Results 1 to 2 of 2

Thread: What's up with th KB Trojans??

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    2

    Post What's up with th KB Trojans??

    I had a pirated windows 7 ultimate installed & microsoft gave me a day to "fix the problem". I went back to my original install Vista disk, & tried to update but it had tons of problems and now there seems to be some trojan action in between my cmos & the C: drive. is there anyway to get that out??spybot says it's unknown but there's got to be some way?? I Know it came from microsoft...they put it in when I accidently validated (or tried to) my version. ID Care really if I have to stick with the vista My system came with but can I rid my system of Microsofts KB Trojans!!??

    -- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-01-26 TeaTimer.exe (1.6.4.26)
    2010-06-11 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2010-02-17 Includes\Adware.sbi
    2010-06-08 Includes\AdwareC.sbi
    2010-01-25 Includes\Cookies.sbi
    2009-11-03 Includes\Dialer.sbi
    2010-06-08 Includes\DialerC.sbi
    2010-01-25 Includes\HeavyDuty.sbi
    2009-05-26 Includes\Hijackers.sbi
    2010-06-08 Includes\HijackersC.sbi
    2010-06-02 Includes\iPhone.sbi
    2010-01-20 Includes\Keyloggers.sbi
    2010-06-08 Includes\KeyloggersC.sbi
    2004-11-29 Includes\LSP.sbi
    2010-06-01 Includes\Malware.sbi
    2010-06-09 Includes\MalwareC.sbi
    2010-05-18 Includes\PUPS.sbi
    2010-06-08 Includes\PUPSC.sbi
    2010-01-25 Includes\Revision.sbi
    2009-01-13 Includes\Security.sbi
    2010-06-08 Includes\SecurityC.sbi
    2008-06-03 Includes\Spybots.sbi
    2008-06-03 Includes\SpybotsC.sbi
    2010-03-02 Includes\Spyware.sbi
    2010-06-08 Includes\SpywareC.sbi
    2010-03-08 Includes\Tracks.uti
    2010-06-01 Includes\Trojans.sbi
    2010-06-08 Includes\TrojansC-02.sbi
    2010-06-08 Includes\TrojansC-03.sbi
    2010-06-08 Includes\TrojansC-04.sbi
    2010-06-09 Includes\TrojansC-05.sbi
    2010-06-08 Includes\TrojansC.sbi
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    --- System information ---
    Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
    / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


    --- Startup entries list ---
    Located: HK_LM:Run,
    command:
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, DivXUpdate
    command: "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    file: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    size: 1144104
    MD5: 8D54B8CD5930D2A6137D93C23B60C321

    Located: HK_LM:Run, mcagent_exe
    command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    file: C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 582992
    MD5: 9405B452064BFA6A0F78E2F177A988A4

    Located: HK_LM:Run, MSSE
    command: "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    file: c:\Program Files\Microsoft Security Essentials\msseces.exe
    size: 1093208
    MD5: 5DB28B77A1A75DDDFEED99FB9722C540

    Located: HK_LM:Run, PWRISOVM.EXE
    command: C:\Program Files\PowerISO\PWRISOVM.EXE
    file: C:\Program Files\PowerISO\PWRISOVM.EXE
    size: 180224
    MD5: AA16204FD1F75637E8EAEB593A8FA597

    Located: HK_LM:Run, RoxWatchTray
    command: "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
    file: C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
    size: 244208
    MD5: 0AD1782EDBC87F6C8444D59C382D9197

    Located: HK_LM:Run, RtHDVCpl
    command: RtHDVCpl.exe
    file: C:\Windows\RtHDVCpl.exe
    size: 4907008
    MD5: B503285B5D1CAC5AE445D60C690DCFF9

    Located: HK_LM:Run, StartCCC
    command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    size: 90112
    MD5: 033FF248550305ED52ED2D2844A8A11B

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    file: C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 248040
    MD5: 52DB6CDAC5BC7A1FC884E97C41C91213

    Located: HK_LM:Run, Windows Defender
    command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    file: C:\Program Files\Windows Defender\MSASCui.exe
    size: 1008184
    MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

    Located: HK_CU:Run, DelayShred
    where: .DEFAULT...
    command: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q c:\users\ybot\appdata\local\temp\divA727.SH!
    file: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE
    size: 111904
    MD5: 55518A5FBE4437AC2C3E77EDFDEB59A1

    Located: HK_CU:Run, Sidebar
    where: S-1-5-19...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-19...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 16FC5B430123238E522B18E63C257AF8

    Located: HK_CU:Run, Sidebar
    where: S-1-5-20...
    command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
    file: C:\Program Files\Windows Sidebar\Sidebar.exe
    size: 1233920
    MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

    Located: HK_CU:Run, WindowsWelcomeCenter
    where: S-1-5-20...
    command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
    file: C:\Windows\system32\oobefldr.dll
    size: 2153472
    MD5: 16FC5B430123238E522B18E63C257AF8

    Located: HK_CU:Run, msnmsgr
    where: S-1-5-21-595247605-2489454064-1107388219-1000...
    command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 3872080
    MD5: CCEAA8D97341E1335AFC353C03456288

    Located: HK_CU:Run, Orb
    where: S-1-5-21-595247605-2489454064-1107388219-1000...
    command: "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    file: C:\Program Files\Winamp Remote\bin\OrbTray.exe
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-595247605-2489454064-1107388219-1000...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2144088
    MD5: 896A1DB9A972AD2339C2E8569EC926D1

    Located: HK_CU:Run, DelayShred
    where: S-1-5-18...
    command: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P10 /q c:\users\ybot\appdata\local\temp\divA727.SH!
    file: c:\PROGRA~1\mcafee\mshr\ShrCL.EXE
    size: 111904
    MD5: 55518A5FBE4437AC2C3E77EDFDEB59A1



    --- Browser helper object list ---
    {27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: McAfee Phishing Filter
    CLSID name:

    {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAntiPhishingBHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: McAntiPhishingBHO
    CLSID name: McAfee Phishing Filter
    Path: c:\PROGRA~1\mcafee\msk\
    Long name: mcapbho.dll
    Short name:
    Date (created): 6/13/2010 3:46:12 AM
    Date (last access): 11/26/2007 10:46:10 AM
    Date (last write): 11/26/2007 10:46:10 AM
    Filesize: 324936
    Attributes: archive
    MD5: 4F7DD63B3D09D1CA6C13E53285A1884F
    CRC32: 501C5F38
    Version: 9.1.107.0

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 6/11/2010 4:17:38 PM
    Date (last access): 6/11/2010 4:17:38 PM
    Date (last write): 1/26/2009 3:31:02 PM
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {5C255C8A-E604-49b4-9D64-90988571CECB} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: scriptproxy
    CLSID name: scriptproxy
    Path: C:\Program Files\McAfee\VirusScan\
    Long name: scriptsn.dll
    Short name:
    Date (created): 6/13/2010 3:44:34 AM
    Date (last access): 11/9/2007 12:09:08 PM
    Date (last write): 11/9/2007 12:09:08 PM
    Filesize: 58688
    Attributes: archive
    MD5: 5B9FCB73F5A4A000C55AFF08B639A07C
    CRC32: C78C7E89
    Version: 14.0.0.366

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 1/22/2009 3:41:30 PM
    Date (last access): 6/11/2010 9:44:44 AM
    Date (last write): 1/22/2009 3:41:30 PM
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 6/12/2010 10:48:06 AM
    Date (last access): 6/12/2010 10:48:06 AM
    Date (last write): 6/12/2010 10:48:06 AM
    Filesize: 41760
    Attributes: archive
    MD5: 385BD69743EA92E76CDF07B3345A25D5
    CRC32: D47CB5BA
    Version: 6.0.200.2



    --- ActiveX list ---
    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_20
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 6/12/2010 10:48:06 AM
    Date (last access): 6/12/2010 10:48:06 AM
    Date (last write): 6/12/2010 10:48:06 AM
    Filesize: 108320
    Attributes: archive
    MD5: 3F7C69FF524EC11535342108A350A76F
    CRC32: 28370E95
    Version: 6.0.200.2

    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_20
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 6/12/2010 10:48:06 AM
    Date (last access): 6/12/2010 10:48:06 AM
    Date (last write): 6/12/2010 10:48:06 AM
    Filesize: 108320
    Attributes: archive
    MD5: 3F7C69FF524EC11535342108A350A76F
    CRC32: 28370E95
    Version: 6.0.200.2

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_20
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_20.dll
    Short name: NPJPI1~1.DLL
    Date (created): 6/12/2010 10:48:08 AM
    Date (last access): 6/12/2010 10:48:08 AM
    Date (last write): 6/12/2010 10:48:08 AM
    Filesize: 136992
    Attributes: archive
    MD5: E06930C34F16C8AD24AD79502F40026A
    CRC32: 529E0B62
    Version: 6.0.200.2



    --- Process list ---
    PID: 3092 (1216) C:\Windows\system32\taskeng.exe
    size: 169984
    MD5: E5BBFC283D6F5D69B41E464676361020
    PID: 3132 (1204) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 01DD1004181FD46ECDC3628228EB269D
    PID: 3364 (3044) C:\Windows\Explorer.EXE
    size: 2926592
    MD5: D07D4C3038F3578FFCE1C0237F2A1253
    PID: 3664 (3364) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    size: 248040
    MD5: 52DB6CDAC5BC7A1FC884E97C41C91213
    PID: 3688 (3672) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    size: 49152
    MD5: E681281D9BFC9D45D3B72532717E5880
    PID: 3696 (3364) C:\Windows\RtHDVCpl.exe
    size: 4907008
    MD5: B503285B5D1CAC5AE445D60C690DCFF9
    PID: 3716 (3364) C:\Program Files\Microsoft Security Essentials\msseces.exe
    size: 1093208
    MD5: 5DB28B77A1A75DDDFEED99FB9722C540
    PID: 3728 (3364) C:\Program Files\McAfee.com\Agent\mcagent.exe
    size: 582992
    MD5: 9405B452064BFA6A0F78E2F177A988A4
    PID: 3740 (3364) C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    size: 1144104
    MD5: 8D54B8CD5930D2A6137D93C23B60C321
    PID: 3788 (3364) C:\Program Files\PowerISO\PWRISOVM.EXE
    size: 180224
    MD5: AA16204FD1F75637E8EAEB593A8FA597
    PID: 2888 (3688) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    size: 49152
    MD5: 25CA1677AAA3CDC99CD4FCF940886F3C
    PID: 4684 (3364) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638232
    MD5: 5C9B1062EA7A44E8F6BFDE994B68C7AA
    PID: 4860 (4684) C:\Program Files\Internet Explorer\iexplore.exe
    size: 638232
    MD5: 5C9B1062EA7A44E8F6BFDE994B68C7AA
    PID: 5596 (3364) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 6076 (5596) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2144088
    MD5: 896A1DB9A972AD2339C2E8569EC926D1
    PID: 5060 ( 908) C:\Program Files\McAfee\VirusScan\mcvsshld.exe
    size: 361800
    MD5: 954AE4CBF9D03DAE20EAE00F66AC2A72
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 528 ( 4) smss.exe
    size: 64000
    PID: 596 ( 584) csrss.exe
    size: 6144
    PID: 652 ( 584) wininit.exe
    size: 96768
    PID: 664 ( 644) csrss.exe
    size: 6144
    PID: 696 ( 652) services.exe
    size: 279552
    PID: 708 ( 652) lsass.exe
    size: 9728
    PID: 716 ( 652) lsm.exe
    size: 229888
    PID: 884 ( 644) winlogon.exe
    size: 314368
    PID: 908 ( 696) svchost.exe
    size: 21504
    PID: 968 ( 696) svchost.exe
    size: 21504
    PID: 1032 ( 696) MsMpEng.exe
    PID: 1116 ( 696) atiesrxx.exe
    size: 176128
    PID: 1140 ( 696) Ati2evxx.exe
    size: 610304
    PID: 1176 ( 696) svchost.exe
    size: 21504
    PID: 1204 ( 696) svchost.exe
    size: 21504
    PID: 1216 ( 696) svchost.exe
    size: 21504
    PID: 1308 (1176) audiodg.exe
    size: 88576
    PID: 1328 ( 696) svchost.exe
    size: 21504
    PID: 1344 ( 696) SLsvc.exe
    size: 3408896
    PID: 1400 ( 696) svchost.exe
    size: 21504
    PID: 1492 ( 696) svchost.exe
    size: 21504
    PID: 1704 ( 696) spoolsv.exe
    size: 127488
    PID: 1728 ( 696) svchost.exe
    size: 21504
    PID: 2012 (1116) atieclxx.exe
    size: 303104
    PID: 356 (1140) Ati2evxx.exe
    size: 610304
    PID: 220 ( 696) AERTSrv.exe
    size: 77824
    PID: 648 ( 696) McProxy.exe
    PID: 1800 ( 696) Mcshield.exe
    PID: 2144 ( 696) MpfSrv.exe
    PID: 2212 ( 696) msksrver.exe
    PID: 2300 ( 696) svchost.exe
    size: 21504
    PID: 2744 ( 696) svchost.exe
    size: 21504
    PID: 2804 ( 696) SearchIndexer.exe
    size: 441344
    PID: 2852 ( 696) XAudio.exe
    PID: 2896 ( 696) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 3320 (1216) taskeng.exe
    size: 169984
    PID: 1996 ( 696) mcmscsvc.exe
    PID: 5548 ( 696) mcsysmon.exe
    PID: 5804 ( 696) McNASvc.exe


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 6/13/2010 12:05:32 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9EAC8C7-461E-4757-9725-48483CEBC817}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9EAC8C7-461E-4757-9725-48483CEBC817}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E2719FCD-D6C8-47B0-96E9-2C488C611632}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E2719FCD-D6C8-47B0-96E9-2C488C611632}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] SEQPACKET 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A753465-8AF0-4C0F-A8FE-D10EDFD75DA9}] DATAGRAM 7
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 4: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 5: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS
    Last edited by tashi; 2010-06-13 at 19:31. Reason: Moved from Pacmans Portal Startup programs

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    Hello Ybotspot,
    Quote Originally Posted by Ybotspot View Post
    I had a pirated windows 7 ultimate installed & microsoft gave me a day to "fix the problem". I went back to my original install Vista disk, & tried to update but it had tons of problems and now there seems to be some trojan action in between my cmos & the C: drive. is there anyway to get that out??spybot says it's unknown but there's got to be some way?? I Know it came from microsoft...they put it in when I accidently validated (or tried to) my version. ID Care really if I have to stick with the vista My system came with but can I rid my system of Microsofts KB Trojans!!??
    Microsoft does not install Trojans, pirated software was likely the culprit. You and Windows, a joint effort

    With a legitimate copy of Vista installed someone can take a look at the system and advise you, see the FAQ to post a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start a new topic in the Malware Removal Forum, copy paste the log into it and explain the situation.

    Best regards.
    ----------------------
    http://forums.spybot.info/showthread.php?t=58090
    Last edited by tashi; 2010-06-14 at 16:59. Reason: Added link to new topic
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •