roberttownsend
asked on
trojans and spyware toshiba laptop
Scan saved at 10:03:16 AM, on 1/16/2000
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TPWRTR
C:\Program Files\TOSHIBA\TME3\TMERzCt
C:\Program Files\TOSHIBA\TME3\TMEEJME
C:\Program Files\TOSHIBA\TME3\TMESBS3
C:\Program Files\TOSHIBA\DualPointUti
C:\Program Files\Toshiba\ConfigFree\N
C:\toshiba\ivp\ism\pinger.
C:\toshiba\sysstability\ts
C:\WINDOWS\System32\mcc.ex
C:\WINDOWS\System32\ezSP_P
C:\PROGRA~1\PANICW~1\POP-U
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\DVDRAM
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\system32\scagen
C:\Program Files\TOSHIBA\TME3\Tmesbs3
C:\Program Files\TOSHIBA\TME3\Tmesrv3
C:\WINDOWS\wanmpsvc.exe
D:\ad remover\HijackThis.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: UserInit=C:\Windows\System
O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-9
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {B8F1D117-E260-4FB3-A7D0-B
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUti
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.ex
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-0
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TPWRTR
C:\Program Files\TOSHIBA\TME3\TMERzCt
C:\Program Files\TOSHIBA\TME3\TMEEJME
C:\Program Files\TOSHIBA\TME3\TMESBS3
C:\Program Files\TOSHIBA\DualPointUti
C:\Program Files\Toshiba\ConfigFree\N
C:\toshiba\ivp\ism\pinger.
C:\toshiba\sysstability\ts
C:\WINDOWS\System32\mcc.ex
C:\WINDOWS\System32\ezSP_P
C:\PROGRA~1\PANICW~1\POP-U
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\DVDRAM
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\system32\scagen
C:\Program Files\TOSHIBA\TME3\Tmesbs3
C:\Program Files\TOSHIBA\TME3\Tmesrv3
C:\WINDOWS\wanmpsvc.exe
D:\ad remover\HijackThis.exe
C:\temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: Shell=Explorer.exe monitor.exe
F2 - REG:system.ini: UserInit=C:\Windows\System
O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-9
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {B8F1D117-E260-4FB3-A7D0-B
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCt
O4 - HKLM\..\Run: [TMEEJME.EXE] C:\Program Files\TOSHIBA\TME3\TMEEJME
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUti
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.ex
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_P
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A8658086-E6AC-4957-BC8E-7
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-0
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks
ASKER