\Cookies\sgu@2o7[2].txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: C:\Documents and Settings\sgu\Cookies\sgu@ads.addynamix[1].txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: C:\Documents and Settings\sgu\Cookies\sgu@ads.pointroll[1].txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: C:\Documents and Settings\sgu\Cookies\sgu@adtech[2].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\sgu\Cookies\sgu@advertising[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\sgu\Cookies\sgu@americanexpress.122.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Documents and Settings\sgu\Cookies\sgu@as-us.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\sgu\Cookies\sgu@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: C:\Documents and Settings\sgu\Cookies\sgu@bluestreak[1].txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: C:\Documents and Settings\sgu\Cookies\sgu@citi.bridgetrack[2].txt
Risk: Medium

Name: TrackingCookie.Coremetrics
Path: C:\Documents and Settings\sgu\Cookies\sgu@data.coremetrics[1].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\sgu\Cookies\sgu@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Ru4
Path: C:\Documents and Settings\sgu\Cookies\sgu@edge.ru4[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\sgu\Cookies\sgu@ehg-dig.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\sgu\Cookies\sgu@ehg-knightridder.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\sgu\Cookies\sgu@ehg.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\sgu\Cookies\sgu@hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Documents and Settings\sgu\Cookies\sgu@mediaplex[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\sgu\Cookies\sgu@perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Qksrv
Path: C:\Documents and Settings\sgu\Cookies\sgu@qksrv[2].txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: C:\Documents and Settings\sgu\Cookies\sgu@questionmarket[2].txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: C:\Documents and Settings\sgu\Cookies\sgu@servedby.advertising[2].txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: C:\Documents and Settings\sgu\Cookies\sgu@statcounter[1].txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\sgu\Cookies\sgu@tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: C:\Documents and Settings\sgu\Cookies\sgu@trafficmp[1].txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: C:\Documents and Settings\sgu\Cookies\sgu@tribalfusion[1].txt
Risk: Medium

Name: TrackingCookie.Adserver
Path: C:\Documents and Settings\sgu\Cookies\sgu@z1.adserver[1].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\sgu\Cookies\sgu@zedo[1].txt
Risk: Medium

Name: Adware.Gator
Path: HKLM\SOFTWARE\Gator.com
Risk: Medium

Name: Adware.Gator
Path: HKLM\SOFTWARE\Gator.com\AppInfo
Risk: Medium

Name: Adware.Gator
Path: HKLM\SOFTWARE\Gator.com\CMEII
Risk: Medium

Name: Adware.Gator
Path: HKLM\SOFTWARE\Gator.com\GInternet
Risk: Medium

Name: Adware.Gator
Path: HKLM\SOFTWARE\Gator.com\GInternet\Proxy
Risk: Medium

Name: Adware.WebEx
Path: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP88\A0007927.dll
Risk: Medium

3) HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 5:47:28 PM, on 4/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\opt\Java\j2re1.4.2_06\bin\javaw.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\OfficeScan NT\tmlisten.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\CClient.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\OfficeScan NT\ofcdog.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Tally Systems Corp\TSCensus\bin\TSUsage32.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\OfficeScan NT\pccntmon.exe
C:\opt\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\MSSQL7\Binn\sqlmangr.exe
c:\admin\tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-blv-proxy.boeing.com:31060
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [iTunesHelper] C:\opt\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\opt\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://qp.mc.com/qp2.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/cli...ex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://anywhere.mc.com/dana-cached/...niperSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.mc.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.mc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.mc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad.mc.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ad.mc.com
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Desk Manager (rdm) - AT&T Research Labs Cambridge - C:\WINDOWS\WinVNC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: TSCensus Collection Client - Tally Systems Corp. - C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe

04-21-2006, 07:13 PM	#6 (permalink)
sgu Registered User Join Date: Apr 2006 Posts: 13 OS: XP Pro	Hello, Sorry about the delay; here are the requested logs. Kaspersky's scan still doesn't start after download. Attached below are 1) PandaSoftware's scan log 2) Ewido's scan log 3) HijackThis' log Please advice. Thanks, --Suresh 1) PandaSoftware: Incident Status Location Spyware:spyware/searchcentrix Not disinfected Windows Registry Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@2o7[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ads.pointroll[1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@apmebf[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@as-us.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@bluestreak[1].txt Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@data.coremetrics[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ehg.hitbox[2].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@go[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@hitbox[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@perf.overture[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@qksrv[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@questionmarket[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@servedby.advertising[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@statcounter[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@tribalfusion[2].txt Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@www.affiliatefuel[1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@z1.adserver[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@zedo[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@2o7[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ads.pointroll[1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@apmebf[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@as-us.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@bluestreak[1].txt Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@data.coremetrics[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@ehg.hitbox[2].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@go[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@hitbox[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@perf.overture[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@qksrv[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@questionmarket[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@servedby.advertising[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@statcounter[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@tribalfusion[2].txt Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@www.affiliatefuel[1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@z1.adserver[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\sgu\Cookies\sgu@zedo[1].txt Potentially unwanted tool:Application/Pskill.A Not disinfected C:\admin\tools\pskill.exe Potentially unwanted tool:Application/Processor Not disinfected C:\admin\tools\VundoFix\VundoFix\process.exe Potentially unwanted tool:Application/Pskill.K Not disinfected C:\opt\wu\pskill.exe 2) Ewido: __________________________________________________ ewido security suite online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.2o7 Path: C:\Documents and Settings\sgu\Cookies\sgu@2o7[2].txt Risk: Medium Name: TrackingCookie.Addynamix Path: C:\Documents and Settings\sgu\Cookies\sgu@ads.addynamix[1].txt Risk: Medium Name: TrackingCookie.Pointroll Path: C:\Documents and Settings\sgu\Cookies\sgu@ads.pointroll[1].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Documents and Settings\sgu\Cookies\sgu@adtech[2].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\sgu\Cookies\sgu@advertising[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\sgu\Cookies\sgu@americanexpress.122.2o7[1].txt Risk: Medium Name: TrackingCookie.Falkag Path: C:\Documents and Settings\sgu\Cookies\sgu@as-us.falkag[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\sgu\Cookies\sgu@atdmt[2].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\sgu\Cookies\sgu@bluestreak[1].txt Risk: Medium Name: TrackingCookie.Bridgetrack Path: C:\Documents and Settings\sgu\Cookies\sgu@citi.bridgetrack[2].txt Risk: Medium Name: TrackingCookie.Coremetrics Path: C:\Documents and Settings\sgu\Cookies\sgu@data.coremetrics[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\sgu\Cookies\sgu@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Ru4 Path: C:\Documents and Settings\sgu\Cookies\sgu@edge.ru4[1].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\sgu\Cookies\sgu@ehg-dig.hitbox[2].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\sgu\Cookies\sgu@ehg-knightridder.hitbox[2].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\sgu\Cookies\sgu@ehg.hitbox[2].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\sgu\Cookies\sgu@hitbox[2].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\sgu\Cookies\sgu@mediaplex[2].txt Risk: Medium Name: TrackingCookie.Overture Path: C:\Documents and Settings\sgu\Cookies\sgu@perf.overture[1].txt Risk: Medium Name: TrackingCookie.Qksrv Path: C:\Documents and Settings\sgu\Cookies\sgu@qksrv[2].txt Risk: Medium Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\sgu\Cookies\sgu@questionmarket[2].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\sgu\Cookies\sgu@servedby.advertising[2].txt Risk: Medium Name: TrackingCookie.Statcounter Path: C:\Documents and Settings\sgu\Cookies\sgu@statcounter[1].txt Risk: Medium Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\sgu\Cookies\sgu@tacoda[2].txt Risk: Medium Name: TrackingCookie.Trafficmp Path: C:\Documents and Settings\sgu\Cookies\sgu@trafficmp[1].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\sgu\Cookies\sgu@tribalfusion[1].txt Risk: Medium Name: TrackingCookie.Adserver Path: C:\Documents and Settings\sgu\Cookies\sgu@z1.adserver[1].txt Risk: Medium Name: TrackingCookie.Zedo Path: C:\Documents and Settings\sgu\Cookies\sgu@zedo[1].txt Risk: Medium Name: Adware.Gator Path: HKLM\SOFTWARE\Gator.com Risk: Medium Name: Adware.Gator Path: HKLM\SOFTWARE\Gator.com\AppInfo Risk: Medium Name: Adware.Gator Path: HKLM\SOFTWARE\Gator.com\CMEII Risk: Medium Name: Adware.Gator Path: HKLM\SOFTWARE\Gator.com\GInternet Risk: Medium Name: Adware.Gator Path: HKLM\SOFTWARE\Gator.com\GInternet\Proxy Risk: Medium Name: Adware.WebEx Path: C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP88\A0007927.dll Risk: Medium 3) HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 5:47:28 PM, on 4/21/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\basfipm.exe C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe C:\MSSQL7\binn\sqlservr.exe C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe C:\OfficeScan NT\ntrtscan.exe C:\WINDOWS\System32\RegSrvc.exe C:\opt\Java\j2re1.4.2_06\bin\javaw.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\OfficeScan NT\tmlisten.exe C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe C:\Program Files\Tally Systems Corp\TSCensus\bin\CClient.exe C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINDOWS\System32\CCM\CcmExec.exe C:\OfficeScan NT\ofcdog.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Tally Systems Corp\TSCensus\bin\TSUsage32.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe C:\OfficeScan NT\pccntmon.exe C:\opt\iTunes\iTunesHelper.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\MSSQL7\Binn\sqlmangr.exe c:\admin\tools\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-blv-proxy.boeing.com:31060 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [iTunesHelper] C:\opt\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [bascstray] BascsTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\opt\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://qp.mc.com/qp2.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/cli...ex/ieatgpc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://anywhere.mc.com/dana-cached/...niperSetup.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.mc.com O17 - HKLM\Software\..\Telephony: DomainName = ad.mc.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.mc.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ad.mc.com O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ad.mc.com O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Desk Manager (rdm) - AT&T Research Labs Cambridge - C:\WINDOWS\WinVNC.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe O23 - Service: TSCensus Collection Client - Tally Systems Corp. - C:\Program Files\Tally Systems Corp\TSCensus\bin\CClientSvc.exe