constantly freezes, mbam/hjt scans are always intercepted

[samtrinh]

-my computer is a HP media center m7360n.

-very often the desktop won't load and im stuck at a black screen

-freezes often

-task manager no longer works

-desktop background is the YOUR COMPUTER IS INFECTED blah blah on a blue screen

-safe mode never worked

-sometimes the red circle X will appear in the taskbar and all this crap will bother me, and sometimes it doesnt.

i am on a different computer at this moment.

I had a problem where mbam wouldnt open. i solved that with this program i found on the internet called Inherit. plus, i had to do the whole renaming thing and extension change. i could open it, but it still exits out a few seconds into the scan.

Avira scans, but it usually freezes when its almost done, a pain in the ass since it takes like well over an hour.

Hijackthis i could open with the same solutions used with mbam. but it would scan for a split-second and then exit out. first i had the hosts issue, so i deleted it and DLed the hosts file recommended on here. but still, it exits out a split second into the scan with no notepad ever appearing. to re-open it id have to do the whole Inherit thing again.

I had a Win32KDiag scan going on a few minutes ago (had to run it a specific way some guy said it on the forums), but the goddang comp froze midway. ill keep trying that.

im also trying combo fix. just waiting til tomorrow because right now the comp is still bringing me to a black screen before desktop loads.

please help...time appreciated.

[samtrinh]

UPDATE..

-i believe any websites related to removing malware are now being blocked..couldnt access this site or other google results but could access others.

- ""Files that are required for windows to run properly have been replaced by unrecognized versions.To maintain system stability,Windows must restore the original versions of these files. Please insert Windows XP Profesional CD-ROM now."" i keep getting that message now but i suspect it to be virus activity so i kept exiting out of it.

-my internet all of a sudden stopped working before i left the computer so..on second thought i think internets being blocked altogether now

-when i try to run combofix i get this message and cant run it:

"!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised.

Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus (Virut)"

-finally finished the Win32KDiag scan, moved the report to a flashdrive and now im on a different computer. well here it is:

Running from: C:\Documents and Settings\HP_Administrator\desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\KB931768

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Found mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933566\KB933566

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Found mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB937143\KB937143

Found mount point : C:\WINDOWS\$hf_mig$\KB938127\KB938127

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB938127\KB938127

Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Found mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB956844\KB956844

Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389

Found mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971961-IE8\KB971961-IE8

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\EhCM

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\ehepg

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiPlay\ehiPlay

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehshell\ehshell

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D4.tmp\ZAP2D4.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D4.tmp\ZAP2D4.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\CAVTemp\CAVTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CAVTemp\CAVTemp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Profiles\All Users\Adobe\Webbuy\Webbuy

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1025\1025

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1028\1028

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1031\1031

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1037\1037

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1041\1041

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1042\1042

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\1054\1054

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\2052\2052

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3076\3076

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE

Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2947593109-135080832-735537357-1008\S-1-5-21-2947593109-135080832-735537357-1008

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2947593109-135080832-735537357-1008\S-1-5-21-2947593109-135080832-735537357-1008

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\P7CV4TYM\P7CV4TYM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\P7CV4TYM\P7CV4TYM

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\{D190EE07-1887-4595-8F62-6253114299D2}

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Config\Config

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit\Quicken\Data\Data

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3040113582-325250993-3913941409-500\S-1-5-21-3040113582-325250993-3913941409-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3040113582-325250993-3913941409-500\S-1-5-21-3040113582-325250993-3913941409-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Symantec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Symantec

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!\Companion\Buttons\Buttons

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!\Companion\Buttons\Buttons

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\dictionaries\dictionaries

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\dictionaries\dictionaries

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\exceptions\exceptions

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\FastSearch\exceptions\exceptions

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar Cache\6.1.1715.1442\en\en

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar Cache\6.1.1715.1442\en\en

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\thumbnails\thumbnails

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Toolbar History\urls\urls

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3040113582-325250993-3913941409-500\S-1-5-21-3040113582-325250993-3913941409-500

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3040113582-325250993-3913941409-500\S-1-5-21-3040113582-325250993-3913941409-500

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Sqm\Sqm

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Sqm\Sqm

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\dhcp\dhcp

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Found mount point : C:\WINDOWS\system32\ENU\ENU

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ENU\ENU

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-10 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 62464 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\export\export

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF

Found mount point : C:\WINDOWS\system32\Macromed\AUTHORWA\NP32ASW\AW70\DOWNLOAD\DOWNLOAD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\Macromed\AUTHORWA\NP32ASW\AW70\DOWNLOAD\DOWNLOAD

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\oobe\sample\sample

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\wins\wins

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\system32\xircom\xircom

Found mount point : C:\WINDOWS\Temp\mdf16c6.tmp\mdf16c6.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf16c6.tmp\mdf16c6.tmp

Found mount point : C:\WINDOWS\Temp\mdf1778.tmp\mdf1778.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf1778.tmp\mdf1778.tmp

Found mount point : C:\WINDOWS\Temp\mdf1e59.tmp\mdf1e59.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf1e59.tmp\mdf1e59.tmp

Found mount point : C:\WINDOWS\Temp\mdf2a61.tmp\mdf2a61.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf2a61.tmp\mdf2a61.tmp

Found mount point : C:\WINDOWS\Temp\mdf2e0.tmp\mdf2e0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf2e0.tmp\mdf2e0.tmp

Found mount point : C:\WINDOWS\Temp\mdf309.tmp\mdf309.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf309.tmp\mdf309.tmp

Found mount point : C:\WINDOWS\Temp\mdf31ca.tmp\mdf31ca.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf31ca.tmp\mdf31ca.tmp

Found mount point : C:\WINDOWS\Temp\mdf352a.tmp\mdf352a.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf352a.tmp\mdf352a.tmp

Found mount point : C:\WINDOWS\Temp\mdf3a2b.tmp\mdf3a2b.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf3a2b.tmp\mdf3a2b.tmp

Found mount point : C:\WINDOWS\Temp\mdf41b8.tmp\mdf41b8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf41b8.tmp\mdf41b8.tmp

Found mount point : C:\WINDOWS\Temp\mdf4599.tmp\mdf4599.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf4599.tmp\mdf4599.tmp

Found mount point : C:\WINDOWS\Temp\mdf4862.tmp\mdf4862.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf4862.tmp\mdf4862.tmp

Found mount point : C:\WINDOWS\Temp\mdf4e67.tmp\mdf4e67.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf4e67.tmp\mdf4e67.tmp

Found mount point : C:\WINDOWS\Temp\mdf555e.tmp\mdf555e.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf555e.tmp\mdf555e.tmp

Found mount point : C:\WINDOWS\Temp\mdf6106.tmp\mdf6106.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf6106.tmp\mdf6106.tmp

Found mount point : C:\WINDOWS\Temp\mdf6b0.tmp\mdf6b0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf6b0.tmp\mdf6b0.tmp

Found mount point : C:\WINDOWS\Temp\mdf6b98.tmp\mdf6b98.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf6b98.tmp\mdf6b98.tmp

Found mount point : C:\WINDOWS\Temp\mdf7657.tmp\mdf7657.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf7657.tmp\mdf7657.tmp

Found mount point : C:\WINDOWS\Temp\mdf7b20.tmp\mdf7b20.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\mdf7b20.tmp\mdf7b20.tmp

Found mount point : C:\WINDOWS\Temp\nsc7A.tmp\nsc7A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsc7A.tmp\nsc7A.tmp

Found mount point : C:\WINDOWS\Temp\nsh6E.tmp\nsh6E.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsh6E.tmp\nsh6E.tmp

Found mount point : C:\WINDOWS\Temp\nsj6C.tmp\nsj6C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsj6C.tmp\nsj6C.tmp

Found mount point : C:\WINDOWS\Temp\nsk97.tmp\nsk97.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsk97.tmp\nsk97.tmp

Found mount point : C:\WINDOWS\Temp\nslA0.tmp\nslA0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nslA0.tmp\nslA0.tmp

Found mount point : C:\WINDOWS\Temp\nsm8D.tmp\nsm8D.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsm8D.tmp\nsm8D.tmp

Found mount point : C:\WINDOWS\Temp\nsn95.tmp\nsn95.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsn95.tmp\nsn95.tmp

Found mount point : C:\WINDOWS\Temp\nso7C.tmp\nso7C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nso7C.tmp\nso7C.tmp

Found mount point : C:\WINDOWS\Temp\nsq6A.tmp\nsq6A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsq6A.tmp\nsq6A.tmp

Found mount point : C:\WINDOWS\Temp\nsq8A.tmp\nsq8A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsq8A.tmp\nsq8A.tmp

Found mount point : C:\WINDOWS\Temp\nsvA5.tmp\nsvA5.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsvA5.tmp\nsvA5.tmp

Found mount point : C:\WINDOWS\Temp\nsx59.tmp\nsx59.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsx59.tmp\nsx59.tmp

Found mount point : C:\WINDOWS\Temp\nsz91.tmp\nsz91.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\nsz91.tmp\nsz91.tmp

Found mount point : C:\WINDOWS\Temp\SBCYahoo_SMB_600000\SBCYahoo_SMB_600000

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\SBCYahoo_SMB_600000\SBCYahoo_SMB_600000

Found mount point : C:\WINDOWS\Temp\TempRec\TempSBE\TempSBE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\TempRec\TempSBE\TempSBE

Found mount point : C:\WINDOWS\Temp\{DABD554A-7DA6-4763-BF17-D3CAFB55E5A6}\{DABD554A-7DA6-4763-BF17-D3CAFB55E5A6}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\{DABD554A-7DA6-4763-BF17-D3CAFB55E5A6}\{DABD554A-7DA6-4763-BF17-D3CAFB55E5A6}

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

[samtrinh]

bump..

update: left the comp on for a while and went to do chores for a lil bit, came back, got my first blue screen of death

i forgot to get the details of it, how stupid of me

so what do i do now

[Maurice Naggar]

Hello,

First, stop self-medicating and running special tools of any sort that require expert guidance. Don't make changes on your own.

Second, let me point out that by Replying to your own original post you inadvertently got the result of being overlooked since the reply count on your post went past 0.

Carefully follow my suggestions and do no more on your own.

If this system indeed has a Virut infection, the only resolution is to wipe system clean and do a new install of Windows.

Virut infections cannot be cleaned.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

If you are a casual viewer, do NOT try this on your system!

If you are not samtrinh and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

=

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

=

WIN32kdiag should be on your Desktop !

Click on Start button. Select Run, and copy-paste the following command (the bolded text) into the "Open" textbox, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

I do NOT need the Win32kdiag.txt

=

Start NOTEPAD and then copy and paste the codebox lines below into it.

Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@echo off
copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll c:\

Double-click on fixes.bat file to run it.

Next, Download The Avenger by Swandog46 from here.

• Unzip/extract it to a folder on your desktop.
  
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
  

  Files to move:
  C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dll

  
  

• In the avenger window, click the Paste Script from Clipboard icon, button.
  
• :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  
• Click the Execute button.
  
• You will be asked Are you sure you want to execute the current script?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
  
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  
• If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  
• After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.
  

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

At this time of posting, the current definitions are # 2861.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of the C:\Avenger.txt

and the MBAM scan log

[samtrinh]

now when i try to boot, either normally or in last configuration that worked, it has a "logonui.exe" error. "click ok to terminate program, or click cancel to debug the program." after clicking either many times a login screen opens. when i press enter it brings up the desktop wallpaper and i get a userinit error, "Data Execution Prevention" something like that. and the desktop just stays there with nothing and task manager is disabled by administrator.

[Maurice Naggar]

If Windows normal mode is not useable, force a system restart/reboot, and right away start tapping F8 function key.

When get Advanced Boot Menu, select Safe Mode with Networking.

Let me know how many & which of my last suggestions you have done.

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

• Double-click FixPolicies.exe.
  
• Click the "Install" button on the bottom toolbar of the box that will open.
  
• The program will create a new Folder called FixPolicies.
  
• Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  
• A black box will briefly appear and then close.
  
• This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
  

[samtrinh]

none of the safe modes work. when selected, a bunch of random words and numbers and such fill up the screen, the computer reboots, and brings me back to the boot menu saying "an inconvenience occurred, windows could not start successfully."

i cant really attempt anything else you told me to do at this point

[Maurice Naggar]

Power off the pc. Wait for a minute or two. Power back on. Re-try the F8 function key procedure and select Last Known Good Configuration

You must tap & re-tap F8 before Windows GUI mode starts loading.