roberttownsend
asked on
trojans and spyware toshiba laptop
Scan saved at 10:03:16 AM, on 1/16/2000
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TPWRTR AY.EXE
C:\Program Files\TOSHIBA\TME3\TMERzCt l.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME .EXE
C:\Program Files\TOSHIBA\TME3\TMESBS3 2.EXE
C:\Program Files\TOSHIBA\DualPointUti lity\TEDTr ay.exe
C:\Program Files\Toshiba\ConfigFree\N DSTray.exe
C:\toshiba\ivp\ism\pinger. exe
C:\toshiba\sysstability\ts yssmon.exe
C:\WINDOWS\System32\mcc.ex e
C:\WINDOWS\System32\ezSP_P x.exe
C:\PROGRA~1\PANICW~1\POP-U P~1\PSFree .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\DVDRAM SV.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\WINDOWS\system32\scagen t.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs3 2.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3 1.exe
C:\WINDOWS\wanmpsvc.exe
D:\ad remover\HijackThis.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = file://C:\DOCUME~1\Adam\LO CALS~1\Tem p\sp.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = file://C:\DOCUME~1\Adam\LO CALS~1\Tem p\sp.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = file://C:\DOCUME~1\Adam\LO CALS~1\Tem p\sp.html
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = file://C:\DOCUME~1\Adam\LO CALS~1\Tem p\sp.html
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = file://C:\DOCUME~1\Adam\LO CALS~1\Tem p\sp.html
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = file://C:\DOCUME~1\Adam\LO CALS~1\Tem p\sp.html
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page = http://195.225.176.5/
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: UserInit=C:\Windows\System 32\wsaupda ter.exe,
O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-9 8E01BB725C A} - C:\WINDOWS\System32\inetdc tr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: (no name) - {B8F1D117-E260-4FB3-A7D0-B 6E1420CE19 6} - C:\WINDOWS\madopew.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3 1.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt l.EXE /Service
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME .EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3 2.EXE /Client
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUti lity\TEDTr ay.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N DSTray.exe "
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger. exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts yssmon.exe /detect
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.ex e
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup 20.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P x.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP- UP~1\PSFre e.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A8658086-E6AC-4957-BC8E-7 D54A7E8A78 E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-0 0104B107C9 6}
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TPWRTR
C:\Program Files\TOSHIBA\TME3\TMERzCt
C:\Program Files\TOSHIBA\TME3\TMEEJME
C:\Program Files\TOSHIBA\TME3\TMESBS3
C:\Program Files\TOSHIBA\DualPointUti
C:\Program Files\Toshiba\ConfigFree\N
C:\toshiba\ivp\ism\pinger.
C:\toshiba\sysstability\ts
C:\WINDOWS\System32\mcc.ex
C:\WINDOWS\System32\ezSP_P
C:\PROGRA~1\PANICW~1\POP-U
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\DVDRAM
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\system32\scagen
C:\Program Files\TOSHIBA\TME3\Tmesbs3
C:\Program Files\TOSHIBA\TME3\Tmesrv3
C:\WINDOWS\wanmpsvc.exe
D:\ad remover\HijackThis.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: UserInit=C:\Windows\System
O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-9
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {B8F1D117-E260-4FB3-A7D0-B
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUti
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.ex
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-0
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
ASKER