Go here to learn how to show hidden files/folders:
Help Centre Home : www.telecom.co.nz/help
Re-hide after we are done
Open notepad(
Must be NotePad) and copy/paste the text in the quotebox below into it:
NOT THE WORD QUOTE
Quote:
File::
c:\windows\system32\fdwbplx.dll
c:\windows\system32\mjpcdiez.dll
c:\windows\system32\lmn_setup.exe
c:\windows\system32\mjpcdiez.dll
c:\windows\system32\qemmpqy.dll
c:\windows\system32\mjpcdiez.dll
c:\windows\Tasks\At2.job
DirLook::
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\zatdzknq
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f77c8e5-9230-4631-b63e-a343cb858e06}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15aebf3b-abd5-4570-bf88-4e8f30997a10}]
|
Save this as
CFScript
Then drag the
CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Also:
Go to next site:
VirusTotal - Free Online Virus and Malware Scan
On top you'll find 'Browse'
Click the browse button and browse to next file:
c:\windows\system32\pool.bin
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
If that one is to busy here is another option:
Online malware scan
And
Virus File Scanner
Please do the same for these:
c:\windows\system32\wininet.dll
c:\program files\zlib1.dll