ADV Virus Rmvr 2009

My apologies in advance if I'm doing something incorrectly.

I have read through and attempted to do all of the things in Read & Run First, however in almost all cases I am able to install the software, however I am unable to run all but MGTools.

HiJackThis runs for about 5 seconds and then simply disappears.
Malwarebytes' install and runs for about 5 seconds before disappearing
Combofix will run however receives multiple access denied errors while trying to scan.
SuperAntiSpyware installs, however disappears after about 5 seconds.
I tried running the kaspersky online scan, which ran for about 2 hours before disappearing.

Unable to run regedit. I have run: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
to enable registry, however this does not work when logged in under either standard or safe with networking startup.

unable to launch taskmanager either.

I have attached the MGtools log files.

Any help would be greatly appreciated.

Thanks,
Dan

 

When I try to run add/remove programs I receive the following message twice.


Error
"c:\windows\system32\rundll32.exe" c:\windows\system32\shell32.dll,control_runDLL
c:\windows\system32\appwiz.cpl

I was able to insert the registry entries and run avenger, however when the system reboots, combofix does not run.

I have attached the MGlogs.zip and avenger.txt files for your review.

I now receive 3 errors every time I try to launch a program such as safari or firefox, then the program launches and appears to work correctly.

 

Ok, so I downloaded all of the files on to another machine and burned them to a CD and then moved the files into the correct location on the infected machine.

I ran MGTools.exe by following the instructions provided. The DOS window popped up and ran for approx. 30 seconds and then disappeared and it populated a mglogs.zip file.

I ran FixAVP.exe and it almost immediately shut down windows. When rebooted the Avenger log file was generated, however the Getlogs.bat file did not run.
I attempted to run Getlogs.bat myself, however I experienced the same thing. Runs for approx. 30 seconds and then shuts down (I never get a message that the scan is finished even after 1 hour). However this time, theMGlogs.zip file was not generated, meaning that all of files contained in the existing file are time stamped at the time that I ran the original file.

There is no MGLogs.zip file to attach as none was generated. I did attach the avenger log file as that might have some useful info.


Thanks,
Dan

 

Ok, so I downloaded the file to my desktop and ran the program. I received an error that I did not have permission to run the file. I changed it from an exe to a com file and reran the program, it ran for about 30 seconds and then failed giving me the error.

Win32kDiag1.com has encountered a problem and needs to close. We are sorry for the inconvenience.

Send Error Report or Don't Send Error Report.

I've attached a log file and will attach another in a few minutes as it appears that they terminated in 2 separate places.

 

I downloaded Inherit to a clean machine, burned it to a CD and then dragged and dropped from the CD to the infected machines desktop.

I dropped Win32Kdiag.exe onto inherit.exe and received a message that said ok.

I double clicked win32kdiag.exe and the program ran for approx. 5 minutes prior to posting this entry to the log file.

cannot access: c:\windows\erdnt\8-19-2009\default

then I get the same message as I received before that the program has encountered a problem and needs to close. We are sorry for the inconvenience.

I'll attach the existing log in just a moment.

 

log attached

 

Ok, so I booted up the machine using the OS disk and attempted to access the recovery console. I was prompted to choose the installation that I wanted to repair of which there is only 1. I was then asked for an administrator password. I have no idea what this is, or what it might be. I tried admin, administrator and leaving it blank.

Now I can not boot windows at all, in either safe, safe with networking, safe with command prompt or normal. I also tried choosing last known good configuration and still unable to boot windows. The boot process runs for a minute or so, then the HD just stops.

Any ideas?

 

I did not change my boot priority

 

Was set to CD,HD,Built LAN.

I just changed to HD, CD, Built in LAN, however same result.

The windows loading screen shows and the progress bar goes across for about a minute, then the screen goes blank and stays that way. After about 30 seconds the HD activity stops. Waited for over 1 hour and windows never loaded.


Truly the only thing I did was attempt to access the recovery console, which required an admin password that I didn't have. I attempted admin, administrator and leaving the password blank. After the 3rd attempt I was forced to reboot and since this, I have been unable to boot into windows.