kingoftheace
-
Content Count
2 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by kingoftheace
-
-
Basically the problem is random commercials are being played through the speakers at random times, can't pinpoint the source.
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
LockSearch by jpshortstuff (05.11.09.1)
Log created at 22:00 on 14/12/2009 (MARINA)
Scanning C:\
C:\hiberfil.sys
-------------------------
C:\pagefile.sys
-------------------------
-=E.O.F=-
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:08:19 PM, on 12/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Automatic Update\AutoUpdateGUI.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MARINA\My Documents\Downloads\gmer\gmer.exe
C:\Documents and Settings\MARINA\My Documents\Downloads\gmer\gmer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://diagnostic.amadeus.com
O15 - Trusted Zone: *.amadeus.com
O15 - Trusted Zone: http://diagnostic.1a.amadeus.net
O15 - Trusted Zone: *.amadeus.net
O15 - Trusted Zone: http://*.amadeuscruise.com
O15 - Trusted Zone: *.amadeuscruise.com
O15 - Trusted Zone: http://*.amadeusferry.com
O15 - Trusted Zone: *.amadeusferry.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: *.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: *.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: http://*.wspan.com
O15 - Trusted Zone: http://content.amadeus.com (HKLM)
O15 - Trusted Zone: http://content.1a.amadeus.net (HKLM)
O15 - Trusted Zone: http://*.amadeuscruise.com (HKLM)
O15 - Trusted Zone: http://*.amadeusferry.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O15 - Trusted Zone: http://Muc.http.farm6.software.amadeusvista.com (HKLM)
O15 - Trusted Zone: http://Muc.http.farm8.software.amadeusvista.com (HKLM)
O15 - Trusted Zone: http://Muc.https.farm11.software.amadeusvista.com (HKLM)
O15 - Trusted Zone: http://Muc.https.farm5.software.amadeusvista.com (HKLM)
O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL26P520.CAB
O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) - http://diagnostic.amadeus.com/TravelAgencies/Cabs/DS_Diagnostic.cab
O16 - DPF: {5CCB8990-66EF-4466-B051-CD27FA3821DF} (AmadeusNA.Library) - http://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusCanadaLibrary/msi/V1.0.2/install.cab
O16 - DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} (RegSiteClientTools Class) - http://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Program Files\Automatic Update\AutoUpdate.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
--
End of file - 7380 bytes
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 13 Stepping 6, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[sharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.13
.
C:\ [Fixed-NTFS] .. ( Total:55 Go - Free:46 Go )
D:\ [CD_Rom]
.
Scan : 21:58.52
Path : C:\Documents and Settings\MARINA\My Documents\Downloads\Rooter.exe
User : MARINA ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [system Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (668)
______ \??\C:\WINDOWS\system32\csrss.exe (724)
______ \??\C:\WINDOWS\system32\winlogon.exe (748)
______ C:\WINDOWS\system32\services.exe (796)
______ C:\WINDOWS\system32\lsass.exe (808)
______ C:\WINDOWS\system32\svchost.exe (996)
______ C:\WINDOWS\system32\svchost.exe (1112)
______ C:\WINDOWS\System32\svchost.exe (1260)
______ C:\WINDOWS\system32\svchost.exe (1312)
______ C:\WINDOWS\system32\svchost.exe (1412)
______ C:\WINDOWS\Explorer.EXE (1896)
______ C:\WINDOWS\system32\spoolsv.exe (268)
______ C:\WINDOWS\system32\svchost.exe (932)
______ C:\Program Files\Automatic Update\AutoUpdate.exe (1032)
______ C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (1176)
______ C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (1236)
______ C:\WINDOWS\system32\DVDRAMSV.exe (1380)
______ C:\WINDOWS\system32\svchost.exe (1444)
______ C:\Program Files\Automatic Update\AutoUpdateGUI.exe (1472)
______ c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe (1636)
______ C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (332)
______ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (1524)
______ C:\Program Files\Apoint2K\Apoint.exe (1844)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1868)
______ C:\WINDOWS\system32\hkcmd.exe (1884)
______ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (1904)
______ C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (664)
______ C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (2056)
______ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (2072)
______ C:\WINDOWS\system32\ctfmon.exe (2092)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2112)
______ C:\WINDOWS\system32\RAMASST.exe (2120)
______ C:\Program Files\Apoint2K\Apntex.exe (2540)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3372)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3428)
______ C:\Documents and Settings\MARINA\My Documents\Downloads\mbam-setup.exe (3188)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3788)
______ C:\Documents and Settings\MARINA\My Documents\Downloads\mbam-setup.exe (2784)
______ C:\Documents and Settings\MARINA\My Documents\Downloads\opera-amazing.exe (4064)
______ C:\Documents and Settings\MARINA\My Documents\Downloads\opera-amazing.exe (2748)
______ C:\Documents and Settings\MARINA\My Documents\Downloads\opera-amazing.exe (3216)
______ C:\Documents and Settings\MARINA\My Documents\Downloads\Rooter.exe (3100)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:60011610624)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:58.58
.
C:\Rooter$\Rooter_1.txt - (14/12/2009 | 21:58.58)
My logs, thanks for the help[INACTIVE]
in Malware Removal
Posted
I couldn't get any of the other loggers to run...
I've spent a little more time with the issue today and whats happening is whenever I open IE I get cookies from every ad site under the sun. Even when I don't browse much.