Run this scan:
http://www.pandasoft...n_principal.htm Copy the results. They should be similar to the following exe files.
Reboot into safe mode - lightly tapping F8. Make sure all files are showing.
End the following running processes :
libsysmgr.exe
syslog32.exe
libsysmgr.exe
fmxcbso.exe
To end the process:
1. Press Ctrl+Alt+Delete once.
2. Click Task Manager.
3. Click the Processes tab.
4. Double-click the Image Name column header to alphabetically sort the processes.
5. Scroll through the list and look for any of the file names listed in step 1 of the "Technical Details" section. This file name can vary.
6. If you find the file, click it, and then click End Process.
7. Exit the Task Manager.
Delete these files:
C:\WINDOWS\System32\libsysmgr.exe
C:\WINDOWS\system32\cool.exe
C:\Kituri\Coolweb.exe
C:\WINDOWS\System32\fmxcbso.exe
C:\WINDOWS\System 32\syslog32.exe
REboot.
You may wish to print out a copy of these instructions to follow while you complete this procedure.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click
fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comO2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fmxcbso.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....738&clcid=0x409O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
http://protect.micro...b?1102068303929O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yaho...nst_current.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.ma...ash/swflash.cabREboot.
Download
Ad-aware from:
http://www.geekstogo...n=download&id=5Install the program and launch it.
First, in the main window, look in the bottom right corner and click on
Check for updates now and download the latest reference files.
Next, we need to configure Ad-aware for a full scan.
-> Click on the
Gear icon (second from the left) to access the preferences/settings window
1. In the
General window make sure the following are selected:
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
2. Click on the
Scanning button on the left and select :
- Scan Within Archives
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URL’s
- Scan my Hosts file
- Under Click here to select drives + folders, choose:
- All of your hard drives
-> Click on the
Advanced button on the left and select:
- Include additional process information
- Include additional file information
- Include environment information
- Include additional object details
-> Click the
Tweak button and select:
- Under the Scanning Engine:
- Unload recognized processes during scanning
- Include basic Ad-aware settings in logfile
- Include additional Ad-aware settings in logfile
- Under the Cleaning Engine:
- Let Windows remove files in use at next reboot
-> Click on
Proceed to save the settings.
-> Click
Start and on the next screen choose
Activate in-depth Scan at the bottom of the page and then choose:
- Use Custom Scanning Options
-> Click
Next and
Ad-aware will scan your hard drive(s) with the options you have selected.
-> Save the log file when it asks and then click
Finish-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose
Select All from the drop down menu and click
Next).
Please delete your temporary files. Double Click
My Computer (WinXP: Navigate to Start --->My Computer) You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click
Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle BinClick
OK and Disk Cleanup will delete those files for you.
->
Reboot your computer.
If you would please, rescan with HijackThis and post a fresh log in this same topic. We need the new version of Hijack This. You have an old version. Look for 1.98.2 at the top. The old version doesn't catch all the bad stuff.