My logs, thanks for the help[INACTIVE]

[kingoftheace]

Basically the problem is random commercials are being played through the speakers at random times, can't pinpoint the source.

CKScanner - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11

----- EOF -----

LockSearch by jpshortstuff (05.11.09.1)

Log created at 22:00 on 14/12/2009 (MARINA)

Scanning C:\

C:\hiberfil.sys

-------------------------

C:\pagefile.sys

-------------------------

-=E.O.F=-

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 10:08:19 PM, on 12/14/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Automatic Update\AutoUpdate.exe

C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Automatic Update\AutoUpdateGUI.exe

c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\MARINA\My Documents\Downloads\gmer\gmer.exe

C:\Documents and Settings\MARINA\My Documents\Downloads\gmer\gmer.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://diagnostic.amadeus.com

O15 - Trusted Zone: *.amadeus.com

O15 - Trusted Zone: http://diagnostic.1a.amadeus.net

O15 - Trusted Zone: *.amadeus.net

O15 - Trusted Zone: http://*.amadeuscruise.com

O15 - Trusted Zone: *.amadeuscruise.com

O15 - Trusted Zone: http://*.amadeusferry.com

O15 - Trusted Zone: *.amadeusferry.com

O15 - Trusted Zone: http://*.amadeusproweb.com

O15 - Trusted Zone: *.amadeusproweb.com

O15 - Trusted Zone: http://*.amadeusproweb.com

O15 - Trusted Zone: http://*.amadeusvista.com

O15 - Trusted Zone: *.amadeusvista.com

O15 - Trusted Zone: http://*.amadeusvista.com

O15 - Trusted Zone: http://*.wspan.com

O15 - Trusted Zone: http://content.amadeus.com (HKLM)

O15 - Trusted Zone: http://content.1a.amadeus.net (HKLM)

O15 - Trusted Zone: http://*.amadeuscruise.com (HKLM)

O15 - Trusted Zone: http://*.amadeusferry.com (HKLM)

O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)

O15 - Trusted Zone: http://*.amadeusproweb.com (HKLM)

O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)

O15 - Trusted Zone: http://Muc.http.farm6.software.amadeusvista.com (HKLM)

O15 - Trusted Zone: http://Muc.http.farm8.software.amadeusvista.com (HKLM)

O15 - Trusted Zone: http://Muc.https.farm11.software.amadeusvista.com (HKLM)

O15 - Trusted Zone: http://Muc.https.farm5.software.amadeusvista.com (HKLM)

O15 - Trusted Zone: http://*.amadeusvista.com (HKLM)

O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - http://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL26P520.CAB

O16 - DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} (Amadeus DS Diagnostic Class) - http://diagnostic.amadeus.com/TravelAgencies/Cabs/DS_Diagnostic.cab

O16 - DPF: {5CCB8990-66EF-4466-B051-CD27FA3821DF} (AmadeusNA.Library) - http://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusCanadaLibrary/msi/V1.0.2/install.cab

O16 - DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} (RegSiteClientTools Class) - http://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Amadeus Automatic Update - Amadeus - C:\Program Files\Automatic Update\AutoUpdate.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

--

End of file - 7380 bytes

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP Home Edition (5.1.2600) Service Pack 2

[32_bits] - x86 Family 6 Model 13 Stepping 6, GenuineIntel

.

[wscsvc] STOPPED (state:1) : Security Center -> Disabled !

[sharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !

.

Internet Explorer 7.0.5730.13

.

C:\ [Fixed-NTFS] .. ( Total:55 Go - Free:46 Go )

D:\ [CD_Rom]

.

Scan : 21:58.52

Path : C:\Documents and Settings\MARINA\My Documents\Downloads\Rooter.exe

User : MARINA ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (668)

______ \??\C:\WINDOWS\system32\csrss.exe (724)

______ \??\C:\WINDOWS\system32\winlogon.exe (748)

______ C:\WINDOWS\system32\services.exe (796)

______ C:\WINDOWS\system32\lsass.exe (808)

______ C:\WINDOWS\system32\svchost.exe (996)

______ C:\WINDOWS\system32\svchost.exe (1112)

______ C:\WINDOWS\System32\svchost.exe (1260)

______ C:\WINDOWS\system32\svchost.exe (1312)

______ C:\WINDOWS\system32\svchost.exe (1412)

______ C:\WINDOWS\Explorer.EXE (1896)

______ C:\WINDOWS\system32\spoolsv.exe (268)

______ C:\WINDOWS\system32\svchost.exe (932)

______ C:\Program Files\Automatic Update\AutoUpdate.exe (1032)

______ C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (1176)

______ C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (1236)

______ C:\WINDOWS\system32\DVDRAMSV.exe (1380)

______ C:\WINDOWS\system32\svchost.exe (1444)

______ C:\Program Files\Automatic Update\AutoUpdateGUI.exe (1472)

______ c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe (1636)

______ C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (332)

______ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (1524)

______ C:\Program Files\Apoint2K\Apoint.exe (1844)

______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1868)

______ C:\WINDOWS\system32\hkcmd.exe (1884)

______ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (1904)

______ C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (664)

______ C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (2056)

______ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (2072)

______ C:\WINDOWS\system32\ctfmon.exe (2092)

______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2112)

______ C:\WINDOWS\system32\RAMASST.exe (2120)

______ C:\Program Files\Apoint2K\Apntex.exe (2540)

______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3372)

______ C:\Program Files\Mozilla Firefox\firefox.exe (3428)

______ C:\Documents and Settings\MARINA\My Documents\Downloads\mbam-setup.exe (3188)

______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3788)

______ C:\Documents and Settings\MARINA\My Documents\Downloads\mbam-setup.exe (2784)

______ C:\Documents and Settings\MARINA\My Documents\Downloads\opera-amazing.exe (4064)

______ C:\Documents and Settings\MARINA\My Documents\Downloads\opera-amazing.exe (2748)

______ C:\Documents and Settings\MARINA\My Documents\Downloads\opera-amazing.exe (3216)

______ C:\Documents and Settings\MARINA\My Documents\Downloads\Rooter.exe (3100)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:60011610624)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\SA.DAT

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 21:58.58

.

C:\Rooter$\Rooter_1.txt - (14/12/2009 | 21:58.58)

[Rorschach112]

got the OTL and GMER logs ?

[kingoftheace]

got the OTL and GMER logs ?

I couldn't get any of the other loggers to run...

I've spent a little more time with the issue today and whats happening is whenever I open IE I get cookies from every ad site under the sun. Even when I don't browse much.

[Rorschach112]

rename the tools to svchost.com, do they run then ?

if not do this

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

[Rorschach112]

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.