Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trj/Agent.ITR: BHO's: 40 vulnerabilities: can't update windows


  • Please log in to reply

#1
LandMan

LandMan

    New Member

  • Member
  • Pip
  • 1 posts
I use this laptop a lot, so am very familiar with its normal operation.

Started getting pop-up and substitutionary ads and found I was infected.
Did a web scan of system with Kaspersky AV then downloaded Kaspersky.

Things I've noticed:
Something was using Microsoft Messenger to communicate. How to I shut that off. I never use it.

I cannot update Windows either. Automatic updates stopped working a while ago because of a problem with pre-loaded trial version of OneNote that I uninstalled. MS genuine advantage apparently recognized traces of the deleted OneNote on the system and determined that it was not a genuine copy and denied the update.

It seems that I am being re-directed from Microsoft update pages to something that looks like microsoft but may not be.

Typing is occasionally strangely sluggish. Concerned that I may have a keystroke or screen logger

Followed the steps in You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide
(http://www.geekstogo...-Log-t2852.html)
Logs follow.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:42 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\D4\D4.exe
C:\PROGRA~1\TEXTBR~1\Bin\INSTAN~1.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Interwise\Participant\pull.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7776F864-757D-40A1-8E48-5E9FF557DD63} - C:\WINDOWS\system32\efcCtTJD.dll (file missing)
O2 - BHO: {abcac50e-2a58-02eb-6e64-b97ab5b510c9} - {9c015b5b-a79b-46e6-be20-85a2e05cacba} - C:\WINDOWS\system32\ptpkcbvy.dll (file missing)
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210850283462
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: fccbYPiG - fccbYPiG.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Unknown owner - C:\PROGRA~1\Iomega\System32\AppServices.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8298 bytes

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-15 06:59:59
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\jeenftbg.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\WINDOWS\system32\gaqocmwv.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location M
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description M
;===============================================================================
=================================================================================
===================
164915 HIGH MS07-035 M
164911 HIGH MS07-031 M
157262 HIGH MS07-022 M
157261 HIGH MS07-021 M
157260 HIGH MS07-020 M
157259 HIGH MS07-019 M
156477 HIGH MS07-017 M
150249 HIGH MS07-013 M
150248 HIGH MS07-012 M
150247 HIGH MS07-011 M
150243 HIGH MS07-008 M
150242 HIGH MS07-007 M
150241 MEDIUM MS07-006 M
141034 HIGH MS06-076 M
141033 MEDIUM MS06-075 M
137571 HIGH MS06-070 M
133387 MEDIUM MS06-065 M
133386 MEDIUM MS06-064 M
133385 MEDIUM MS06-063 M
133379 HIGH MS06-057 M
129977 MEDIUM MS06-053 M
129976 MEDIUM MS06-052 M
126093 HIGH MS06-051 M
126092 MEDIUM MS06-050 M
126087 HIGH MS06-046 M
126082 HIGH MS06-041 M
126081 HIGH MS06-040 M
123421 HIGH MS06-036 M
123420 HIGH MS06-035 M
120823 MEDIUM MS06-030 M
120818 HIGH MS06-025 M
120815 HIGH MS06-022 M
117384 MEDIUM MS06-018 M
114666 HIGH MS06-015 M
108744 MEDIUM MS06-008 M
108742 MEDIUM MS06-006 M
104567 HIGH MS06-002 M
96574 HIGH MS05-053 M
93395 HIGH MS05-051 M
93454 MEDIUM MS05-049 M
;===============================================================================
=================================================================================
===================
Malwarebytes' Anti-Malware 1.12
Database version: 744

Scan type: Quick Scan
Objects scanned: 39562
Time elapsed: 26 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.12
Database version: 744

Scan type: Quick Scan
Objects scanned: 38411
Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4bf8b59a-f4cd-4799-91d5-cfd91b9074b7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f3011214-24aa-434a-a4f1-2ac934aa9838} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger) -> Data: kdwge.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\sgkwnotk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ktonwkgs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdwge.exe (Rootkit.DNSChanger) -> Delete on reboot.
C:\WINDOWS\system32\BSZIP.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pvnsmfor.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel&Rebecca\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
Generated 05/13/2008 at 12:54 PM

Application Version : 3.6.1000

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Complete Scan
Total Scan Time : 02:30:17

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 6648
Registry threats detected : 7
File items scanned : 113348
File threats detected : 10

Undefined Browser Helper Objects
HKLM\Software\Classes\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\InprocServer32
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\InprocServer32#ThreadingModel
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\ProgID
HKCR\CLSID\{523E1640-5EC3-11D2-BCC4-0020AFD4089D}\VersionIndependentProgID
C:\PROGRAM FILES\HOTFAX\SMFAXHELPER.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][2].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][2].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][2].txt

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/13/2008 at 04:21 PM

Application Version : 4.0.1154

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Quick Scan
Total Scan Time : 00:03:31

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 453
Registry threats detected : 0
File items scanned : 5
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][2].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][1].txt
C:\Documents and Settings\Daniel&Rebecca\Cookies\daniel&[email protected][2].txt


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/13/2008 at 05:20 PM

Application Version : 4.0.1154

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Quick Scan
Total Scan Time : 00:05:08

Memory items scanned : 490
Memory threats detected : 1
Registry items scanned : 442
Registry threats detected : 0
File items scanned : 0
File threats detected : 2

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/13/2008 at 06:43 PM

Application Version : 4.0.1154

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Complete Scan
Total Scan Time : 00:12:23

Memory items scanned : 524
Memory threats detected : 1
Registry items scanned : 6255
Registry threats detected : 0
File items scanned : 0
File threats detected : 3

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2008 at 00:29 AM

Application Version : 4.0.1154

Core Rules Database Version : 3459
Trace Rules Database Version: 1450

Scan type : Quick Scan
Total Scan Time : 00:04:44

Memory items scanned : 490
Memory threats detected : 1
Registry items scanned : 433
Registry threats detected : 0
File items scanned : 0
File threats detected : 2

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
C:\WINDOWS\SYSTEM32\PTPKCBVY.DLL
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP