Cannot open any exe files

So basically, I think I have malware because I cannot open any exe files from my main account. I was able to make another admin account, which is how I'm accessing all my files. I feel like only that one account is infected, but I'm not sure. I tried running my anti viruses, and I don't know if I can access my other account with my spyware through another admin account? If so, can you help please? Because no exe files at all work through my main account. Thank you!

 

Yes your antivirus should scan all files and folders no matter what account you run it from.

If you can run it then please do so. Then if you want us to have a look please work through our READ & RUN ME FIRST. Malware Removal Guide.

If any of the scans will not run or download move on to the next one and let me know what happened like if there were any errors or if they just wouldn't download or run.

Attach all of the logs when complete.

 

So I was running the software, and my computer froze. I manually turned if off and on, and now, the computer doesn't boot; well it starts up, but the screen is black nothing happens. Is this due to the malware as well? I basically have a living-dead laptop.

 

Please disregard that last post about the screen. I will post the logs momentarily.

 

Here are the attached logs.

 

Here is the MGlog zip file.

 

1. Close all open Web browsers.
2. From the Start menu in Windows select Control Panel.
3. Select Add or Remove Programs.
4. Uninstall any of the following programs associated with Ask.com: (the names may be slightly different)

- Ask Toolbar

5. Click Change/Remove for each and uninstall all found.

* Also uninstall the following (if found)

Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 7

DO NOT uninstall Java(TM) 6 Update 20




1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

File::
c:\users\Anant Upreti\AppData\Roaming\Mozilla\Firefox\Profiles\z4s14req.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
c:\program files\Ask.com

Folder::
c:\program files\Ask.com

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

http://img249.imageshack.us/img249/1218/cfscript1.gif

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze



Also be sure to let me know how the Computer is running now.

 

The log is attached. So all my other accounts are running fine, but my primary account, where the malware or whatever happened occured, is still problematic with the same issue: no .exe files can be run; they all open one particular program and the same program whenever I try to open any and all .exe files. However, the profile/account I'm on right now works fine. Is there anyway to fix this issue on my primary account?

 

Try an automated fix first.

Log on to your account that is not working right and try this.

• Download the zip file here > Vista exe fix to the desktop.
• Unzip the exe fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge.
  • Note that you need to be an administrator to apply these fixes.
• It will attempt repair your exe file association in the registry.

You may need to restart the computer for the changes to take effect.



If that does not work you can try the Microsoft fix. There are two options. One for a manual repair or scroll down to the second section and use the 'Fix it' option. When you run an .exe file on a Windows Vista-based or Windows 7-based computer, the file may start a different program

Let me know how that goes.

 

How do I get onto a web browser from my messed up account? Because when I try to open my browsers, the same things happen, since it's an .exe file, isn't it? Or can I use the fix from a working account?

 

I believe it has worked! I extracted it off an external and it all my programs seem to be running well. Is there some way to check if everything is truly in order?

 

Glad you got it!

Let's get a new MGlogs.zip file run from the account that was corrupted to make sure everything looks okay.

Run the C:\MGtools\GetLogs.bat file by double clicking on it. Attach the new C:\MGlogs.zip file that will be created.

 

Here is the attached zipped log.

 

Right click HijackThis and choose Run as Administrator

Next select Do a system scan only

Place a check mark next to the following entries: (if there)

• R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
• R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
• O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.



Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Also. Do you know what this folder is and what's in it?

Code:

C:\Users\Anant Upreti\AppData\Local\sqjukvjwn

 

I did the MB scan, but nothing showed up:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4236

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/24/2010 10:16:02 PM
mbam-log-2010-06-24 (22-16-02).txt

Scan type: Quick scan
Objects scanned: 151242
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Also, that folder you were asking for, I know where the location of it is (in my "Local" folder) but that specific folder is empty. I have no idea what it is.

 

Delete the entire sqjukvjwn folder. Be sure to just delete the folder itself!!

C:\Users\Anant Upreti\AppData\Local\sqjukvjwn



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

Thank you so much. One little thing; some of the icons didn't revert back. That's not gonna be a problem right? The programs run fine, just the icons are still of that other program.

 

What icons of what programs?

Are they on your desktop?

 

Yea there were a few: AIM, Chrome, and Firefox didn't revert, but I got annoyed by it so I manually changed the icons. However, on the Start menu, on that list on the top-left column of the menu, they still haven't reverted. Is it just a cosmetic thing? Can I just delete them from the list and then readd them? Thanks!

 

Yes that should work just fine.