# Outerinfo Popups!



## NickSing3 (May 6, 2007)

Hi--

I have a problem similar to http://forums.techguy.org/security/460931-outerinfo-popups.html but not exactly the same. These popups from outerinfo come without warning on my computer, one every 8 minutes or so. 
I downloaded and installed Webroot Spy Sweeper, and did a custom scan with everything enabled (including sweeping the system restore files). Here is a log since Friday:

10:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM.HSD1.MA.COMCAST.NET
10:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM
10:39 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM.HSD1.MA.COMCAST.NET
10:39 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM
10:39 AM: ApplicationMinimized - EXIT
10:39 AM: ApplicationMinimized - ENTER
10:38 AM: Your virus definitions have been updated.
10:38 AM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
10:38 AM: Your definitions are up to date.
10:37 AM: ApplicationMinimized - EXIT
10:37 AM: ApplicationMinimized - ENTER
10:34 AM: ApplicationMinimized - EXIT
10:34 AM: ApplicationMinimized - ENTER
10:33 AM: Removal process completed. Elapsed time 00:00:02
10:33 AM: Quarantining All Traces: zedo cookie
10:33 AM: Quarantining All Traces: serving-sys cookie
10:33 AM: Quarantining All Traces: bs.serving-sys cookie
10:33 AM: Quarantining All Traces: atwola cookie
10:33 AM: Quarantining All Traces: atlas dmt cookie
10:33 AM: Quarantining All Traces: advertising cookie
10:33 AM: Quarantining All Traces: yieldmanager cookie
10:33 AM: Quarantining All Traces: 2o7.net cookie
10:33 AM: Quarantining All Traces: Troj/Dloadr-AXZ
10:33 AM: Quarantining All Traces: Troj/Inject-BQ
10:33 AM: Quarantining All Traces: purityscan
10:33 AM: Removal process initiated
2:39 AM: Traces Found: 26
2:39 AM: Custom Sweep has completed. Elapsed time 01:36:59
2:39 AM: File Sweep Complete, Elapsed Time: 01:34:14
2:37 AM: C:\Documents and Settings\Owner.NICKLAPTOP\Start Menu\Programs\Outerinfo\Terms.lnk (3 subtraces) (ID = 2147544766)
2:37 AM: C:\Documents and Settings\Owner.NICKLAPTOP\Start Menu\Programs\Outerinfo\Uninstall.lnk (3 subtraces) (ID = 2147544766)
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\vsoins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\agentins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\mpfins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\agentins.ui]
2:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\mskins.ui]
2:29 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\agentins.ui]
2:13 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\winzip110.exe]
1:54 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
1:54 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
1:54 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
1:30 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
1:29 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
1:14 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]
1:10 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\rfmportscanner.msi]
1:09 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
1:08 AM: C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\mIRC_v6.12_by_p-HeLL.exe (ID = 0)
1:08 AM: Found Troj/Dloadr-AXZ: Troj/Dloadr-AXZ
1:08 AM: C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\mIRC_v6.12_by_p-HeLL.exe (ID = 0)
1:08 AM: Found Troj/Inject-BQ: Troj/Inject-BQ
1:07 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code A0040202] on [c:\program files\cyberlink\dvd solution\skin\mpanel.skn]
1:06 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
1:05 AM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\windows\temp\temporary internet files\content.ie5\56pq4a6p\valert[1].ui]
1:04 AM: C:\Program Files\Outerinfo (3 subtraces) (ID = 2147544766)
1:04 AM: C:\Documents and Settings\Owner.NICKLAPTOP\Start Menu\Programs\Outerinfo (2 subtraces) (ID = 2147551534)
1:04 AM: Starting File Sweep
1:04 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 3762)
1:04 AM: Found Spy Cookie: zedo cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 3343)
1:04 AM: Found Spy Cookie: serving-sys cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 2330)
1:04 AM: Found Spy Cookie: bs.serving-sys cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 2255)
1:04 AM: Found Spy Cookie: atwola cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][2].txt (ID = 2253)
1:04 AM: Found Spy Cookie: atlas dmt cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][2].txt (ID = 2175)
1:04 AM: Found Spy Cookie: advertising cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 3751)
1:04 AM: Found Spy Cookie: yieldmanager cookie
1:04 AM: c:\documents and settings\owner.nicklaptop\cookies\[email protected][1].txt (ID = 1957)
1:04 AM: Found Spy Cookie: 2o7.net cookie
1:04 AM: Starting Cookie Sweep
1:04 AM: Registry Sweep Complete, Elapsed Time:00:00:12
1:04 AM: HKLM\software\microsoft\windows\currentversion\uninstall\outerinfo\ (ID = 2063030)
1:04 AM: Found Adware: purityscan
1:04 AM: Starting Registry Sweep
1:04 AM: Memory Sweep Complete, Elapsed Time: 00:02:29
1:04 AM: Warning: AntiVirus engine for IdentifyMemObject returned [Access Denied] on [C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\??crosoft.NET\t?skmgr.exe]
1:02 AM: Starting Memory Sweep
1:02 AM: Start Custom Sweep
1:02 AM: Sweep initiated using definitions version 907
12:57 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM.HSD1.MA.COMCAST.NET
12:57 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM
12:54 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM
12:54 AM: The Internet Communication shield has blocked access to: AD.OUTERINFO.COM.HSD1.MA.COMCAST.NET
12:39 AM: ApplicationMinimized - EXIT
12:39 AM: ApplicationMinimized - EXIT
12:39 AM: ApplicationMinimized - ENTER
12:39 AM: ApplicationMinimized - ENTER
12:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM
12:39 AM: The Internet Communication shield has blocked access to: NF.OUTERINFO.COM.HSD1.MA.COMCAST.NET
12:37 AM: ApplicationMinimized - EXIT
12:37 AM: ApplicationMinimized - ENTER
12:37 AM: ApplicationMinimized - EXIT
12:37 AM: ApplicationMinimized - EXIT
12:37 AM: ApplicationMinimized - ENTER
12:37 AM: ApplicationMinimized - ENTER
12:37 AM: BHO Shield: found: -- BHO installation allowed at user request
12:37 AM: BHO Shield: found: -- BHO installation denied at user request
12:32 AM: Your virus definitions have been updated.
12:32 AM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
12:32 AM: Your definitions are up to date.
12:32 AM: ApplicationMinimized - EXIT
12:32 AM: ApplicationMinimized - ENTER
12:32 AM: Deletion from quarantine completed. Elapsed time 00:00:00
12:32 AM: Processing: trb.com cookie
12:32 AM: Processing: nextag cookie
12:32 AM: Processing: atwola cookie
12:32 AM: Processing: burstnet cookie
12:32 AM: Processing: burstnet cookie
12:32 AM: Processing: trojan-downloader-waverevenue
12:32 AM: Processing: trojan-downloader-waverevenue
12:32 AM: Processing: maxifiles
12:32 AM: Processing: purityscan
12:32 AM: Processing: purityscan
12:32 AM: Processing: Troj/ByteVeri-N
12:32 AM: Deletion from quarantine initiated
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:31 AM: Shield States
12:31 AM: Spyware Definitions: 907
12:31 AM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
12:31 AM: Spy Sweeper 5.3.2.2361 started
12:31 AM: Spy Sweeper 5.3.2.2361 started
12:31 AM: | Start of Session, Sunday, May 06, 2007 |
***************
9:54 PM: Removal process completed. Elapsed time 00:00:08
9:54 PM: Preparing to restart your computer. Please wait...
9:54 PM: Quarantining All Traces: trb.com cookie
9:54 PM: Quarantining All Traces: nextag cookie
9:54 PM: Quarantining All Traces: burstnet cookie
9:54 PM: Quarantining All Traces: atwola cookie
9:54 PM: Quarantining All Traces: trojan-downloader-waverevenue
9:54 PM: Quarantining All Traces: maxifiles
9:54 PM: Quarantining All Traces: Troj/ByteVeri-N
9:54 PM: c:\windows\m?crosoft\s?oolsv.exe is in use. It will be removed on reboot.
9:54 PM: purityscan is in use. It will be removed on reboot.
9:54 PM: Quarantining All Traces: purityscan
9:54 PM: Removal process initiated
9:13 PM: Traces Found: 13
9:13 PM: Full Sweep has completed. Elapsed time 01:30:34
9:13 PM: File Sweep Complete, Elapsed Time: 01:27:13
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\shared\mcafwel.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\shared\agentcfg.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\shared\mcafwel.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\shared\agentcfg.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\shared\mcafwel.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\shared\agentcfg.cab]
9:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\mpfplus\en-us\us\mpfcfg.cab]
9:10 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code A0040202] on [d:\i386\apps\app07410\pstarter\data2.cab]
9:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu\adobe reader 7.00.cab]
9:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu\data1.cab]
9:02 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip (ID = 0)
9:02 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip (ID = 0)
9:02 PM: Informational: Detected virus Troj/ByteVeri-N in file c:\documents and settings\owner.nicklaptop\application data\sun\java\deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip object Beyond.class
9:02 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip (ID = 0)
9:02 PM: Found Troj/ByteVeri-N: Troj/ByteVeri-N
9:02 PM: Informational: Detected virus Troj/ByteVeri-N in file c:\documents and settings\owner.nicklaptop\application data\sun\java\deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip object VerifierBug.class
9:02 PM: Informational: Detected virus Troj/ByteVeri-N in file c:\documents and settings\owner.nicklaptop\application data\sun\java\deployment\cache\javapi\v1.0\jar\count.jar-43fcd038-5c12ca78.zip object BlackBox.class
9:02 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
9:01 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\vsoins.ui]
9:01 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\vs\agentins.ui]
9:01 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\mskins.ui]
9:00 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\msk\agentins.ui]
9:00 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\agentins.ui]
9:00 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\i386\apps\app13423\mpf\mpfins.ui]
8:46 PM: HKU\S-1-5-21-1406616700-933632625-943660135-1006\Software\Microsoft\Windows\CurrentVersion\Run || Mhr (ID = 0)
8:46 PM: c:\windows\m?crosoft\s?oolsv.exe (ID = 450)
8:46 PM: Found Adware: purityscan
8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\winzip110.exe]
8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
8:13 PM: ApplicationMinimized - EXIT
8:13 PM: ApplicationMinimized - EXIT
8:13 PM: ApplicationMinimized - ENTER
8:13 PM: ApplicationMinimized - ENTER
8:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
7:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]
7:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\owner.nicklaptop\my documents\filelib\rfmportscanner.msi]
7:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
7:48 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code A0040202] on [c:\program files\cyberlink\dvd solution\skin\mpanel.skn]
7:47 PM: C:\WINDOWS\Temp\win3C.tmp.exe (ID = 537820)
7:47 PM: C:\Documents and Settings\Owner.NICKLAPTOP\Local Settings\Temporary Internet Files\Content.IE5\KPUROPAZ\xzc37[1].exe (ID = 537820)
7:47 PM: Found Trojan Horse: trojan-downloader-waverevenue
7:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner.nicklaptop\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
7:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\windows\temp\temporary internet files\content.ie5\56pq4a6p\valert[1].ui]
7:46 PM: Starting File Sweep
7:46 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:46 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2337)
7:46 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3587)
7:46 PM: Found Spy Cookie: trb.com cookie
7:46 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 5014)
7:46 PM: Found Spy Cookie: nextag cookie
7:46 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2336)
7:46 PM: Found Spy Cookie: burstnet cookie
7:46 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2255)
7:46 PM: Found Spy Cookie: atwola cookie
7:46 PM: Starting Cookie Sweep
7:46 PM: Registry Sweep Complete, Elapsed Time:00:00:14
7:46 PM: HKU\S-1-5-21-1406616700-933632625-943660135-1006\software\ipwins\ (ID = 1516546)
7:46 PM: Found Adware: maxifiles
7:46 PM: Starting Registry Sweep
7:46 PM: Memory Sweep Complete, Elapsed Time: 00:03:00
7:45 PM: Warning: AntiVirus engine for IdentifyMemObject returned [Access Denied] on [C:\WINDOWS\M?crosoft\s?oolsv.exe]
7:43 PM: Starting Memory Sweep
7:42 PM: Start Full Sweep
7:42 PM: Sweep initiated using definitions version 907
7:42 PM: Your virus definitions have been updated.
7:42 PM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:42 PM: Shield States
7:42 PM: Spyware Definitions: 907
7:42 PM: Informational: Loaded AntiVirus Engine: 2.45.3; SDK Version: 4.17; Virus Definitions: 5/7/2007 0:0:0 (GMT)
7:42 PM: Spy Sweeper 5.3.2.2361 started
7:42 PM: Spy Sweeper 5.3.2.2361 started
7:42 PM: | Start of Session, Friday, May 04, 2007 |

Here is my recent HijackThis log:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo Desktop\TiVoNotify.exe
C:\Program Files\Vidalia\vidalia.exe
C:\WINDOWS\DOBE~1\services.exe
C:\Program Files\Privoxy\privoxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tor\tor.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\??crosoft.NET\t?skmgr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\VundoFix.exe
C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\filelib\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6959
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C96F830-42DF-7219-A740-69E337E5ADE2} - C:\WINDOWS\system32\mwvsqg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\DOBE~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Qrsowejl] "C:\Documents and Settings\Owner.NICKLAPTOP\My Documents\??crosoft.NET\t?skmgr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Any help would be GREATLY appreciated!
Thanks!

P.S. Running Windows XP Home ED


----------



## NickSing3 (May 6, 2007)

[No message]


----------



## cybertech (Apr 16, 2002)

Closing duplicate thread, please continue here: http://forums.techguy.org/security/570297-popups-trojan-purityscan-outerinfo-please.html


----------

