LDTate

http://www.eset.eu/online-scanner Go here to run an online scannner from ESET. Click the green ESET Online Scanner button. Read the End User License Agreement and check the box: YES, I accept the Terms of Use. Click on the Start button next to it. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component. A new window will appear asking "Do you want to install this software?"". Answer Yes to download and install the ActiveX controls that allows the scan to run. Click Start. Check Remove found threats and Scan potentially unwanted applications. Click Scan to begin. If offered the option to get information or buy software. Just close the window. Wait for the scan to finish Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic.

I can't find any information on either of these: c:\documents and settings\LocalService\Application Data\bawuho.dat c:\windows\system32\config\systemprofile\Application Data\bawuho.dat Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis: c:\documents and settings\LocalService\Application Data\bawuho.dat Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. If virscan.org is too busy you can try these. http://virscan.org/ http://www.kaspersky.com/scanforvirus.html http://www.virustotal.com/en/indexf.html

We need to get a copy of a file. Copy/paste the text in the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. http://forums.malwarebytes.org/index.php?showtopic=61517 Collect:: c:\windows\system32\drivers\chttq.sys Driver:: chttq Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\chttq] Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Drag CFScript.txt into ComboFix.exe Then post the results log using Copy / Paste Also please describe how your computer behaves at the moment.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Vista and Windows 7 users: 1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator") Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: XP Users Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Uncheck "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Uncheck "Hide protected operating system files." Click Apply, and then click OK. Vista Users To enable the viewing of hidden and protected system files in Windows Vista please follow these steps: Close all programs so that you are at your desktop. Click on the Start button. This is the small round button with the Windows flag in the lower left corner. Click on the Control Panel menu option. When the control panel opens you can either be in Classic View or Control Panel Home view: If you are in the Classic View do the following: Double-click on the Folder Options icon. Click on the View tab. If you are in the Control Panel Home view do the following: Click on the Appearance and Personalization link. Click on Show Hidden Files or Folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Please do not delete anything unless instructed to. We've been seeing some Java infections lately. Go here and follow the instructions to clear your Java Cache Next: Please download ATF Cleaner by Atribune. Download - ATF Cleaner

I think it's called growing pains but good growing pains just the same.MBAM is probubly the most used anti-malware tool used at help sites today as well as in personal / company usage for protection.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Vista and Windows 7 users: 1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator") Stay with this topic until I give you the all clean post. You might want to print these instructions out. Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Ensure all Firefox windows are closed. To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista). When prompted to run the scan, click Yes. It doesn't take long to run, once it is finished move onto the next step Next: Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. please post the contents of that log TDSSKiller and GooredFix log.

Welcome aboard Merijn

That will re-install Windows. You don't want to reformat, just repair the OS. I don't see any other options if you can't run any tools.

At this point I'd suggest a Repair Install Vista Repair Install http://vistasupport.mvps.org/windows_vista...air_options.htm

Try renaming that file to either ABCD.exe or ABCD.com

Lets try this. Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop. * IMPORTANT !!! Save ComboFix.exe to your Desktop Link 1 Link 2 Double click on the ABCD.exe ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.

My only suggestion at this point is a repair install Vista Repair Install http://vistasupport.mvps.org/windows_vista...air_options.htm

Lets see if we can get this to work. Download Dr.Web CureIt to the desktop: Doubleclick the drweb-cureit icon to start the program. press start Allow the program to run the initial express scan This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan. Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it. Once the scan is complete, the results will be displayed on the menu bar, click file and choose report list. Save the report to your desktop. The report will be called DrWeb.csv Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum. Close Dr.Web Cureit. Please post the Dr.Web.txt report in your next reply If you're not able to get it to run, try this. Pay a visit to the Kaspersky Online Scanner 7 - I.E. is preferred for this scan. Read the Information panel and then click Accept. Allow the ActiveX download if necessary. Both the anti-virus engine and database will need to be downloaded, which may take a little time. Once this has been completed, select My Computer from the Scan section on the left hand side. Put the kettle on! Although it is recommended by Kaspersky that you should disable your anti-virus scanner before starting this scan, it should work OK with it still active - it does on my PC. Although you may find the scan speed increases if you carry out this step, I never like to disable my resident scanner while online, so I don't. When the scan has completed, click View scan report at the bottom. Click Save Report As... Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt) Click Save and pick a location for the file - the Desktop is always handy. Copy and paste the report into your next reply along with a fresh HJT log, run in Normal Mode, and a description of how your PC is behaving. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Lets see if we can get an online scan done. Pay a visit to the Kaspersky Online Scanner 7 - I.E. is preferred for this scan. Read the Information panel and then click Accept. Allow the ActiveX download if necessary. Both the anti-virus engine and database will need to be downloaded, which may take a little time. Once this has been completed, select My Computer from the Scan section on the left hand side. Put the kettle on! Although it is recommended by Kaspersky that you should disable your anti-virus scanner before starting this scan, it should work OK with it still active - it does on my PC. Although you may find the scan speed increases if you carry out this step, I never like to disable my resident scanner while online, so I don't. When the scan has completed, click View scan report at the bottom. Click Save Report As... Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt) Click Save and pick a location for the file - the Desktop is always handy. Copy and paste the report into your next reply. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

This also checks out.

Lets see if we can get the pc back on the internet. 1. Click on Start button. 2. Type Cmd in the Start Search text box. 3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request. 4. Type netsh winsock reset in the Command Prompt shell, and then press the Enter key. Restart the computer.

If you look at what combofix removed, you'll see alot of infected files. Some infections takeover system files / programs so they don't run.When you download combofix did you save it as ABCD.exe before downloading?

Lets see if we disable UAC on the pc will let you copy it over. http://www.howtogeek.com/howto/windows-vis...-windows-vista/

Cool. You're more then welcome. Glad we were able to help Peace be with you

Are you running Vista as your OS?

You can remove these files and folders if listed: C:\ComboFix C:\QooBox C:\combofix.txt C:\combofix-quarantine-files.txt Now try downloading a fresh copy and run it.

Make sure she runs the fix to uninstall Combofix. There are infected files that were removed as part of Combofix.

We need to run the following command to fix some malware related changes. Click on Start -> Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK: "%userprofile%\desktop\win32kdiag.exe" -f -r When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

In the CF scan it shows 0 bytes. 2009-10-26 01:15 . 2009-11-07 15:01 0 ----a-r- c:\windows\win32k.sys Please download ad13's win32ksys to your desktop Double click to run it A black window will appear, let this run On completion a log will appear on your desktop called Win32kDiag.txt please post this in your next reply.

This sounds more like a software issue so I'd suggest you start a new topic in the PC help forum.Do this first. The following will implement some cleanup procedures as well as reset System Restore points: Click START then RUN Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there. To be on the safe side, I would also change all my passwords. Here's my usual all clean post Log looks good Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. [*]Next press the Apply button and then the OK to exit the Internet Properties page. [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. [*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Only run one Anti-Virus and Firewall program. I would suggest you read How to Prevent Malware: