Hi,
Wow, some of this Malware has been on this system for YEARS!
Before you do anything else combofix needs to be run from the desktop as advised earlier. You downloaded it to a temp folder (c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Saf52.tmp\ComboFix.exe). Please move it from there to the desktop, or download a fresh copy to your desktop (whichever is easier for you).
After doing that...
1. Open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
http://forums.spybot.info/showthread.php?p=361959#post361959
Collect::
c:\windows\IA\asappsrv.dll
File::
C:\windows\system32\C7.tmp
c:\windows\system32\C6.tmp
c:\windows\system32\C5.tmp
c:\windows\system32\C4.tmp
c:\windows\system32\C3.tmp
c:\windows\system32\C2.tmp
c:\windows\system32\C1.tmp
c:\windows\system32\C0.tmp
c:\windows\system32\BF.tmp
c:\windows\system32\BE.tmp
c:\windows\system32\BD.tmp
c:\windows\system32\BC.tmp
c:\windows\system32\BB.tmp
c:\windows\system32\B9.tmp
c:\windows\system32\B8.tmp
c:\windows\system32\B7.tmp
c:\windows\system32\B6.tmp
c:\windows\system32\B5.tmp
c:\windows\system32\B2.tmp
c:\windows\system32\B1.tmp
c:\windows\system32\B0.tmp
c:\windows\system32\AF.tmp
c:\windows\system32\AE.tmp
c:\windows\system32\AD.tmp
c:\windows\system32\AC.tmp
c:\windows\system32\AB.tmp
c:\windows\system32\AA.tmp
c:\windows\system32\A9.tmp
c:\windows\system32\A8.tmp
c:\windows\system32\A7.tmp
c:\windows\system32\A6.tmp
c:\windows\system32\A5.tmp
c:\windows\system32\A4.tmp
c:\windows\system32\A3.tmp
Folder::
c:\program files\SeekeenSrch
c:\documents and settings\All Users\Application Data\SeekeenSrch
c:\progra~1\COMMON~1\ikzo
c:\program files\Csvnro
Driver:::
SeekeenSrch Service
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sxpv"=-
"Uhqif"=-
"Atdntep"=-
"Dbbxpi"=-
"Wvrmaf"=-
"Mdlhgl"=-
"ikzo"=-
"Csvnro"=-
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:- Combofix.txt
- A new HijackThis log.