1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

??oolsv.exe

Discussion in 'Virus & Other Malware Removal' started by mike_da_killa, Apr 8, 2008.

Thread Status:
Not open for further replies.
  1. mike_da_killa

    mike_da_killa Thread Starter

    Joined:
    Apr 8, 2008
    Messages:
    1
    These pop ups are so annoying....

    here is my log

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 1:02:11 AM, on 4/8/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\WinRoll\winroll.exe
    C:\Documents and Settings\Michael\Application Data\?racle\??oolsv.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    G:\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll (file missing)
    O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\cbxvwvt.dll (file missing)
    O2 - BHO: (no name) - {4040C2BB-7555-0DDE-0A62-5C00B9C581EA} - C:\WINDOWS\system32\cyzuz.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {A209B3A2-6119-418E-BE6D-E238A74C06D2} - C:\WINDOWS\system32\awvtu.dll (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5306] command /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Terms.lnk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7446] cmd /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Terms.lnk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA847] command /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Uninstall.lnk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7214] cmd /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Uninstall.lnk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6384] command /c del "C:\Program Files\Outerinfo\FF\install.rdf"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9642] cmd /c del "C:\Program Files\Outerinfo\FF\install.rdf"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7775] command /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7218] cmd /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5077] command /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8137] cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8318] command /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2369] cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5012] command /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Terms.lnk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7980] cmd /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Terms.lnk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4914] command /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Uninstall.lnk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4403] cmd /c del "C:\Documents and Settings\Michael\Start Menu\Programs\Outerinfo\Uninstall.lnk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB432] command /c del "C:\Program Files\Outerinfo\FF\install.rdf"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6691] cmd /c del "C:\Program Files\Outerinfo\FF\install.rdf"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2261] command /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6939] cmd /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7545] command /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4696] cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1989] command /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7611] cmd /c del "C:\WINDOWS\SYSTEM32\drivers\core.cache.dsk"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Winroll.lnk = C:\Program Files\WinRoll\winroll.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1207600207315
    O20 - Winlogon Notify: cbxvwvt - cbxvwvt.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

    --
    End of file - 10428 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Please update your version of Hijackthis:
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.


    Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

    Post the log from ComboFix along with a new HijackThis log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/701501

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice