new ComboFix run log (with pasted code to startup)
ComboFix 10-03-01.01 - Compaq_Administrator 03/01/2010 17:55:44.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.702.364 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FILE ::
"c:\windows\system32\A3.tmp"
"c:\windows\system32\A4.tmp"
"c:\windows\system32\A5.tmp"
"c:\windows\system32\A6.tmp"
"c:\windows\system32\A7.tmp"
"c:\windows\system32\A8.tmp"
"c:\windows\system32\A9.tmp"
"c:\windows\system32\AA.tmp"
"c:\windows\system32\AB.tmp"
"c:\windows\system32\AC.tmp"
"c:\windows\system32\AD.tmp"
"c:\windows\system32\AE.tmp"
"c:\windows\system32\AF.tmp"
"c:\windows\system32\B0.tmp"
"c:\windows\system32\B1.tmp"
"c:\windows\system32\B2.tmp"
"c:\windows\system32\B5.tmp"
"c:\windows\system32\B6.tmp"
"c:\windows\system32\B7.tmp"
"c:\windows\system32\B8.tmp"
"c:\windows\system32\B9.tmp"
"c:\windows\system32\BB.tmp"
"c:\windows\system32\BC.tmp"
"c:\windows\system32\BD.tmp"
"c:\windows\system32\BE.tmp"
"c:\windows\system32\BF.tmp"
"c:\windows\system32\C0.tmp"
"c:\windows\system32\C1.tmp"
"c:\windows\system32\C2.tmp"
"c:\windows\system32\C3.tmp"
"c:\windows\system32\C4.tmp"
"c:\windows\system32\C5.tmp"
"c:\windows\system32\C6.tmp"
"c:\windows\system32\C7.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\SeekeenSrch
c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen147.exe
c:\documents and settings\All Users\Application Data\SeekeenSrch\seekeen155.exe
c:\progra~1\COMMON~1\ikzo
c:\progra~1\COMMON~1\ikzo\ikzoa.exe
c:\progra~1\COMMON~1\ikzo\ikzoa.lck
c:\progra~1\COMMON~1\ikzo\ikzod\class-barrel
c:\progra~1\COMMON~1\ikzo\ikzod\ikzoc.dll
c:\progra~1\COMMON~1\ikzo\ikzol.exe
c:\progra~1\COMMON~1\ikzo\ikzol.lck
c:\progra~1\COMMON~1\ikzo\ikzom.exe
c:\progra~1\COMMON~1\ikzo\ikzom.lck
c:\progra~1\COMMON~1\ikzo\ikzop.exe
c:\progra~1\COMMON~1\ikzo\ikzop.lck
c:\program files\Csvnro
c:\program files\Csvnro\Csvnro.exe
c:\program files\SeekeenSrch
c:\program files\SeekeenSrch\home.js
c:\program files\SeekeenSrch\readme.html
c:\program files\SeekeenSrch\seekeen.dll
c:\program files\SeekeenSrch\seekeen.exe
c:\program files\SeekeenSrch\skopt.exe
c:\program files\SeekeenSrch\uninstall.exe
c:\windows\system32\A3.tmp
c:\windows\system32\A4.tmp
c:\windows\system32\A5.tmp
c:\windows\system32\A6.tmp
c:\windows\system32\A7.tmp
c:\windows\system32\A8.tmp
c:\windows\system32\A9.tmp
c:\windows\system32\AA.tmp
c:\windows\system32\AB.tmp
c:\windows\system32\AC.tmp
c:\windows\system32\AD.tmp
c:\windows\system32\AE.tmp
c:\windows\system32\AF.tmp
c:\windows\system32\B0.tmp
c:\windows\system32\B1.tmp
c:\windows\system32\B2.tmp
c:\windows\system32\B5.tmp
c:\windows\system32\B6.tmp
c:\windows\system32\B7.tmp
c:\windows\system32\B8.tmp
c:\windows\system32\B9.tmp
c:\windows\system32\BB.tmp
c:\windows\system32\BC.tmp
c:\windows\system32\BD.tmp
c:\windows\system32\BE.tmp
c:\windows\system32\BF.tmp
c:\windows\system32\C0.tmp
c:\windows\system32\C1.tmp
c:\windows\system32\C2.tmp
c:\windows\system32\C3.tmp
c:\windows\system32\C4.tmp
c:\windows\system32\C5.tmp
c:\windows\system32\C6.tmp
c:\windows\system32\C7.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SEEKEENSRCH_SERVICE
-------\Service_SeekeenSrch Service
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.
2010-03-01 00:08 . 2010-03-01 00:08 293376 ----a-w- C:\2outg8ml.exe
2010-02-28 16:40 . 2010-02-28 16:41 -------- d-----w- c:\program files\ERUNT
2010-02-28 16:25 . 2010-02-28 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth
2010-02-28 16:24 . 2010-02-28 16:24 60512 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-28 16:06 . 2010-02-28 16:06 -------- d-----w- c:\windows\ServicePackFiles
2010-02-28 16:05 . 2010-02-28 16:05 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 23:11 . 2010-02-26 23:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 19:49 . 2007-06-10 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-03-01 19:43 . 2007-08-16 18:01 -------- d-----w- c:\program files\iTunes
2010-03-01 19:43 . 2007-08-16 17:59 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 19:42 . 2007-08-16 18:01 -------- d-----w- c:\program files\iPod
2010-03-01 19:26 . 2008-06-25 12:54 -------- d-----w- c:\program files\Internet Chess Club
2010-03-01 19:22 . 2007-01-31 21:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Netscape
2010-03-01 19:19 . 2007-01-13 17:57 -------- d-----w- c:\program files\Rhapsody
2010-03-01 19:18 . 2007-05-12 01:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Atari
2010-02-26 23:49 . 2008-07-23 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-26 23:06 . 2007-08-16 18:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer
2009-12-31 16:14 . 2004-08-09 21:00 352640 ------w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:35 . 2004-08-09 21:00 668672 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:35 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-09 21:00 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-09 21:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2004-08-10 04:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-10 04:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-09 21:00 453760 ------w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-22 180269]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-10 1474560]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [1/10/2009 8:16 PM 517632]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
AddRemove-SeekeenSrch - c:\program files\SeekeenSrch\uninstall.exe
AddRemove-Csvnro - c:\program files\Csvnro\Csvnro.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 18:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
.
**************************************************************************
.
Completion time: 2010-03-01 18:05:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-01 23:05
ComboFix2.txt 2010-03-01 22:48
ComboFix3.txt 2010-03-01 18:18
Pre-Run: 94,738,001,920 bytes free
Post-Run: 94,696,960,000 bytes free
- - End Of File - - EDB6E351B8194884D6EF4F82B8FAB408