-- Do you have a flash drive to transfer tools and scanlogs between computers?

-- Can you get a command prompt on ill machine?
START > RUN > type cmd > OK
or
START > RUN > type command.com > OK

Let me know.

PP :)

yes to both questions

Allrightythen!

You'll need to put these tools on your flash drive:

• http://ad13.geekstogo.com/Win32kDiag.exe
• http://swandog46.geekstogo.com/avenger.zip
• http://www.bleepingcomputer.com/combofix/how-to-use-combofix
With combofix, what I want you to do, though, is this:
When you download it and it asks you to "Save File As," rename combofix to Combo-Fix and then download it to working compy and put it on the flash drive.
• FindWPP.zip
• DDS by sUBs
• http://download.sysinternals.com/Files/Junction.zip
• http://www.raktor.net/exeHelper/exeHelper.com
• http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe
• SysProt Anti-Rootkit

Then, see if you are able to copy these to the desktop:
-- FindWPP.zip
-- Win32kDiag.exe
-- Combo-fix.exe

Let me know how you fare.

PP :)

ok they are there,

With the three tools now on the Desktop, try this:

-- See if combofix will run. If not, try RightClick on it andRun As Administrator.

If it runs, let it finish and post the log.

If no combofix, then Extract the FindWPP folder from the FindWPP.ZIP
In the folder you'll find RunThis.bat
Run it and post me the log.

Let me know how you fare.

PP :)

with both i get a message saying registry edit is disabled by administrator,

Open a command prompt and type %userprofile%\desktop\combo-fix.exe /KillAll ENTER
Note ther is a space here --> .exe/KillAll

EDIT: Try using command.com to open prompt if that fails.

says combo-fix.exe is not a recognizeable command

Is combo-fix.exe on the desktop? You did rename it and it is not combofix (w/out dash)?

Click START > Run > type command.com to open the command prompt and then type:

cd %userprofile%\desktop ENTER
then type
combo-fix.exe /KillAll ENTER (or combofix.exe if not renamed)

It should run - let me know.

PP :)

now it says installation files for combofix are corrupted,i cannot get it to install at all

OK - let's try something else for the time being:
RightClick on FindWPP.ZIP and Extract the FindWPP folder from the ZIP to the desktop.
In the FindWPP folder you'll find RunThis.bat
Run it and post me the log.

With any luck, that will work ok...

nope get a message saying registry editinf has been disabled by the administrator,this is making me feel dumb

This is the worst malware I've seen in 6+ years of volunteering in forums . . . and I've seen some doozies!

-- Were you able to extract the FindWPP folder from the ZIP?
If so:
Click START > Run > type command.com to open the command prompt and then type:cd %userprofile%\desktop\FindWPP ENTER
then type
RunThis.bat ENTER

If that doesn't work:
Click START > Run > type command.com to open the command prompt and then type:

cd %userprofile%\desktop ENTER
then type
Win32kDiag.exe ENTER

If that runs, allow it to run until it finishes (it will say "finished")
Post the log.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

If no joy with any of the above, move Inherit.exe from your flash drive to the Desktop.
Then, drag and drop Win32kDiag.exe onto Inhereit.exe on the desktop. After a few seconds, a dialog box should pop up saying "OK"
If that works, try to run Win32kDiag.exe again.

PP :)

ok ill try that,lol told ya this was bad

I've seen a lot of this baddie - It comes in different flavors and different degrees of difficulty.
Most of the compys I see this on have a lot of P2P apps.....