Well, I can say, that I'm not getting pop-ups anymore.
ComboFix log:
ComboFix 08-01-18.4 - Administrator 2008-01-18 21:39:46.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1257.1.1033.18.1569 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\system32\drivers\core.cache.dsk
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\ativpsrm.bin
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\LHidKEE.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_LHIDKEE
-------\LHidKEE
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.
2008-01-18 16:30 . 2008-01-18 16:30 <DIR> d-------- C:\Program Files\DivX
2008-01-18 14:17 . 2008-01-18 14:17 <DIR> d-------- C:\Deckard
2008-01-17 19:10 . 2008-01-17 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-16 20:28 . 2008-01-16 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-16 20:27 . 2008-01-16 20:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-16 19:43 . 2008-01-16 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-16 18:48 . 2008-01-16 18:48 <DIR> d-------- C:\Program Files\PowerISO
2008-01-16 16:14 . 2008-01-16 20:44 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-16 16:14 . 2008-01-16 16:14 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-01-16 16:13 . 2008-01-16 16:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-16 16:13 . 2008-01-16 20:44 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-16 16:13 . 2008-01-16 20:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-16 16:13 . 2008-01-16 16:13 319 --a------ C:\WINDOWS\game.ini
2008-01-16 16:06 . 2008-01-16 16:06 <DIR> d-------- C:\Program Files\Activision
2008-01-16 16:05 . 2008-01-16 16:05 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-16 15:44 . 2008-01-16 15:44 <DIR> d-------- C:\WINDOWS\%DownloadedProgramFiles%
2008-01-16 15:41 . 2006-07-27 13:52 367 --a------ C:\WINDOWS\system32\LegitCheckControl.inf
2008-01-15 09:40 . 2008-01-15 09:40 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-01-14 21:48 . 2008-01-14 21:51 2,392 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-14 21:19 . 2008-01-14 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-14 21:19 . 2008-01-14 21:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2008-01-14 21:18 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-01-14 21:18 . 2007-11-15 10:07 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-14 21:18 . 2007-11-15 10:07 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-14 21:18 . 2007-11-15 10:07 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-14 21:18 . 2007-11-15 10:07 76,304 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-14 21:18 . 2008-01-14 21:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-14 21:18 . 2008-01-14 21:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-01-14 21:18 . 2008-01-14 21:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-14 21:17 . 2008-01-14 21:17 <DIR> d-------- C:\Program Files\Logitech
2008-01-14 21:17 . 2008-01-14 21:18 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-14 21:17 . 2008-01-14 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-14 21:13 . 2008-01-16 15:45 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-14 21:01 . 2008-01-14 21:01 <DIR> d-------- C:\Program Files\Winamp
2008-01-14 21:01 . 2008-01-14 21:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-01-14 16:32 . 2008-01-14 16:32 <DIR> d-------- C:\Program Files\game
2008-01-13 22:11 . 2008-01-13 22:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-13 20:34 . 2008-01-13 20:34 <DIR> d-------- C:\Program Files\MoveOnBoot
2008-01-13 20:34 . 2008-01-13 20:34 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-01-13 20:18 . 2008-01-13 20:40 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-13 14:05 . 2008-01-13 14:05 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-01-13 02:49 . 2008-01-18 15:26 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-01-13 02:34 . 2008-01-13 02:34 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-01-13 01:38 . 2008-01-13 01:38 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-01-13 01:38 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-01-13 01:38 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-01-13 00:58 . 2008-01-13 00:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Styler
2008-01-13 00:57 . 2008-01-13 21:58 <DIR> d-------- C:\Program Files\Styler
2008-01-13 00:44 . 2008-01-13 00:44 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-01-13 00:40 . 2008-01-13 00:40 0 --------- C:\WINDOWS\WB.ini
2008-01-13 00:31 . 2008-01-13 00:48 <DIR> d-------- C:\VISTA PACK 2
2008-01-13 00:17 . 2008-01-13 14:05 <DIR> d-------- C:\Program Files\Stardock
2008-01-13 00:17 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-01-12 23:22 . 2008-01-12 23:22 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2008-01-12 20:38 . 2008-01-15 17:16 <DIR> d-------- C:\Program Files\Steam
2008-01-12 15:18 . 2000-05-21 23:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-01-12 15:18 . 1999-05-06 16:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-01-12 15:18 . 2000-05-21 22:00 83,144 --a------ C:\WINDOWS\system32\picclp32.ocx
2008-01-12 15:18 . 2001-04-26 16:12 57,399 --a------ C:\WINDOWS\system32\Registry.ocx
2008-01-12 14:15 . 2008-01-12 14:15 <DIR> d-------- C:\Program Files\Uniblue
2008-01-12 14:15 . 2008-01-12 14:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-01-12 13:25 . 2008-01-12 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 13:21 . 2008-01-12 13:21 <DIR> d-------- C:\Program Files\Ares
2008-01-12 13:20 . 2008-01-12 13:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 13:17 . 2001-08-23 13:00 39,274 --a------ C:\WINDOWS\system32\mem.exe
2008-01-12 13:16 . 2008-01-12 13:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-12 13:16 . 2008-01-12 13:16 2,855 --a------ C:\WINDOWS\system32\mem.PIF
2008-01-12 12:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 12:19 . 2008-01-12 12:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-12 12:19 . 2008-01-12 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 12:03 . 2008-01-17 22:15 293 --a------ C:\WINDOWS\wininit.ini
2008-01-12 11:45 . 2008-01-12 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 11:44 . 2008-01-17 22:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-12 11:44 . 2008-01-12 12:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 11:44 . 2008-01-12 11:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-12 11:38 . 2008-01-12 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 11:30 . 2008-01-12 11:30 <DIR> d-------- C:\WINDOWS\Sun
2008-01-12 11:30 . 2008-01-12 11:30 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-12 11:30 . 2008-01-12 11:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-12 11:29 . 2008-01-12 11:29 <DIR> d-------- C:\Program Files\Java
2008-01-12 11:29 . 2008-01-12 11:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-12 11:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-12 00:40 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-12 00:40 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-12 00:40 . 2006-08-21 14:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-11 22:50 . 2008-01-11 22:50 <DIR> d-------- C:\Program Files\CCleaner
2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d-------- C:\Program Files\Launchy
2008-01-11 22:45 . 2008-01-11 22:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Launchy
2008-01-11 22:34 . 2008-01-16 18:10 <DIR> d-------- C:\OC Programmid
2008-01-11 22:32 . 2008-01-11 22:32 <DIR> d-------- C:\Program Files\FOXCONN
2008-01-11 21:50 . 2007-07-09 15:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-11 21:45 . 2006-12-07 07:29 2,374,472 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-01-11 21:13 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-11 21:13 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-11 21:13 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-11 20:54 . 2006-06-29 08:05 23,552 --a------ C:\WINDOWS\system32\normaliz.dll
2008-01-11 20:54 . 2006-09-01 08:44 8,798 --a------ C:\WINDOWS\system32\icrav03.rat
2008-01-11 20:50 . 2008-01-18 21:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 20:50 . 2008-01-11 20:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 20:49 . 2008-01-11 20:49 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 17:06 --------- d-----w C:\Program Files\ATI Technologies
2008-01-16 14:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 23:38 --------- d-----w C:\Program Files\Realtek
2008-01-11 20:24 --------- d-----w C:\Program Files\AMD
2008-01-11 15:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-01-11 14:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-11 14:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-01-11 14:31 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-20 16:00 4,637,696 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-12-20 14:47 16,860,672 ----a-w C:\WINDOWS\RTHDCPL.exe
2007-11-20 17:09 104,320 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-11-20 16:15 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-11-07 15:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-10-25 08:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 18:17 39,424 ----a-w C:\WINDOWS\runtime.exe
2007-10-19 17:43 491,520 ----a-w C:\WINDOWS\dependencies.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-18_16.52.25.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 14:49:01 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
+ 2008-01-18 19:39:40 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000001\NTUSER.DAT
- 2008-01-18 14:49:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
+ 2008-01-18 19:39:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000002\UsrClass.dat
- 2008-01-18 14:49:01 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
+ 2008-01-18 19:39:41 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000003\NTUSER.DAT
- 2008-01-18 14:49:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
+ 2008-01-18 19:39:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000004\UsrClass.dat
- 2008-01-18 14:49:02 2,658,304 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\NTUSER.DAT
+ 2008-01-18 19:39:41 2,658,304 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000005\NTUSER.DAT
- 2008-01-18 14:49:02 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2008-01-18 19:39:41 221,184 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 11:04 521128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16:47 16860672 C:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2008-01-11 22:45:44]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-14 21:18:07]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 11:04]
S3 FXDrv32;FXDrv32;E:\FXDrv32.sys []
S3 FXExSS;FXExSS;C:\Program Files\FOXCONN\FOX ONE\FXExSS32.sys [2007-01-24 16:04]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 18:49:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-18 21:42:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.
Completion time: 2008-01-18 21:43:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 19:43:39
ComboFix2.txt 2008-01-18 14:52:46
.
2008-01-16 20:39:44 --- E O F ---