Solved: Pop ups, Outersource and more, I'm sure.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
I researched outersource and I am afraid to follow directions advised for another poster, not sure if other problems on their computer are being addressed, and don't want to mess mine up, anymore than it is!

This summer has been a nightmare. I rarely use the home computer, but when I do it's been extremely aggravating! I just don't understand why I don't have any problems w/the 6 computers at work, same set up, same security, free avg. At home, the last 2 months, my computer is being attacked. I have restore it and have done it twice..I have thought I have fixed everything, then, POP POP POP again.....my kids are doing something..These are not bad pop ups like I have seen before when working on others computers, but it's drivin' me nuts!

Also, I have gone into msconfig and cleaned off the whole start up list, 3 times, for some reason it doesn't 'take'? Still have a ton of stuff that is auto start.


Here is my log, help?

Logfile of HijackThis v1.99.1
Scan saved at 8:53:55 AM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Outerinfo\Outerinfo.exe
C:\Program Files\Outerinfo\OuterinfoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster 16\pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm565YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - https://invite.mshow.com/(eivbkf3usvzawa451swpdhbp)/ShowSetup5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://oma01appgw.west.com/wahatraining01/ICAWEB_common/en/ica32/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.28.9/ttinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
Joined
Sep 8, 2005
Messages
9,113
Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Joined
Sep 8, 2005
Messages
9,113
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
  1. Once you are on the Panda site click the Scan your PC button
  2. A new window will open...click the Check Now button
  3. Enter your Country
  4. Enter your State/Province
  5. Enter your e-mail address and click send
  6. Select either Home User or Company
  7. Click the big Scan Now button
  8. If it wants to install an ActiveX component allow it
  9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  10. When download is complete, click on Local Disks to start the scan
  11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

In your next reply, please include the Panda Activescan log. Thanks.
 
Joined
Sep 8, 2005
Messages
9,113
Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only


  • Save it to your desktop

    Double-click ATF-Cleaner.exe to run the program.

    Under Main choose: Select All

    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All

    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All

    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Files:

c:\windows\system32\f3PSSavr.scr <-- this file
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf <-- this file

==================================

Please perform an online scan with a-squared Web Malware Scanner

[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]

1. Click "Scan Your PC".

2. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Insall ActiveX component.

3. A new window will appearing asking "Do you want to install this software?""

4. Select "Install" to download the ActiveX controls.

5. Click the blue "Scan" botton on the right to begin.

6. Click on the Quarantine Tab

7. Go ahead and close all programs and Reboot your Computer.



Note: If you cannot use IE to run your online scan and have Firefox, then install the IE Tab add-on extension which should allow you to perform the scan through Firefox. After install, close & restart Firefox. Then right click on the page (tab) you want to use in IE tab. This allows you to switch rendering engine.



If you go to View > Toolbars > make sure Bookmark Toolbar is checked. Then click "Customize" and look for the little IE logo. Click on that icon and drag it to your bookmark toolbar. This makes it much easier to use.
 

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
I downloaded and ran ATF cleaner.

I went to the website to download the malware thing, but it gets to 'please wait while scanner downloads files' then it says 'error loading engine', I am familiar with the active x popping down on the tool bar, I can't see that happening anywhere.

Just keeps saying 'error loading engine' after clicking scan pc at this link http://www.emsisoft.com/en/software/ax/?scan=1
 
Joined
Sep 8, 2005
Messages
9,113
That's okay.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
 

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
OK...I planned on coming back here a few days ago, in the middle of my living room and kitchen being torn apart and remodled, oy vey, and I was inundated with popups...I could not even get here.

I used the software that came with the purchase of my computer called RestoreIt http://www.farstone.com/software/restoreit.htm I went back to 7/1...then quickly downloaded AVG complete security whatever it is, used to have the free, so, I am here, the AVG picked up 3 things, a cookie tracker, winfix, and I can't remember the other.

I guess I need to start over?

The outersource doesn't appear to be on here anymore, and the crazy pop ups, never have I seen it like this, 30 of 'em, instantly! That is all gone now that I did the RestoreIt

Attached is a new/current log.

Sorry 'bout this, don't know what the hay happened.
 

Attachments

cj2448

Thread Starter
Joined
Apr 25, 2004
Messages
544
I am shocked, but happy, there are no pop ups :)

Computer seems to be dragging a bit. I just finished cleaning out programs not used anymore. Going to run the ATF right now. Going to defrag.

I want to make it so that you have to have password to get onto the computer. I was able to set it up for user but not when it initally starts. I'm sure I can figure that one out by googlin'.

I still have the start up problem. I went to msconfig then start up and unchecked a ton of stuff. They go away for a start up or 2 then they are back again. I don't know why that keeps happening.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top