Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:
Please note any other programs that you dont recognize in that list in your next response
---------------
Do a HijackThis scan & place a check next to these items and select "Fix checked":
O2 - BHO: (no name) - {1368106D-2E42-4172-89A5-6CAEE6867FF6} - C:\WINDOWS\system32\ssqrq.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive4.dll (file missing)
O2 - BHO: (no name) - {9317a54d-01eb-44d4-9359-6864ce934c8a} - C:\WINDOWS\system32\hgbeifm.dll (file missing)
O2 - BHO: 0 - {F7E22B43-DB34-4695-A1B2-CB22DE4FA9ED} - C:\Program Files\Windows NT\lavupagob.dll (file missing)
O4 - HKLM\..\Run: [FolderView] rundll32.exe "C:\WINDOWS\system32\prwxgqao.dll",sitypnow
O20 - Winlogon Notify: opnlkkk - opnlkkk.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
---------------
Open
notepad and copy/paste the text in the quotebox below into it:
Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/185522-several-viruses-including-trojan-downloader-trojan-galgar-dy.html
Collect::
C:\WINDOWS\SYSTEM32\yosauvec.dll
C:\WINDOWS\SYSTEM32\ldqmbpht.dll
C:\WINDOWS\SYSTEM32\mdljtdgr.dll
C:\WINDOWS\SYSTEM32\mrupskje.dll
C:\WINDOWS\SYSTEM32\yjijamwp.dll
C:\WINDOWS\SYSTEM32\bioepset.dll
File::
C:\WINDOWS\SYSTEM32\qrqss.bak1
C:\WINDOWS\SYSTEM32\akeeusxk.dll
C:\WINDOWS\SYSTEM32\qrqss.bak2
C:\WINDOWS\SYSTEM32\qqlnqdsx.dll
C:\WINDOWS\SYSTEM32\hhhkj.bak1
C:\WINDOWS\SYSTEM32\hhhkj.bak2
Folder::
C:\WINDOWS\SYSTEM32\GB9
C:\WINDOWS\SYSTEM32\DL1
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\LocalService\Application Data\NetMon
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1368106D-2E42-4172-89A5-6CAEE6867FF6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9317a54d-01eb-44d4-9359-6864ce934c8a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7E22B43-DB34-4695-A1B2-CB22DE4FA9ED}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FolderView"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkkk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
Save this as "
CFScript"
Refering to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, lease submit this file to
http://www.bleepingcomputer.com/subm....php?channel=4
---------------
Click here perform an online scan >>
Online Scanner
Follow the guide to the letter. I need a complete scan
---------------
In your next post, please include fresh logs from:
- Fresh Hijackthis log taken just before replying
- Online scan
- ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps &
update us on how the computer behaves now
__________________
Question - what have you done for the community today?