1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Pop ups, Outersource and more, I'm sure.

Discussion in 'Virus & Other Malware Removal' started by cj2448, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. cj2448

    cj2448 Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    544
    I researched outersource and I am afraid to follow directions advised for another poster, not sure if other problems on their computer are being addressed, and don't want to mess mine up, anymore than it is!

    This summer has been a nightmare. I rarely use the home computer, but when I do it's been extremely aggravating! I just don't understand why I don't have any problems w/the 6 computers at work, same set up, same security, free avg. At home, the last 2 months, my computer is being attacked. I have restore it and have done it twice..I have thought I have fixed everything, then, POP POP POP again.....my kids are doing something..These are not bad pop ups like I have seen before when working on others computers, but it's drivin' me nuts!

    Also, I have gone into msconfig and cleaned off the whole start up list, 3 times, for some reason it doesn't 'take'? Still have a ton of stuff that is auto start.


    Here is my log, help?

    Logfile of HijackThis v1.99.1
    Scan saved at 8:53:55 AM, on 7/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Outerinfo\Outerinfo.exe
    C:\Program Files\Outerinfo\OuterinfoUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - https://invite.mshow.com/(eivbkf3usvzawa451swpdhbp)/ShowSetup5.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://oma01appgw.west.com/wahatraining01/ICAWEB_common/en/ica32/wficat.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.28.9/ttinst.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Download Combofix and save it to your desktop.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Note: It is important that it is saved directly to your desktop

    Close any open browsers.

    Double click on combofix.exe & follow the prompts.
    When finished, it shall produce a log for you.

    Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  3. cj2448

    cj2448 Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    544
    Attached are the 2 logs as requested. Thanks!
     

    Attached Files:

  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Panda Activescan
    http://www.pandasoftware.com/products/activescan.htm
    1. Once you are on the Panda site click the Scan your PC button
    2. A new window will open...click the Check Now button
    3. Enter your Country
    4. Enter your State/Province
    5. Enter your e-mail address and click send
    6. Select either Home User or Company
    7. Click the big Scan Now button
    8. If it wants to install an ActiveX component allow it
    9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    10. When download is complete, click on Local Disks to start the scan
    11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

    In your next reply, please include the Panda Activescan log. Thanks.
     
  5. cj2448

    cj2448 Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    544
    Here is the log from the scan as you requested.
     

    Attached Files:

  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only


    • Save it to your desktop

      Double-click ATF-Cleaner.exe to run the program.

      Under Main choose: Select All

      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.


    Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

    Files:

    c:\windows\system32\f3PSSavr.scr <-- this file
    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf <-- this file

    ==================================

    Please perform an online scan with a-squared Web Malware Scanner

    [Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]

    1. Click "Scan Your PC".

    2. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Insall ActiveX component.

    3. A new window will appearing asking "Do you want to install this software?""

    4. Select "Install" to download the ActiveX controls.

    5. Click the blue "Scan" botton on the right to begin.

    6. Click on the Quarantine Tab

    7. Go ahead and close all programs and Reboot your Computer.



    Note: If you cannot use IE to run your online scan and have Firefox, then install the IE Tab add-on extension which should allow you to perform the scan through Firefox. After install, close & restart Firefox. Then right click on the page (tab) you want to use in IE tab. This allows you to switch rendering engine.



    If you go to View > Toolbars > make sure Bookmark Toolbar is checked. Then click "Customize" and look for the little IE logo. Click on that icon and drag it to your bookmark toolbar. This makes it much easier to use.
     
  7. cj2448

    cj2448 Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    544
    I downloaded and ran ATF cleaner.

    I went to the website to download the malware thing, but it gets to 'please wait while scanner downloads files' then it says 'error loading engine', I am familiar with the active x popping down on the tool bar, I can't see that happening anywhere.

    Just keeps saying 'error loading engine' after clicking scan pc at this link http://www.emsisoft.com/en/software/ax/?scan=1
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    That's okay.

    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.
     
  9. cj2448

    cj2448 Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    544
    OK...I planned on coming back here a few days ago, in the middle of my living room and kitchen being torn apart and remodled, oy vey, and I was inundated with popups...I could not even get here.

    I used the software that came with the purchase of my computer called RestoreIt http://www.farstone.com/software/restoreit.htm I went back to 7/1...then quickly downloaded AVG complete security whatever it is, used to have the free, so, I am here, the AVG picked up 3 things, a cookie tracker, winfix, and I can't remember the other.

    I guess I need to start over?

    The outersource doesn't appear to be on here anymore, and the crazy pop ups, never have I seen it like this, 30 of 'em, instantly! That is all gone now that I did the RestoreIt

    Attached is a new/current log.

    Sorry 'bout this, don't know what the hay happened.
     

    Attached Files:

  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    The log is clean!!! How is everything running???
     
  11. cj2448

    cj2448 Thread Starter

    Joined:
    Apr 25, 2004
    Messages:
    544
    I am shocked, but happy, there are no pop ups :)

    Computer seems to be dragging a bit. I just finished cleaning out programs not used anymore. Going to run the ATF right now. Going to defrag.

    I want to make it so that you have to have password to get onto the computer. I was able to set it up for user but not when it initally starts. I'm sure I can figure that one out by googlin'.

    I still have the start up problem. I went to msconfig then start up and unchecked a ton of stuff. They go away for a start up or 2 then they are back again. I don't know why that keeps happening.
     
  12. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Could follow my post about SuperAnti-Spyware and post the log. Thanks.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593181

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice