Started getting pop-up and substitutionary ads and found I was infected.
Did a web scan of system with Kaspersky AV then downloaded Kaspersky.
Things I've noticed:
Something was using Microsoft Messenger to communicate. How to I shut that off. I never use it.
I cannot update Windows either. Automatic updates stopped working a while ago because of a problem with pre-loaded trial version of OneNote that I uninstalled. MS genuine advantage apparently recognized traces of the deleted OneNote on the system and determined that it was not a genuine copy and denied the update.
It seems that I am being re-directed from Microsoft update pages to something that looks like microsoft but may not be.
Typing is occasionally strangely sluggish. Concerned that I may have a keystroke or screen logger
Followed the steps in You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide
(http://www.geekstogo...-Log-t2852.html)
Logs follow.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:42 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\D4\D4.exe
C:\PROGRA~1\TEXTBR~1\Bin\INSTAN~1.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Interwise\Participant\pull.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7776F864-757D-40A1-8E48-5E9FF557DD63} - C:\WINDOWS\system32\efcCtTJD.dll (file missing)
O2 - BHO: {abcac50e-2a58-02eb-6e64-b97ab5b510c9} - {9c015b5b-a79b-46e6-be20-85a2e05cacba} - C:\WINDOWS\system32\ptpkcbvy.dll (file missing)
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210850283462
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: fccbYPiG - fccbYPiG.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Unknown owner - C:\PROGRA~1\Iomega\System32\AppServices.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8298 bytes
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-15 06:59:59
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\jeenftbg.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\gaqocmwv.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location M
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description M
;===============================================================================
=================================================================================
===================
164915 HIGH MS07-035 M
164911 HIGH MS07-031 M
157262 HIGH MS07-022 M
157261 HIGH MS07-021 M
157260 HIGH MS07-020 M
157259 HIGH MS07-019 M
156477 HIGH MS07-017 M
150249 HIGH MS07-013 M
150248 HIGH MS07-012 M
150247 HIGH MS07-011 M
150243 HIGH MS07-008 M
150242 HIGH MS07-007 M
150241 MEDIUM MS07-006 M
141034 HIGH MS06-076 M
141033 MEDIUM MS06-075 M
137571 HIGH MS06-070 M
133387 MEDIUM MS06-065 M
133386 MEDIUM MS06-064 M
133385 MEDIUM MS06-063 M
133379 HIGH MS06-057 M
129977 MEDIUM MS06-053 M
129976 MEDIUM MS06-052 M
126093 HIGH MS06-051 M
126092 MEDIUM MS06-050 M
126087 HIGH MS06-046 M
126082 HIGH MS06-041 M
126081 HIGH MS06-040 M
123421 HIGH MS06-036 M
123420 HIGH MS06-035 M
120823 MEDIUM MS06-030 M
120818 HIGH MS06-025 M
120815 HIGH MS06-022 M
117384 MEDIUM MS06-018 M
114666 HIGH MS06-015 M
108744 MEDIUM MS06-008 M
108742 MEDIUM MS06-006 M
104567 HIGH MS06-002 M
96574 HIGH MS05-053 M
93395 HIGH MS05-051 M
93454 MEDIUM MS05-049 M
;===============================================================================
=================================================================================
===================
Malwarebytes' Anti-Malware 1.12
Database version: 744
Scan type: Quick Scan
Objects scanned: 39562
Time elapsed: 26 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.12
Database version: 744
Scan type: Quick Scan
Objects scanned: 38411
Time elapsed: 14 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4bf8b59a-f4cd-4799-91d5-cfd91b9074b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f3011214-24aa-434a-a4f1-2ac934aa9838} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger) -> Data: kdwge.exe -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\sgkwnotk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ktonwkgs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdwge.exe (Rootkit.DNSChanger) -> Delete on reboot.
C:\WINDOWS\system32\BSZIP.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pvnsmfor.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel&Rebecca\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
Generated 05/13/2008 at 12:54 PM
Application Version : 3.6.1000
Core Rules Database Version : 3459
Trace Rules Database Version: 1450
Scan type : Complete Scan
Total Scan Time : 02:30:17
Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 6648
Registry threats detected : 7
File items scanned : 113348
File threats detected : 10
Undefined Browser Helper Objects
HKLM\Software\Classes\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\InprocServer32
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\InprocServer32#ThreadingModel
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\ProgID
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\VersionIndependentProgID
C:\PROGRAM FILES\HOTFAX\SMFAXHELPER.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@findwhat[1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@doubleclick[1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@advertising[2].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@atdmt[2].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@questionmarket[1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@enhance[2].txt
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/13/2008 at 04:21 PM
Application Version : 4.0.1154
Core Rules Database Version : 3459
Trace Rules Database Version: 1450
Scan type : Quick Scan
Total Scan Time : 00:03:31
Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 453
Registry threats detected : 0
File items scanned : 5
File threats detected : 4
Adware.Tracking Cookie
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@doubleclick[1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][2].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&rebecca@dealtime[2].txt
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/13/2008 at 05:20 PM
Application Version : 4.0.1154
Core Rules Database Version : 3459
Trace Rules Database Version: 1450
Scan type : Quick Scan
Total Scan Time : 00:05:08
Memory items scanned : 490
Memory threats detected : 1
Registry items scanned : 442
Registry threats detected : 0
File items scanned : 0
File threats detected : 2
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/13/2008 at 06:43 PM
Application Version : 4.0.1154
Core Rules Database Version : 3459
Trace Rules Database Version: 1450
Scan type : Complete Scan
Total Scan Time : 00:12:23
Memory items scanned : 524
Memory threats detected : 1
Registry items scanned : 6255
Registry threats detected : 0
File items scanned : 0
File threats detected : 3
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/14/2008 at 00:29 AM
Application Version : 4.0.1154
Core Rules Database Version : 3459
Trace Rules Database Version: 1450
Scan type : Quick Scan
Total Scan Time : 00:04:44
Memory items scanned : 490
Memory threats detected : 1
Registry items scanned : 433
Registry threats detected : 0
File items scanned : 0
File threats detected : 2
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL