32788r22fwjfw.0.tmp No access to anything

Welcome to Major Geeks!

You stated that you only have a blank screen in normal and safe boot mode but yet you talk about running things like HJT and ComboFix. Thus I assume you are able to get programs onto the computer and run them using Task Manager or similar.

So please try doing the below:

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then doube click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running.


Also please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. It does not save a log.

Then try running these instructions: Using MGtools


Attach the below logs when finished with all of the above:

• C:\avplog.txt - from AVPfind
• C:\MGlogs.zip - from MGtools

The C:\ assumes that drive C is you Windows boot drive. If you boot from another drive, then use the correct drive letter above.

 

It's chas and yes I'm around when I can be, but you need to read the sticky threads like this Don't Bump! It Only Hurts You!!! This post cost you more than 4 days of additional waiting time.

You have one of the Windows Police Pro aka AntiVirus Pro type infections that infection those Windows system files listed by AVPFind. You will need to get this infected system file replaced See if you can run Avenger per the below.


Now download The Avenger by Swandog46, and save it to C:\avenger.exe

• Run avenger.exe from Task Manger by entering C:\avenger.exe
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, see if you can run any of the below. I will give instructions for using Task Manager. Only use Task Manager if you still do not have a Desktop.

Please download and run Win32kDiag per the below instructions:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Then from Task Manager run the below command. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log.

C:\win32kdiag.exe -f -r

You may be able to navigate to your Desktop to get this file attached thru the Manage Attachments Browse button. Just go to the C:\Documents and Settings\UserName\Desktop folder to find it. Replace UserName with your actual user account name.

Also see if you can do the below.



Now download and Run exeHelper

• Please download exeHelper to C:\exeHelper.com.
• Then from Task Manager run C:\exeHelper.com
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
• Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Attach logs from the below if they ran

• C:\avenger.txt
• Win32kDiag.txt
• log.txt from exeHelper

If Avenger ran, see if you can run MGtools now. If yes, attach the C:\MGlogs.zip file.

 

Why are you still posting logs inline? ALL logs must be attachments. Please attach all future logs.

First see step 4 of this: READ & RUN ME FIRST. Malware Removal Guide and put your PC into Normal Startup with MSconfig. Do not reboot at this point if it tells you it needs to. We will reboot later.

Also you must disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

Now run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Uninstall the belowsoftware. If you cannot uninstall any of these, just continue on and tell us later.
Ad-Aware SE Personal <-- to old and too useless
Windows Antivirus Pro <-- malware


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Snuxawuqe] rundll32.exe "C:\WINDOWS\oqicoyucegaqabih.dll",e
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF18046.exe" /c "C:\ComboFix\C.bat"
O4 - HKLM\..\RunOnce: [combofix] "C:\WINDOWS\system32\CF18046.exe" /c "C:\ComboFix\C.bat"
O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\au094.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Monopod] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\au094.exe (User 'Default user')
O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\WINDOWS\system32\sofatnet.exe

After clicking Fix, exit HJT.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\temp
C:\Documents and Settings\Owner\Local Settings\TEMP


Now run QuickScans with both SUPERAntiSpyware and Malwarebytes per the below:

• SUPERAntiSpyware - running & getting a log

• Using Malwarebytes Anti-Malware

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Then attach the below logs:

• C:\avenger.txt
• logs from SUPERAntiSpyware and Malwarebytes
• C:\MGlogs.zip

Make sure you tell me how things are working now!