PDA

View Full Version : What's up with th KB Trojans??



Ybotspot
2010-06-13, 19:20
I had a pirated windows 7 ultimate installed & microsoft gave me a day to "fix the problem". I went back to my original install Vista disk, & tried to update but it had tons of problems and now there seems to be some trojan action in between my cmos & the C: drive. is there anyway to get that out??spybot says it's unknown but there's got to be some way?? I Know it came from microsoft...they put it in when I accidently validated (or tried to) my version. ID Care really if I have to stick with the vista My system came with but can I rid my system of Microsofts KB Trojans!!??

-- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2010-06-11 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi
2010-06-08 Includes\AdwareC.sbi
2010-01-25 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2010-06-08 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2010-06-08 Includes\HijackersC.sbi
2010-06-02 Includes\iPhone.sbi
2010-01-20 Includes\Keyloggers.sbi
2010-06-08 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2010-06-01 Includes\Malware.sbi
2010-06-09 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-06-08 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-06-08 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-03-02 Includes\Spyware.sbi
2010-06-08 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-06-01 Includes\Trojans.sbi
2010-06-08 Includes\TrojansC-02.sbi
2010-06-08 Includes\TrojansC-03.sbi
2010-06-08 Includes\TrojansC-04.sbi
2010-06-09 Includes\TrojansC-05.sbi
2010-06-08 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1144104
MD5: 8D54B8CD5930D2A6137D93C23B60C321

Located: HK_LM:Run, mcagent_exe
command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4

Located: HK_LM:Run, MSSE
command: "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
file: c:\Program Files\Microsoft Security Essentials\msseces.exe
size: 1093208
MD5: 5DB28B77A1A75DDDFEED99FB9722C540

Located: HK_LM:Run, PWRISOVM.EXE
command: C:\Program Files\PowerISO\PWRISOVM.EXE
file: C:\Program Files\PowerISO\PWRISOVM.EXE
size: 180224
MD5: AA16204FD1F75637E8EAEB593A8FA597

Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
file: C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
size: 244208
MD5: 0AD1782EDBC87F6C8444D59C382D9197

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4907008
MD5: B503285B5D1CAC5AE445D60C690DCFF9

Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 90112
MD5: 033FF248550305ED52ED2D2844A8A11B

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248040
MD5: 52DB6CDAC5BC7A1FC884E97C41C91213

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, DelayShred
where: .DEFAULT...
command: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q c:\users\ybot\appdata\local\temp\divA727.SH!
file: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE
size: 111904
MD5: 55518A5FBE4437AC2C3E77EDFDEB59A1

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-595247605-2489454064-1107388219-1000...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3872080
MD5: CCEAA8D97341E1335AFC353C03456288

Located: HK_CU:Run, Orb
where: S-1-5-21-595247605-2489454064-1107388219-1000...
command: "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
file: C:\Program Files\Winamp Remote\bin\OrbTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-595247605-2489454064-1107388219-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: HK_CU:Run, DelayShred
where: S-1-5-18...
command: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q c:\users\ybot\appdata\local\temp\divA727.SH!
file: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE
size: 111904
MD5: 55518A5FBE4437AC2C3E77EDFDEB59A1



--- Browser helper object list ---
{27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: McAfee Phishing Filter
CLSID name:

{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAntiPhishingBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: McAntiPhishingBHO
CLSID name: McAfee Phishing Filter
Path: c:\PROGRA~1\mcafee\msk\
Long name: mcapbho.dll
Short name:
Date (created): 6/13/2010 3:46:12 AM
Date (last access): 11/26/2007 10:46:10 AM
Date (last write): 11/26/2007 10:46:10 AM
Filesize: 324936
Attributes: archive
MD5: 4F7DD63B3D09D1CA6C13E53285A1884F
CRC32: 501C5F38
Version: 9.1.107.0

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/11/2010 4:17:38 PM
Date (last access): 6/11/2010 4:17:38 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan\
Long name: scriptsn.dll
Short name:
Date (created): 6/13/2010 3:44:34 AM
Date (last access): 11/9/2007 12:09:08 PM
Date (last write): 11/9/2007 12:09:08 PM
Filesize: 58688
Attributes: archive
MD5: 5B9FCB73F5A4A000C55AFF08B639A07C
CRC32: C78C7E89
Version: 14.0.0.366

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 3:41:30 PM
Date (last access): 6/11/2010 9:44:44 AM
Date (last write): 1/22/2009 3:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 6/12/2010 10:48:06 AM
Date (last access): 6/12/2010 10:48:06 AM
Date (last write): 6/12/2010 10:48:06 AM
Filesize: 41760
Attributes: archive
MD5: 385BD69743EA92E76CDF07B3345A25D5
CRC32: D47CB5BA
Version: 6.0.200.2



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 6/12/2010 10:48:06 AM
Date (last access): 6/12/2010 10:48:06 AM
Date (last write): 6/12/2010 10:48:06 AM
Filesize: 108320
Attributes: archive
MD5: 3F7C69FF524EC11535342108A350A76F
CRC32: 28370E95
Version: 6.0.200.2

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 6/12/2010 10:48:06 AM
Date (last access): 6/12/2010 10:48:06 AM
Date (last write): 6/12/2010 10:48:06 AM
Filesize: 108320
Attributes: archive
MD5: 3F7C69FF524EC11535342108A350A76F
CRC32: 28370E95
Version: 6.0.200.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_20.dll
Short name: NPJPI1~1.DLL
Date (created): 6/12/2010 10:48:08 AM
Date (last access): 6/12/2010 10:48:08 AM
Date (last write): 6/12/2010 10:48:08 AM
Filesize: 136992
Attributes: archive
MD5: E06930C34F16C8AD24AD79502F40026A
CRC32: 529E0B62
Version: 6.0.200.2



--- Process list ---
PID: 3092 (1216) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 3132 (1204) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 3364 (3044) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 3664 (3364) C:\Program Files\Common Files\Java\Java Update\jusched.exe
size: 248040
MD5: 52DB6CDAC5BC7A1FC884E97C41C91213
PID: 3688 (3672) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
size: 49152
MD5: E681281D9BFC9D45D3B72532717E5880
PID: 3696 (3364) C:\Windows\RtHDVCpl.exe
size: 4907008
MD5: B503285B5D1CAC5AE445D60C690DCFF9
PID: 3716 (3364) C:\Program Files\Microsoft Security Essentials\msseces.exe
size: 1093208
MD5: 5DB28B77A1A75DDDFEED99FB9722C540
PID: 3728 (3364) C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4
PID: 3740 (3364) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
size: 1144104
MD5: 8D54B8CD5930D2A6137D93C23B60C321
PID: 3788 (3364) C:\Program Files\PowerISO\PWRISOVM.EXE
size: 180224
MD5: AA16204FD1F75637E8EAEB593A8FA597
PID: 2888 (3688) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
size: 49152
MD5: 25CA1677AAA3CDC99CD4FCF940886F3C
PID: 4684 (3364) C:\Program Files\Internet Explorer\iexplore.exe
size: 638232
MD5: 5C9B1062EA7A44E8F6BFDE994B68C7AA
PID: 4860 (4684) C:\Program Files\Internet Explorer\iexplore.exe
size: 638232
MD5: 5C9B1062EA7A44E8F6BFDE994B68C7AA
PID: 5596 (3364) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 6076 (5596) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
PID: 5060 ( 908) C:\Program Files\McAfee\VirusScan\mcvsshld.exe
size: 361800
MD5: 954AE4CBF9D03DAE20EAE00F66AC2A72
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 528 ( 4) smss.exe
size: 64000
PID: 596 ( 584) csrss.exe
size: 6144
PID: 652 ( 584) wininit.exe
size: 96768
PID: 664 ( 644) csrss.exe
size: 6144
PID: 696 ( 652) services.exe
size: 279552
PID: 708 ( 652) lsass.exe
size: 9728
PID: 716 ( 652) lsm.exe
size: 229888
PID: 884 ( 644) winlogon.exe
size: 314368
PID: 908 ( 696) svchost.exe
size: 21504
PID: 968 ( 696) svchost.exe
size: 21504
PID: 1032 ( 696) MsMpEng.exe
PID: 1116 ( 696) atiesrxx.exe
size: 176128
PID: 1140 ( 696) Ati2evxx.exe
size: 610304
PID: 1176 ( 696) svchost.exe
size: 21504
PID: 1204 ( 696) svchost.exe
size: 21504
PID: 1216 ( 696) svchost.exe
size: 21504
PID: 1308 (1176) audiodg.exe
size: 88576
PID: 1328 ( 696) svchost.exe
size: 21504
PID: 1344 ( 696) SLsvc.exe
size: 3408896
PID: 1400 ( 696) svchost.exe
size: 21504
PID: 1492 ( 696) svchost.exe
size: 21504
PID: 1704 ( 696) spoolsv.exe
size: 127488
PID: 1728 ( 696) svchost.exe
size: 21504
PID: 2012 (1116) atieclxx.exe
size: 303104
PID: 356 (1140) Ati2evxx.exe
size: 610304
PID: 220 ( 696) AERTSrv.exe
size: 77824
PID: 648 ( 696) McProxy.exe
PID: 1800 ( 696) Mcshield.exe
PID: 2144 ( 696) MpfSrv.exe
PID: 2212 ( 696) msksrver.exe
PID: 2300 ( 696) svchost.exe
size: 21504
PID: 2744 ( 696) svchost.exe
size: 21504
PID: 2804 ( 696) SearchIndexer.exe
size: 441344
PID: 2852 ( 696) XAudio.exe
PID: 2896 ( 696) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 3320 (1216) taskeng.exe
size: 169984
PID: 1996 ( 696) mcmscsvc.exe
PID: 5548 ( 696) mcsysmon.exe
PID: 5804 ( 696) McNASvc.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/13/2010 12:05:32 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip


Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9EAC8C7-461E-4757-9725-48483CEBC817}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9EAC8C7-461E-4757-9725-48483CEBC817}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E2719FCD-D6C8-47B0-96E9-2C488C611632}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E2719FCD-D6C8-47B0-96E9-2C488C611632}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

tashi
2010-06-13, 19:37
Hello Ybotspot,

I had a pirated windows 7 ultimate installed & microsoft gave me a day to "fix the problem". I went back to my original install Vista disk, & tried to update but it had tons of problems and now there seems to be some trojan action in between my cmos & the C: drive. is there anyway to get that out??spybot says it's unknown but there's got to be some way?? I Know it came from microsoft...they put it in when I accidently validated (or tried to) my version. ID Care really if I have to stick with the vista My system came with but can I rid my system of Microsofts KB Trojans!!??

Microsoft does not install Trojans, pirated software was likely the culprit. You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)

With a legitimate copy of Vista installed someone can take a look at the system and advise you, :) see the FAQ to post a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22), copy paste the log into it and explain the situation.

Best regards.
----------------------
http://forums.spybot.info/showthread.php?t=58090