Outer Info

D

Dav

New Member
Outer Info, Help Needed

I keep getting alot of adds that say on the top of them".... By Outer info.

I've already been to outerinfo.com to uninstall a program that may have made its way into my compu but they still keep coming.

What do I do?
 
Last edited:
Besides Control Panel you can grab a free adware remover called AdAware SE Personal free of charge. http://www.lavasoft.com/ Along with seeing that removed you may want to increase your system's security with programs like Grisoft's AVG Free edition, http://free.grisoft.com/doc/2/lng/us/tpl/v5 which can help against pc viruses. It helps to have a familiarity with more then one since no one utility can stop 100% of the adwares, spywares, malwares, viruses, browser hijackers, and the list goes on. MS joined up with Spynet and recently released the beta utility Windows Defender. http://www.microsoft.com/athome/security/spyware/software/default.mspx Some other spy blasters both shareware and freewares can be looked over at a few more sites. http://www.majorgeeks.com/downloads31.html
http://downloads.antionline.com/category/2353-1-n.htm
Here's a few on the most not wanted list and warned against. http://www.spywarewarrior.com/rogue_anti-spyware.htm
 
I have spy sweeper, norton antivirus,and ad aware to remove that kind of stuff. Is there any one guranteed way to remove the Outer Info popup thing?
 
Assuming you have already tried the add/remove in the control panel the manual deletion of values for Outer Info in the system registry would take time and care to see done. Once those values are successfully removed the deletion of any remaining folders(usually in Program Files and MyDoc+Settings\user name\...") could then take place. To Guarranty 100% removal of any software would entail deleting all folders on a drive. But after a removal from the startup, listings in the add/remove in control panel, and the system registry you could run your current utilties as well as some others plus a registry cleaner to see that any missed now invalid entries are removed.

To enter the system registry not advised for those with no experience you would type regedit at the Run prompt off of the Start menu and press enter. A new window appears to display what is called the registry "hives" that break into different sections called the branches. Under the local machine branch you open the software hive to examine all installations listed. If you end up removing the wrong thing.... UT OHHHH! For this you don't want to rush into a manual edit or even a repair install of Windows if not needed.
 
PC eye said:
Assuming you have already tried the add/remove in the control panel the manual deletion of values for Outer Info in the system registry would take time and care to see done. Once those values are successfully removed the deletion of any remaining folders(usually in Program Files and MyDoc+Settings\user name\...") could then take place. To Guarranty 100% removal of any software would entail deleting all folders on a drive. But after a removal from the startup, listings in the add/remove in control panel, and the system registry you could run your current utilties as well as some others plus a registry cleaner to see that any missed now invalid entries are removed.

To enter the system registry not advised for those with no experience you would type regedit at the Run prompt off of the Start menu and press enter. A new window appears to display what is called the registry "hives" that break into different sections called the branches. Under the local machine branch you open the software hive to examine all installations listed. If you end up removing the wrong thing.... UT OHHHH! For this you don't want to rush into a manual edit or even a repair install of Windows if not needed.
Click to expand...
I don't really know how to work the system registry and its not listed in my add/remove programs.How do Iremove thing from startup?

Also I remember searching this forum about outer info and one person was using a logfile of some sort to remove it.Anything on that?
 
There are a number of adware and spyware removers you can find with a few searches on the web. Some will obviously be better to look into. To enter the system registry without doing any damages there for simply looking through the registry "hives" themselves you would simply type in "regedit" at the Run prompt off of the Start menu.

The small boxes on the left of each branch will be a plus(+) when closed up and a minus(-) when opened. There you simply click on the box to the left like you would in MyComputer or Windows Explorer. To remove or modify any value seen there you would first highlight the item and then go up to the EDIT drop down menu on the upper explorer bar. For many with experience the faster method is somply to right click on any value seen.
Often the download of whatever program goes on a system has a brand name or other secondary name then just the Outer Info or similar name you see when installing any software or utility. Also you may see some numbered folder which looks similar to that seen regularly on the hard drive. Once IDed you can often remove all in one by highlighting that and editing it out. The BIG WORD here, however, is to "know" just what you have to remove before goofing up the works then maybe being forced to reinstall Windows to correct any mistakes there. Often advice to use a registry cleaner is given for this reason.
 
