I am advanced computer user even studying computers but I haven't had much problem with malwares before. Now, I got very annoying problem with advertisement.
The problem has been in and is still that I get advertisement popups from internet. the most typical is www.loadingwebsite.com. Another is www.Paypopup.com. Then there are abcsearch and other too like www.nuker.com. Sometimes I get advertisement, sometimes just blank screen but that's annoying and must get rid of.
Here are the synopsis:
1)I have up to date F-secure Anti-Virus client installed. It doesn't show any infections while full scan tho it founds viruses in temp. internet files for some reason. Does these adv. programs load them more to my system?
2)I used uptodate Ad Aware SE. First time, it showed many harmful infections. I removed them. Now, it doesn't show anything except some data mining cookies
3)I have used SpyBot and immunized the system. Spybot found many infections but removed them.
4)I used XoftSpy. Same thing that Spybot
5)I used Easycleaner and Spywareblaster. No changes even there were a lot to clean.
6)I used HiJackThis. I removed some unneccessary files and some that are maybe dangerous. I got some advices for this too.
Here is the log file:
Logfile of HijackThis v1.99.1
Scan saved at 14:45:17, on 25.5.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Hemmil„t\Ty”p”yt„\l2mfix\second.bat
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downlo...slv32_EN_XP.cab
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
---
then, I will ad SpyBot's recent log. I don't want to remove needed backweb files by F-secure. but is there anything odd?
--- Search result list ---
BackWeb lite: Interface (IBackWebChannelVariable) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC}
BackWeb lite: File extension (Rekisterin avain, nothing done)
HKEY_CLASSES_ROOT\.bwp
BackWeb lite: File extension (Rekisterin avain, nothing done)
HKEY_CLASSES_ROOT\bwpfile
BackWeb lite: Global settings (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\BackWeb
BackWeb lite: Interface (IBackWeb) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF355-5323-11D0-A864-0000B43699FC}
BackWeb lite: Interface (IBackWeb2) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2}
BackWeb lite: Interface (IBackWeb4) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{740904E0-0BFB-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebAlertSettings) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000}
BackWeb lite: Interface (IBackWebAllInfoPakCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8131F530-649E-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebAllStoryCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46423-FF61-11D0-9951-444553540000}
BackWeb lite: Interface (IBackWebApplicationNotifications) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebChannel) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC}
BackWeb lite: Interface (IBackWebChannel2) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebChannel4) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AEE96320-2131-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebChannel4_2) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A}
BackWeb lite: Interface (IBackWebChannelCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC}
BackWeb lite: Interface (IBackWebChannelCollection4) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A}
BackWeb lite: Interface (IBackWebChannelDownloadServices) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9132E380-DC21-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebChannelTableNotifications) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F523082-5A0B-11D0-9B9C-444553540000}
BackWeb lite: Interface (IBackWebChannelVariableCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebCommSettings) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebCommunications) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BAD37BC0-2231-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebDialerSettings) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebDirectory) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{15030BC0-0B52-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebDirectoryEntry) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0C6E0440-0B50-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebDirectoryEntryCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5DF6CE40-0B50-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebDirectoryNotifications) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{41CEBDC0-32C1-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebDisplaySettings) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebDisplaySettings4_2) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A}
BackWeb lite: Interface (IBackWebDownloadTimeConstraint) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6}
BackWeb lite: Interface (IBackWebDownloadTimeConstraintCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6}
BackWeb lite: Interface (IBackWebExtension) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0F4FE440-983F-11D0-9B9C-444553540000}
BackWeb lite: Interface (IBackWebFileAccess) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebFileAccessViaDir) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC}
BackWeb lite: Interface (IBackWebFilterSettings) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000}
BackWeb lite: Interface (IBackWebGeneralSettings) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebGeneralSettings2) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2}
BackWeb lite: Interface (IBackWebInfoPak) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPak4_2) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{610141C2-7701-11D1-B042-004095903824}
BackWeb lite: Interface (IBackWebInfoPakCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPakDownloadServices) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPakFile) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPakFilesCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPakNotifications) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebItemDownloadServices) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebOpenInfoPakFile) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebPlayer) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8028B940-4932-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebSetup) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebSetup4) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A}
BackWeb lite: Interface (IBackWebSetupNotifications) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebStory) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46424-FF61-11D0-9951-444553540000}
BackWeb lite: Interface (IBackWebStoryCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46422-FF61-11D0-9951-444553540000}
BackWeb lite: Interface (IBackWebStoryField) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5B1E13A0-004B-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebStoryFieldCollection) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1D91D9E0-004B-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebStoryTableNotifications) (Rekisterin avain, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{44230BC0-3105-11D1-9951-444553540000}
BackWeb lite: Netscape viewer (Rekisterin arvo, nothing done)
HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers\application/x-iad
BackWeb lite: Netscape viewer (Rekisterin arvo, nothing done)
HKEY_USERS\S-1-5-21-448539723-1383384898-682003330-1004\Software\Netscape\Netscape Navigator\Viewers\application/x-iad
BackWeb lite: Netscape viewer (Rekisterin arvo, nothing done)
HKEY_USERS\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers\application/x-iad
BackWeb lite: Netscape viewer (Rekisterin arvo, nothing done)
HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview
BackWeb lite: Netscape viewer (Rekisterin arvo, nothing done)
HKEY_USERS\S-1-5-21-448539723-1383384898-682003330-1004\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview
BackWeb lite: Netscape viewer (Rekisterin arvo, nothing done)
HKEY_USERS\.DEFAULT\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview
BackWeb lite: User settings (Rekisterin avain, nothing done)
HKEY_USERS\S-1-5-18\Software\BackWeb
BackWeb lite: User settings (Rekisterin avain, nothing done)
HKEY_USERS\S-1-5-21-448539723-1383384898-682003330-1004\Software\BackWeb
BackWeb lite: User settings (Rekisterin avain, nothing done)
HKEY_USERS\.DEFAULT\Software\BackWeb
--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-04-27 Includes\Dialer.sbi
2005-05-12 Includes\Hijackers.sbi
2005-04-15 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-05-11 Includes\Malware.sbi
2005-05-11 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-02-09 Includes\Security.sbi
2005-05-11 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-05-11 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600)
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Security Update for Microsoft Data Access Components
/ Windows Media Player: Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa Q828026]
/ Windows Media Player / SP0: Windows Media Player Hotfix -päivitys [lisätietoja on artikkelissa Q828026]
/ Windows Media Player: Windows Media Update 320920
/ Windows XP / SP1: Windows XP Hotfix - KB821557
/ Windows XP / SP1: Windows XP Hotfix - KB823182
/ Windows XP / SP1: Windows XP Hotfix - KB824105
/ Windows XP / SP1: Windows XP Hotfix- KB824141
/ Windows XP / SP1: Windows XP Hotfix- KB828035
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q305691 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q306582 for more information]
/ Windows XP / SP1 / Q308678: Windows XP Hotfix (SP1) [See Q308678 for more information]
/ Windows XP / SP1 / Q309521: Windows XP Hotfix (SP1) [See Q309521 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311889 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q311967 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q313450 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315000 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q315403 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q317277 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q318138 for more information]
/ Windows XP / SP1: Windows XP Application Compatibility Update[Q319580]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q323172 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324096 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q324380 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q326830 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q328940 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q329170
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329441 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q810577
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811493
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q811630
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q815021
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q817606
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q819696
/ Windows XP / SP2: Windows XP Hotfix- KB823559
/ Windows XP / SP2: Windows XP Hotfix- KB825119
/ Windows XP / SP2: Windows XP Hotfix- KB828741
/ Windows XP / SP2: Windows XP Hotfix- KB833987
/ Windows XP / SP2: Windows XP Hotfix- KB835732
/ Windows XP / SP2: Windows XP Hotfix- KB837001
/ Windows XP / SP2: Windows XP Hotfix- KB839643
/ Windows XP / SP2: Windows XP Hotfix- KB839645
/ Windows XP / SP2: Windows XP Hotfix- KB840315
/ Windows XP / SP2: Windows XP Hotfix- KB840374
/ Windows XP / SP2: Windows XP Hotfix- KB841873
/ Windows XP / SP2: Windows XP Hotfix- KB842773
/ Windows XP / SP2: Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q323255]
/ Windows XP / SP2: Windows XP Hotfix [Lisätietoja saat lukemalla dokumentin Q329115]
--- Startup entries list ---
Located: HK_LM:Run, EM_EXEC
command: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
file: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
size: 28672
MD5: 621e303c3d83ad5ac6072f446e5232b3
Located: HK_LM:Run, F-Secure Manager
command: "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
file: C:\Program Files\F-Secure\Common\FSM32.EXE
size: 118832
MD5: 0f2f4fdb7e1de09593fd7855d28f3e9b
Located: HK_LM:Run, F-Secure TNB
command: "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
file: C:\Program Files\F-Secure\TNB\TNBUtil.exe
size: 684032
MD5: 53cc050273ca9b6e0011b05644bd8482
Located: HK_LM:Run, iTunesHelper
command: C:\Program Files\iTunes\iTunesHelper.exe
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 286720
MD5: a609fb3f0d15b741cd628df2b25f651e
Located: HK_LM:Run, LogitechVideoRepair
command: C:\Program Files\Logitech\Video\ISStart.exe
file: C:\Program Files\Logitech\Video\ISStart.exe
size: 458752
MD5: 3c0ee706ceb7e9a154bf8e7749ca5a91
Located: HK_LM:Run, LogitechVideoTray
command: C:\Program Files\Logitech\Video\LogiTray.exe
file: C:\Program Files\Logitech\Video\LogiTray.exe
size: 217088
MD5: 2d3bcca5c7ca55fedd60e3336d3a92af
Located: HK_LM:Run, LVCOMSX
command: C:\WINDOWS\System32\LVCOMSX.EXE
file: C:\WINDOWS\System32\LVCOMSX.EXE
size: 221184
MD5: 5ba8a7da5d0573f7923e02b260aad2f1
Located: HK_LM:Run, msnappau
command: "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
file: C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
size: 86016
MD5: e377c992dfbb5837826ea311e436c66d
Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\\NeroCheck.exe
file: C:\WINDOWS\System32\\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90
Located: HK_LM:Run, second
command: C:\Documents and Settings\Hemmil„t\Ty”p”yt„\l2mfix\second.bat
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 55296
MD5: 6878f2bfa204da2a4451f91821fd4391
Located: HK_LM:Run, WinampAgent
command: C:\Program Files\Winamp\winampa.exe
file: C:\Program Files\Winamp\winampa.exe
size: 33792
MD5: 11aa6662a1be30375afd1a8407811e7e
Located: HK_LM:Run, zBrowser Launcher
command: C:\Program Files\Logitech\iTouch\iTouch.exe
file: C:\Program Files\Logitech\iTouch\iTouch.exe
size: 520192
MD5: c265e8d31c7bc3a59458a49c6e5ced4b
Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 6815744
MD5: d846554575a9f571d6b891153faa0c50
Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166
Located: Startup (common), hp psc 1000 series.lnk
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
size: 147456
MD5: 03163baf3a5dbf8742804093931d7d32
Located: Startup (common), hpoddt01.exe.lnk
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
size: 28672
MD5: a564a22308a3f55235ba2478ee82992d
--- Browser helper object list ---
--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ()
DPF name:
CLSID name:
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
{14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 6.4.2004 19:03:54
Date (last access): 25.5.2005 15:15:06
Date (last write): 6.4.2004 19:03:54
Filesize: 172072
Attributes: archive
MD5: 94D1773AEAA2197AFEE3A6F8404FE4E9
CRC32: 76C3823D
Version: 0.9.0.2
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 25.9.2004 12:40:58
Date (last access): 25.5.2005 12:36:48
Date (last write): 9.9.2004 14:45:18
Filesize: 54488
Attributes: archive
MD5: 12EF836DCCCDD0211F3E09D72812B9C6
CRC32: 8038F1E1
Version: 0.10.0.1
{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class)
DPF name:
CLSID name: RdxIE Class
description: Netster
classification: Confirmed as malware
known filename:
info link:
info source:
Path: C:\WINDOWS\Downloaded Program Files\
Long name: RdxIE.dll
Short name:
Date (created): 3.6.2004 11:04:04
Date (last access): 25.5.2005 15:15:06
Date (last write): 3.6.2004 11:04:04
Filesize: 520349
Attributes: archive
MD5: 2DBB57FDB7D3BFF88B21924187B3EE02
CRC32: B04A8C78
Version: 0.6.0.0
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class)
DPF name:
CLSID name: GSDACtl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: gsda.dll
Short name:
Date (created): 2.8.2002 11:26:16
Date (last access): 25.5.2005 14:56:30
Date (last write): 2.8.2002 11:26:16
Filesize: 126976
Attributes: archive
MD5: 5EE65B9EC52620265673154EA2B9E5DD
CRC32: 7A1393C7
Version: 0.1.0.0
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11.4.2005 12:20:22
Date (last access): 25.5.2005 14:18:24
Date (last write): 11.4.2005 12:20:22
Filesize: 118784
Attributes: archive
MD5: 36259D36E842FCF12B3D2F3766E7529F
CRC32: F62E6268
Version: 0.57.0.6
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 5.11.2004 16:58:20
Date (last access): 25.5.2005 13:35:52
Date (last write): 5.11.2004 16:58:20
Filesize: 119496
Attributes: archive
MD5: 1B40AA6A5D25E6CB4EDFC4C717113161
CRC32: 4F5D45E3
Version: 0.1.0.0
{B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
DPF name:
CLSID name: ZoneIntro Class
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 6.4.2004 19:03:12
Date (last access): 25.5.2005 13:35:52
Date (last write): 6.4.2004 19:03:12
Filesize: 85032
Attributes: archive
MD5: 65431ACCF09A96C3BE53B7681BFFE44D
CRC32: C8777857
Version: 0.9.0.2
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element)
DPF name:
CLSID name: ASquaredScanForm Element
Path: C:\WINDOWS\DOWNLO~1\
Long name: axscan.ocx
Short name:
Date (created): 5.5.2005 16:28:44
Date (last access): 25.5.2005 13:04:46
Date (last write): 5.5.2005 16:28:44
Filesize: 903680
Attributes: archive
MD5: DD55CC11F700EADBAF1DCC6337C183F6
CRC32: F7EED4BE
Version: 0.1.0.0
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\System32\macromed\flash\
Long name: Flash.ocx
Short name:
Date (created): 9.6.2004 15:59:26
Date (last access): 25.5.2005 14:28:06
Date (last write): 9.6.2004 15:59:26
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 0.7.0.0
{D27CDB6E-AE6D-11CF-96B8-444553546800} ()
DPF name:
CLSID name:
{F72BC3F0-6C20-4793-9DDA-258589D8A907} ()
DPF name:
CLSID name:
Path: C:\WINDOWS\System32\
Long name: netslv32.dll
Short name:
Date (created): 6.9.2004 14:43:46
Date (last access): 25.5.2005 14:56:52
Date (last write): 6.9.2004 14:43:46
Filesize: 9728
Attributes: archive
MD5: 7176C1F29E620D1513BC14D7CD15EB4E
CRC32: EE670AB7
Version: 0.1.0.0
--- Process list ---
Spybot - Search && Destroy process list report, 25.5.2005 15:18:44
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 156 ( 824) C:\Program Files\Logitech\Video\FxSvr2.exe
PID: 176 ( 824) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PID: 368 ( 648) C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
PID: 396 ( 648) C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PID: 412 ( 648) C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
PID: 424 ( 396) C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
PID: 432 ( 368) C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
PID: 448 ( 648) C:\Program Files\F-Secure\Common\FSMA32.EXE
PID: 488 ( 424) C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PID: 516 ( 4) \SystemRoot\System32\smss.exe
PID: 568 ( 448) C:\Program Files\F-Secure\Common\FSMB32.EXE
PID: 580 ( 516) csrss.exe
PID: 604 ( 516) \??\C:\WINDOWS\system32\winlogon.exe
PID: 648 ( 604) C:\WINDOWS\system32\services.exe
PID: 660 ( 604) C:\WINDOWS\system32\lsass.exe
PID: 824 ( 648) C:\WINDOWS\system32\svchost.exe
PID: 840 ( 648) C:\WINDOWS\System32\svchost.exe
PID: 944 ( 648) C:\WINDOWS\System32\svchost.exe
PID: 1100 ( 648) svchost.exe
PID: 1132 ( 648) svchost.exe
PID: 1256 ( 448) C:\Program Files\F-Secure\Common\FCH32.EXE
PID: 1316 ( 648) wdfmgr.exe
PID: 1420 (1400) C:\WINDOWS\Explorer.EXE
PID: 1484 ( 648) C:\WINDOWS\system32\spoolsv.exe
PID: 1644 (1420) C:\WINDOWS\System32\rundll32.exe
PID: 1728 ( 448) C:\Program Files\F-Secure\Common\FAMEH32.EXE
PID: 1784 (1420) C:\Program Files\Logitech\iTouch\iTouch.exe
PID: 1808 (1420) C:\WINDOWS\SOUNDMAN.EXE
PID: 1816 (1420) C:\Program Files\iTunes\iTunesHelper.exe
PID: 1824 (1420) C:\Program Files\Winamp\winampa.exe
PID: 1832 (1420) C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
PID: 1844 (1420) C:\WINDOWS\System32\LVCOMSX.EXE
PID: 1856 (1420) C:\Program Files\Logitech\Video\LogiTray.exe
PID: 1864 (1420) C:\Program Files\F-Secure\Common\FSM32.EXE
PID: 1884 (1420) C:\Program Files\MSN Messenger\msnmsgr.exe
PID: 1916 (1420) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PID: 1928 (1420) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PID: 2304 ( 648) C:\Program Files\iPod\bin\iPodService.exe
PID: 2388 ( 648) C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
PID: 2432 ( 176) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
PID: 2452 ( 648) C:\Program Files\F-Secure\Common\FNRB32.EXE
PID: 2512 (3228) C:\Program Files\F-Secure\FSGUI\fsavgui.exe
PID: 2576 ( 448) C:\Program Files\F-Secure\Common\FIH32.EXE
PID: 2580 ( 448) C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PID: 2820 (1420) C:\Program Files\Internet Explorer\iexplore.exe
PID: 3228 (1864) C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
PID: 3596 (1420) C:\WINDOWS\system32\NOTEPAD.EXE
PID: 4052 (1420) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 25.5.2005 15:18:44
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://g.msn.fi/0SEFIFI/SAOS01
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsof...search.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn...st/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn...st/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0595588-1054-4304-8F03-CC5E3F692CA2}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0595588-1054-4304-8F03-CC5E3F692CA2}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{18129EDA-E127-40E5-9830-FFABC4D62164}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{18129EDA-E127-40E5-9830-FFABC4D62164}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D1F89F8-60FF-4112-9391-EF979CCC1870}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1D1F89F8-60FF-4112-9391-EF979CCC1870}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{69443A4B-D489-46E9-88CC-081D74EEF667}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{69443A4B-D489-46E9-88CC-081D74EEF667}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: NLA-nimiavaruus (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
So. The problem is to get rid of these popups. I am confused. There should be nothing left in computer that can lauch them!? What is wrong in this?
CWShredder found Look2Me but it is removed and cannot be found again. Still, after all cleaning, popups are coming.
Please, some experienced system monitor, help!
As you can see. this computer is not my own. I have got a job to clean this
Edited by Ace81, 25 May 2005 - 06:36 AM.