I got home today, turned on my PC and "VIOLA!" Windows tells me that there have been significant changes to my hardware since I activated and I need to reactivate within 3 days.

So, where to begin. No, I have not made any mods to my hardware lately. I have not added anything new. In fact, I haven't even opened the case to dust it in about a month in a half.

I started scouting around a little and found out there is a virus that asks you to reactivate using your CC. Mine does not request this. Additionally, the PC has just been acting screwy the past few days. Seems to be slowing down...like it's gasping or something.

I've run NOD32, which I have, nothing. I ran an online can with Housecall (because Panda Activescan is apparently down), nothing. I ran TrojanHunter, nothing. I'm currently running RootkitRevealer, but that's not looking to promising either. Not sure where to go here.

I was training in Malware Detection with Castlecops up until a month ago when I backed out, so I have a pretty decent knowledge of HijackThis logs and what not. My log comes up clean. The only other thing I can think of is to maybe pull a SilentRunners log and scope it out.

Lian-Li PC61
ASUS A8N-SLI Deluxe
AMD Athlon 3700+ San Diego @ 2.6 gHz stock cooling
eVGA 7800GT
2GB G.SKILL DDR400
WD Carviar 300gb SATA 3.0gb/s
Samsung 17" 740N Monitor
Dr. Peppe

Please post your Hijack This log.

While following jabuck's instruction, you might want to read about Windows activation trojan known to Symantec as Trojan.Kardphisher. Symantec wrote this article last April to warn all internet users.

i_Xp/VistaUser

Thanks, XpUser. This doesn't follow those same patterns, so I don't believe this to be that trojan necessarily. Possibly a variation or something new (if it's even a trojan at all).

Jabuck,

Here you go...I couldn't find anything, maybe you can:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:46 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/h...
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://extranet.cps.ca.gov/rd/wfica.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/c...
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/Onlin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8850 bytes

Lian-Li PC61
ASUS A8N-SLI Deluxe
AMD Athlon 3700+ San Diego @ 2.6 gHz stock cooling
eVGA 7800GT
2GB G.SKILL DDR400
WD Carviar 300gb SATA 3.0gb/s
Samsung 17" 740N Monitor
Dr. Peppe

Looks clean to me.

Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Here you go...nothing jumps out from the 3M or last 30 days. Looks clean also.

ComboFix 08-01-09.2 - Eric 2008-01-15 22:21:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1530 [GMT -8:00]
Running from: C:\Documents and Settings\Eric\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 22:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 16:52 . 2008-01-15 16:52 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\TrojanHunter
2008-01-15 16:14 . 2008-01-15 16:15 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-15 14:06 . 2008-01-15 14:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 01:23 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-15 01:09 . 2008-01-15 01:09 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-15 01:07 . 2008-01-15 01:26 <DIR> d-------- C:\Documents and Settings\Eric\.housecall6.6
2008-01-14 23:09 . 2007-02-22 08:05 90,112 --a------ C:\Progr_.dll
2008-01-12 00:20 . 2008-01-13 01:52 <DIR> d-------- C:\Program Files\Eidos
2008-01-11 22:13 . 2008-01-14 23:34 <DIR> d-------- C:\Program Files\Stardock
2008-01-11 22:13 . 2008-01-15 13:58 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-01-11 18:09 . 2008-01-11 18:09 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-08 21:45 . 2008-01-08 21:45 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-01-08 21:26 . 2008-01-08 21:26 <DIR> d-------- C:\WINDOWS\system32\MSSecurityNS
2008-01-08 21:26 . 2008-01-08 21:26 <DIR> d-------- C:\WINDOWS\MSSecurityNi
2008-01-08 21:26 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-01-08 21:16 . 2008-01-08 21:16 <DIR> d-------- C:\Program Files\Alien Skin
2008-01-08 20:24 . 2008-01-09 18:18 <DIR> d-------- C:\Program Files\UltraISO
2008-01-08 20:24 . 2008-01-08 20:24 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-01-08 20:08 . 2008-01-09 18:15 <DIR> d-------- C:\Program Files\MagicISO
2008-01-07 15:23 . 2008-01-14 22:34 <DIR> d-------- C:\Program Files\Flagship Studios
2008-01-07 11:25 . 2008-01-07 11:25 <DIR> d-------- C:\Program Files\DVD Shrink
2008-01-07 11:25 . 2008-01-07 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-07 10:43 . 2008-01-07 10:43 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-01-06 12:43 . 2008-01-06 12:43 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-06 12:40 . 2008-01-06 12:40 <DIR> d-------- C:\Program Files\TurboTax
2008-01-06 12:40 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-01-06 12:33 . 2008-01-08 21:38 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-01-04 19:59 . 2008-01-04 20:01 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2008-01-04 19:16 . 2008-01-04 19:16 <DIR> d-------- C:\Program Files\ZSoft
2008-01-04 18:02 . 2008-01-04 18:02 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-04 18:02 . 2008-01-06 12:50 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\Intuit
2008-01-04 18:01 . 2006-04-12 10:11 1,933,312 --a------ C:\WINDOWS\system32\cdintf251.dll
2008-01-04 17:58 . 2008-01-04 19:22 <DIR> d-------- C:\Program Files\Intuit
2008-01-04 17:58 . 2008-01-06 12:40 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-01-04 17:58 . 2008-01-06 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-04 17:56 . 2008-01-04 17:56 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-04 17:56 . 2008-01-04 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-01-03 22:05 . 2008-01-03 22:05 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-03 19:04 . 2008-01-03 19:04 <DIR> d-------- C:\Program Files\Handbrake
2008-01-03 19:02 . 2008-01-03 19:02 <DIR> d-------- C:\Program Files\MSBuild
2008-01-03 18:59 . 2008-01-11 18:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-03 18:59 . 2008-01-03 18:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-03 18:59 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-03 18:55 . 2008-01-03 18:56 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-01 13:04 . 2008-01-01 13:04 <DIR> d-------- C:\Program Files\LimeWire
2008-01-01 13:04 . 2008-01-01 13:04 <DIR> d-------- C:\Documents and Settings\Eric\Incomplete
2008-01-01 13:04 . 2008-01-03 19:09 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\LimeWire
2008-01-01 12:59 . 2008-01-01 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-28 16:30 . 2007-12-28 16:30 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-12-28 16:30 . 2007-12-28 16:30 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\Media Player Classic
2007-12-28 16:30 . 2007-08-17 23:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2007-12-26 21:05 . 2007-12-27 14:51 <DIR> d-------- C:\Program Files\Steam
2007-12-25 23:40 . 2007-12-25 23:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-25 21:44 . 2007-12-25 21:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-24 12:22 . 2007-12-24 12:22 <DIR> d-------- C:\Program Files\Maxis
2007-12-24 12:22 . 2007-12-24 12:22 533 --a------ C:\WINDOWS\eReg.dat
2007-12-24 01:42 . 2007-12-24 01:42 <DIR> d-------- C:\WINDOWS\Sun
2007-12-24 01:42 . 2007-12-24 01:55 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-24 01:42 . 2007-12-24 01:42 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\SystemRequirementsLab
2007-12-24 01:41 . 2007-12-24 01:41 <DIR> d-------- C:\Program Files\Java
2007-12-24 01:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-24 01:40 . 2007-12-24 01:40 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-24 01:40 . 2007-12-24 01:41 671 --a------ C:\WINDOWS\mozver.dat
2007-12-23 13:47 . 2007-12-23 13:47 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\Canon
2007-12-22 21:52 . 2007-12-22 22:11 <DIR> d-------- C:\Program Files\Xfire
2007-12-22 21:52 . 2008-01-13 00:16 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\Xfire
2007-12-22 16:58 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-21 14:38 . 2008-01-09 18:14 <DIR> d-------- C:\Program Files\iTunes
2007-12-21 14:38 . 2007-12-21 14:38 <DIR> d-------- C:\Program Files\iPod
2007-12-21 14:37 . 2007-12-21 14:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-21 14:37 . 2007-12-21 14:37 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-21 14:37 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-21 14:30 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-21 14:30 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-19 16:12 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Total Training
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-19 16:06 . 2007-12-19 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-19 16:03 . 2007-12-27 19:22 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\Apple Computer
2007-12-19 15:52 . 2008-01-15 19:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 15:52 . 2007-12-19 15:52 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 15:49 . 2007-12-21 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-19 14:26 . 2008-01-11 18:09 <DIR> d-------- C:\TEMP
2007-12-19 14:17 . 2007-12-19 14:17 408 --a------ C:\WINDOWS\PowerReg.dat
2007-12-19 14:16 . 2007-12-19 14:16 <DIR> d-------- C:\WINDOWS\Corel
2007-12-19 14:16 . 2007-12-19 14:18 <DIR> d-------- C:\Program Files\KnockOut 2
2007-12-19 01:31 . 2008-01-09 17:42 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-19 01:31 . 2008-01-09 17:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-19 01:31 . 2008-01-09 17:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-19 01:30 . 2008-01-09 18:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-19 01:27 . 2008-01-09 18:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-19 01:27 . 2007-12-19 01:27 <DIR> d-------- C:\Documents and Settings\Eric\Application Data\SUPERAntiSpyware.com
2007-12-19 01:27 . 2007-12-19 01:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-19 01:26 . 2007-12-19 01:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-18 01:45 . 2007-12-18 01:45 <DIR> d-------- C:\Program Files\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:19 --------- d-----w C:\Documents and Settings\Eric\Application Data\uTorrent
2008-01-15 06:54 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-14 06:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 06:46 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-13 09:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 02:13 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-10 02:07 --------- d-----w C:\Program Files\Bonjour
2008-01-08 21:46 --------- d-----w C:\Program Files\Starcraft
2007-12-24 09:42 --------- d-----w C:\Documents and Settings\Eric\Application Data\IGN_DLM
2007-12-18 07:56 --------- d-----w C:\Documents and Settings\Eric\Application Data\foobar2000
2007-12-17 02:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 07:07 --------- d-----w C:\Documents and Settings\Eric\Application Data\Mp3tag
2007-12-15 07:06 --------- d-----w C:\Program Files\Mp3tag
2007-12-15 06:52 --------- d-----w C:\Program Files\foobar2000
2007-12-15 04:45 --------- d-----w C:\Program Files\Creative
2007-12-15 04:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-14 21:43 --------- d-----w C:\Program Files\America's Army Server Manager
2007-12-14 21:43 --------- d-----w C:\Program Files\America's Army
2007-12-14 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2007-12-14 15:29 --------- d-----w C:\Program Files\uTorrent
2007-12-14 07:07 --------- d-----w C:\Program Files\Citrix
2007-12-14 07:07 --------- d-----w C:\Documents and Settings\Eric\Application Data\ICAClient
2007-12-14 06:30 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-14 03:36 --------- d-----w C:\Program Files\SpeedFan
2007-12-14 03:07 --------- d-----w C:\Program Files\RegCleaner
2007-12-14 02:52 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-14 02:47 --------- d-----w C:\Program Files\Ahead
2007-12-14 02:45 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-13 23:52 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2007-12-13 21:54 --------- d-----w C:\Documents and Settings\Eric\Application Data\ImgBurn
2007-12-13 21:53 --------- d-----w C:\Program Files\ImgBurn
2007-12-13 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-13 08:19 --------- d-----w C:\Program Files\2K Games
2007-12-13 08:19 --------- d-----w C:\Documents and Settings\Eric\Application Data\InstallShield
2007-12-13 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-13 00:26 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-13 00:23 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-13 00:23 --------- d--h--r C:\Documents and Settings\Eric\Application Data\SecuROM
2007-12-13 00:22 22,328 ----a-w C:\Documents and Settings\Eric\Application Data\PnkBstrK.sys
2007-12-13 00:15 --------- d-----w C:\Program Files\Activision
2007-12-12 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-12 17:53 --------- d-----w C:\Program Files\Microsoft Works
2007-12-12 17:38 --------- d-----w C:\Program Files\Common Files\Control Panels
2007-12-12 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2007-12-12 17:24 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-12 17:20 --------- d-----w C:\Program Files\Download Manager
2007-12-12 16:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-12 16:29 --------- d-----w C:\Program Files\Canon
2007-12-12 16:27 --------- d--h--w C:\Program Files\CanonBJ
2007-12-12 16:27 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-12 16:25 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-12 16:25 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-12 16:25 --------- d-----w C:\Documents and Settings\Eric\Application Data\Creative
2007-12-12 16:24 --------- d-----w C:\Program Files\CCleaner
2007-12-12 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-12-12 16:13 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-05 10:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 09:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 09:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 09:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 09:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 09:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 09:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 09:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 09:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 09:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 09:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 09:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 09:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 09:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 09:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 09:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 09:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 09:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 09:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 09:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 09:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 09:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 09:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 09:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 09:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 09:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 09:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 09:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 09:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 09:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 09:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 09:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 09:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 09:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 09:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 17:30 1191936]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2007-04-05 16:56 94720]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2007-06-28 13:18 335872]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2007-06-26 19:01]
R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2007-04-05 16:56]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2007-04-05 16:57]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2007-04-05 16:57]
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2007-04-05 16:57]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2007-04-05 16:57]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2007-04-05 16:57]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 11:16]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2007-04-05 16:57]
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2007-04-05 16:57]
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2007-04-05 16:57]
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2007-04-05 16:57]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2007-04-05 16:57]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2007-04-05 16:57]
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2007-04-05 16:57]
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2007-04-05 16:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dc32d41-a852-11dc-9320-806d6172696f}]
\Shell\AutoRun\command - D:\Msetup4.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 18:47:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:24:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 22:25:13
.
2008-01-10 01:18:05 --- E O F ---

Lian-Li PC61
ASUS A8N-SLI Deluxe
AMD Athlon 3700+ San Diego @ 2.6 gHz stock cooling
eVGA 7800GT
2GB G.SKILL DDR400
WD Carviar 300gb SATA 3.0gb/s
Samsung 17" 740N Monitor
Dr. Peppe

Download SDFix to your desktop from the following link:

SDFix.exe.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt.

I have the same trojan