Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
Before doing any fixing....
Please download the Suspicious File Packer
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:
C:\WINDOWS\system32\bpqsrdi.dll
C:\WINDOWS\system32\eswyvfl.dll
C:\WINDOWS\system32\jdzsnmj.dll
C:\WINDOWS\system32\jnhbbfuk.dll
C:\WINDOWS\system32\jspvkdql.dll
C:\WINDOWS\system32\luyhsser.dll
C:\WINDOWS\system32\nhiiuxj.dll
C:\WINDOWS\system32\rzhjmkud.dll
C:\WINDOWS\system32\winbfi32.dll
Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site
http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.
You should receive notice that the file was successfully submitted. Once it has been, you can delete the cab file created.
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist
(make sure you do not miss any) and click
Fix Checked
O2 - BHO: (no name) - {22D4A607-B97E-2EA8-0CA2-051A936DF118} - C:\WINDOWS\system32\rnsckan.dll (file missing)
O4 - HKLM\..\Run: [xfxqeul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xfxqeul.dll,zmalub
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [wozu] C:\PROGRA~1\COMMON~1\wozu\wozum.exe
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\system32\DOBE~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [Idufba] "C:\Documents and Settings\Owner.notebook\My Documents\F?nts\?xplorer.exe"
O4 - HKCU\..\Run: [Xunqxlo] "C:\Program Files\??mbols\l?gonui.exe"
Close HijackThis now.
---------------------------------------------------------------------------------------------
Run ComboFix again using these instructions:
Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\combofix.exe" /v winbfi32 vtuvtts xfxqeul nhiiuxj ypcos bpqsrdi eswyvfl jdzsnmj jnhbbfuk jspvkdql luyhsser rzhjmkud
When finished, it shall produce a log for you, which will again be named C:\ComboFix/txt. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Download
AVG Anti Spyware
Use the link at the bottom of the page under
"AVG Anti-Spyware Free for Windows"
- Install AVG Anti Spyware
- Double-click the icon on Desktop to launch AVG
- On the main Status screen, under Your Computer's Security, click Resident Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
- Then click on Start Update. The update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
When you have finished updating,
EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
---------------------------------------------------------------------------------------------
Download and install
CleanUp!
NOTE: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe
Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
---------------------------------------------------------------------------------------------
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.
Delete the following
Files and
Folders if they exist:
C:\Program Files\Common Files\?asks<<<Created on 2007-05-04 Check properties. May appear as Tasks
C:\Program Files\Common Files\çasks<<<Created on 2007-05-02 Check properties. May appear as Tasks
C:\Program Files\Common Files\wozu
C:\WINDOWS\system32\àdobe<<<Created on 2007-05-03 Check Properties
smanager.7.exe<<<Search for this via Start>Search>All Files and Folders
C:\WINDOWS\system32\wnstssv32.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\wozu
---------------------------------------------------------------------------------------------
Run
Cleanup! using the following configuration:
Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "
Options..."
Move the arrow down to "
Custom CleanUp!"
Put a check next to the following (
Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files (if present)
- Cleanup! All Users
- Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click
OK
Press the
CleanUp! button to start the program.. Do NOT Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
Run
AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
- If you have any infections you will prompted, then select "Apply all actions"
- Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
Restart in normal mode.
---------------------------------------------------------------------------------------------
Perform an online scan with Internet Explorer with
Panda ActiveScan- Click on
located at the bottom of the page.
- A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on
then click 
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
---------------------------------------------------------------------------------------------
Please return with results from:
ComboFix (C:\ComboFix.txt)
AVG Anti-Spyware
Panda online scan
HJT