PC eye said:
There are a number of adware and spyware removers you can find with a few searches on the web. Some will obviously be better to look into. To enter the system registry without doing any damages there for simply looking through the registry "hives" themselves you would simply type in "regedit" at the Run prompt off of the Start menu.

The small boxes on the left of each branch will be a plus(+) when closed up and a minus(-) when opened. There you simply click on the box to the left like you would in MyComputer or Windows Explorer. To remove or modify any value seen there you would first highlight the item and then go up to the EDIT drop down menu on the upper explorer bar. For many with experience the faster method is somply to right click on any value seen.
Often the download of whatever program goes on a system has a brand name or other secondary name then just the Outer Info or similar name you see when installing any software or utility. Also you may see some numbered folder which looks similar to that seen regularly on the hard drive. Once IDed you can often remove all in one by highlighting that and editing it out. The BIG WORD here, however, is to "know" just what you have to remove before goofing up the works then maybe being forced to reinstall Windows to correct any mistakes there. Often advice to use a registry cleaner is given for this reason.
Click to expand...
well I'm not very good at using a computer so I can't identify exactly what the problem is.

what I do know is that I've used spysweeper,norton antivirus, and ad aware and it still hasn't disappeared. I even have all the updates on them.

Do I post a log of some sort in order to get help?
 
The tool used by some here is called HiJack This. It is one where the tool makes a log of what is seen in the system registry. You would then post or attach that log here. In the meantime you can try some other spyware removers in addition to Adaware SE like the Windows Defender.

Do stay away from Spy Spotter as that is questionably loaded with it's own trojans. That was run earlier to test effectiveness where things acted up. The following links for the Defender and other utilities will include HiJack This.
http://www.microsoft.com/athome/security/spyware/software/default.mspx
http://www.majorgeeks.com/downloads31.html Note some here are shareware not freeware.
 
PC eye said:
The tool used by some here is called HiJack This. It is one where the tool makes a log of what is seen in the system registry. You would then post or attach that log here. In the meantime you can try some other spyware removers in addition to Adaware SE like the Windows Defender.

Do stay away from Spy Spotter as that is questionably loaded with it's own trojans. That was run earlier to test effectiveness where things acted up. The following links for the Defender and other utilities will include HiJack This.
http://www.microsoft.com/athome/security/spyware/software/default.mspx
http://www.majorgeeks.com/downloads31.html Note some here are shareware not freeware.
Click to expand...
alright done
here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:18 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
J:\WINDOWS\ALCXMNTR.EXE
J:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
J:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
J:\Documents and Settings\Owner\My Documents\download\TizzleTalk\TizzleTalk.exe
J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
J:\Program Files\Messenger\msmsgs.exe
J:\Program Files\AIM\aim.exe
J:\Program Files\LimeWire\LimeWire.exe
J:\Program Files\Common Files\??stem32\??xplore.exe
J:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roadrunner.com/
R3 - URLSearchHook: (no name) - {8ADF7C45-DBB4-D345-A6A9-ECCB5F9C58C1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - J:\Program Files\Etomi\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {74243324-CD86-C329-92A9-F98AABA4FB99} - (no file)
O2 - BHO: (no name) - {784D1777-B0D6-BC74-CA0D-D398CA12F4CC} - (no file)
O2 - BHO: (no name) - {8ADF7C45-DBB4-D345-A6A9-ECCB5F9C58C1} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "J:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] J:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "J:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "J:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [TizzleTalk] J:\Documents and Settings\Owner\My Documents\download\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [HP Software Update] J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] J:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: LimeWire On Startup.lnk = J:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with &Shareaza - res://J:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - J:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - J:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: WgaLogon - J:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - J:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - J:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - J:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - J:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
Good! I'll get someone to look at this for you. But with a quick lookover I can see you have both Norton and Symantec as well as Shockwave mixed here. I just got rid of Shockwave yesterday while looking for a utility for a project being worked on. Limewire likes to tie up things when active. But that's not causing any problem while Norton and Symantec alike dig into a system good.
 
Before we clean up the missing files we need to get you cleaned up. Please follow these directions in order.

Step 1


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu


Step 2
Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.
  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Step 3

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
 
Excuse me? Im sorry you think that way. I am not copying anything, me and him are from the same forums.
 
Is that what I should do? anyone else think I should do what jars suggested? Look on pagge 1 for my Hijackthis log
 
Yes please do what i have done. Ewido will clean up most viruses and Panda will tell me what other's are left. Also i will need you to post a new one to see if you picked up anymore infections.
 
Logfile of HijackThis v1.99.1
Scan saved at 5:20:55 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
J:\Program Files\Norton AntiVirus\navapsvc.exe
J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
J:\WINDOWS\ALCXMNTR.EXE
J:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
J:\Program Files\Common Files\Symantec Shared\ccApp.exe
J:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
J:\Program Files\HP\hpcoretech\hpcmpmgr.exe
J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
J:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
J:\Documents and Settings\Owner\My Documents\download\TizzleTalk\TizzleTalk.exe
J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
J:\Program Files\Messenger\msmsgs.exe
J:\Program Files\AIM\aim.exe
J:\Program Files\LimeWire\LimeWire.exe
J:\DOCUME~1\Owner\MYDOCU~1\ICROSO~1\wuauboot.exe
J:\WINDOWS\system32\??stem32\s?oolsv.exe
J:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
J:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R3 - URLSearchHook: (no name) - {8ADF7C45-DBB4-D345-A6A9-ECCB5F9C58C1} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - J:\Program Files\Etomi\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {74243324-CD86-C329-92A9-F98AABA4FB99} - (no file)
O2 - BHO: (no name) - {784D1777-B0D6-BC74-CA0D-D398CA12F4CC} - (no file)
O2 - BHO: (no name) - {8ADF7C45-DBB4-D345-A6A9-ECCB5F9C58C1} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - J:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "J:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] J:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "J:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] J:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "J:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [TizzleTalk] J:\Documents and Settings\Owner\My Documents\download\TizzleTalk\TizzleTalk.exe
O4 - HKLM\..\Run: [HP Software Update] J:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "J:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] J:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: LimeWire On Startup.lnk = J:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = J:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with &Shareaza - res://J:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - J:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - J:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: WgaLogon - J:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - J:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - J:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - J:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - J:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - J:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - J:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - J:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - J:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - J:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

here you go
 
Jars said:
You seem to have forgotten the Ewido and the Panda Log. Please post those.[/QUOTEdidn't know you wanted those, here you are:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:55:27 AM, 6/1/2006
+ Report-Checksum: 271C0DCD

+ Scan result:

No infected objects found.


::Report End

I did one before it, found some bad stuff, but accidentally didn't get to save the report.

I've gotten a bunch of emails from panda that had this in it not too long ago:ADVERTISEMENT



Dear Valued Customer:



Thank you for using ActiveScan!



During the process of scanning your computer we discovered:



18 viruses found

20 files infected

Is there just 1 step I can take to get rid of this Outer info thing? Something that specifically will target Outer Info and get rid of it????
Click to expand...
 
Hijackthis:

Please fix these: J:\WINDOWS\system32\??stem32\s?oolsv.exe

R3 - URLSearchHook: (no name) - {8ADF7C45-DBB4-D345-A6A9-ECCB5F9C58C1} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

and this: R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - J:\Program Files\Etomi\Plugins\RazaWebHook.dll

O2 - BHO: (no name) - {74243324-CD86-C329-92A9-F98AABA4FB99} - (no file)

O2 - BHO: (no name) - {784D1777-B0D6-BC74-CA0D-D398CA12F4CC} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - J:\Program Files\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - J:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O2 - BHO: (no name) - {8ADF7C45-DBB4-D345-A6A9-ECCB5F9C58C1} - (no file)

And please post back another log.
 
Last edited:
You must log in or register to reply here.
Back
Top