See if you can scan for malware in any mode or in safe mode. See if you can disable Windows Defender as you do not need both NIS and Defender. Try to get NIS running. If it is relatively new (2010, 2011) it can perhaps find the problem. .. Thinkpads_User

When you see black screen try this hit ctrl alt del on keyboard this will bring up task manager,then click file,choose new task(run),then type explorer.exe click ok this should start desktop post back with results.

I could see that the customer ran Malwarebytes and I ran Symantec with nothing found.
It may well have some type of root kit that neither of these can find.  If I could get a flash drive connected I would run hitman pro to look for a root kit.

The desktop is all black except for the recycling bin.  When I boot to safe mode I get the default program icons on the screen.  I don't know if this is all of the icons that the customer had.

I clicked on the Malwarebytes icon and about 20 seconds later it asks for permission to continue.  If you click continue it gives a runtime error '0'. Click OK then get runtime error '440'.

On the new user I did the ctrl alt del and the task manager comes up.  I tried to run explorer.exe.  a single line pops into the applications window and disappears.  Under processes explorer.exe is running.

The cursor disappeared and I had to hard shut down and restart.  I booted up to new user in safe mode and no icons just the dos screen that I had up before. I ran explorer.exe from the task manager again and the desktop icons, start menu and system tray appeared.

Under Services - almost every service is stopped.  I tried to run lmhosts and get an error Unable to Start Service.
 The operation could not be completed.  The dependency service or group failed to start.

I didn't mention that Dell came to service this PC and changed the motherboard.  I don't think that would have anything to do with what is going on but thought it should be mentioned.  I'd say the hardware is probably OK since I have a display, keyboard and mouse function.  It is just the OS that is acting up.

The Windows Defender service is one that is stopped.

I have an external sata/ide to usb and can back up the data however I'm wondering if the permissions issues will still be there.

I had a similar situation recently.  I booted to safe mode with command prompt and ran TDSSKiller from a flash drive.  That removed the rootkit and I was able to boot to the user's profile and continue.

TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Good luck!!!

>>>  the permissions issues will still be there. <--- If the new install uses the same userid, then there should not be permission issues. You can always copy the data to a benign folder (not another My Documents folder) and give Everyone modify permissions. That usually allows you to move data. I sync data that way between computers with no permission issues.   ... Thinkpads_User

Try this you may have to run in safe mode.
http://www.combofix.org/

Sorry also run this.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

ran the following from command line in safe mode off of a flash drive:

ran TDSSkiller, processed 256 objects infection not found
ran combofix but the first line said it had permissions issues and needed to run those tasks as an administrator....
then the log file had a disk error when it tried to write it....
ran hitmanpro35 which found nothing...has found the alueron root kit many times for me....
installed & ran superantispyware complete scan - found 51 cookies....

if this is malware, it is a good one.

Had to reinstall Windows.  I don't like giving up but had to return the PC to customer.  Thanks to all for your replies.

Thank you. I know reinstalling takes time. I was happy to help and good luck with your client. ... Thinkpads_User