Need Help: Computer won't open ANY Programs

A few days ago I was attempting to open my AVG 2012 antivirus software when my computer decided to randomly shut down. Upon reboot I tried to run the program again and could not get it to open. Now none of my programs will open including internet explorer. If I try to open a program it shows the "thinking icon" and then nothhing. I have tried restoring the computer to an earlier date just incase it was something I may have inadvertently opened. Can someone please help me figure out how to fix this problem? I am running win 7 on a dell inspiron laptop.

 

Hi and welcome to Major Geeks, Jaimmers710!

http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
• Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

 

Can I use and external hard drive to do this?

 

Yes.

 

I had a computer tech look at my laptop and found out that there is a rootkit virus embedded in the hardrive that will not allow any .exe files to open. Is there any way for me to eliminate this virus and salvage my computer without reformatting my hard drive? If not can I hook up an external hard drive to save my files without infecting the hard drive? Please help so completely frustrated.

 

Yes.

This type of rootkit (Rootkit.Boot.Pihar.b) does not spread to external devices.

It is still recommended that you follow the FRST instructions I laid out for you in my first post. This way we can just remove the infection, NOT any of your personal files.

 

Ok thank you for your help. I will do exactly that tomorrow. I will let you know how it goes and will attach the log as requested.

 

Ok, no problem

 

Sorry this took so long my PC power cord went bad right after my last post so had to replace it before I could downlod the scan software. I completed the scan and have attached the txt file

 

No problem. Try this:


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

Now continue with this procedure: How to Remove TrojanOS/Alureon.A

 

Done and done

 

Looks good. Are you able to follow the How to Remove TrojanOS/Alureon.A procedure now?

 

I have followed the rest of the directions and am attaching my logs.

 

To be honest I ran so many programs and scans on my computer that I cannot remember all of the logs. If I am missing any would you please let me know.

 

More logs

 

http://img196.imageshack.us/img196/3557/tdsskiller.gif Re-scan with TDSSKiller with the parameters you used before.
This time if TDSS File System appears, delete it!
Then attach the latest TDSSKiller log. (How to attach)

Reviewing the rest of your logs now.

http://img850.imageshack.us/img850/4124/mbam.gif Missing the log from Malwarebytes.

Let me know how the system is running as well.

 

http://img10.imageshack.us/img10/3213/avguninstall.gif Please download and run AVG Remover

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 27 (outdated)

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]Collect::[137][/COLOR]
C:\programdata\Microsoft\Windows\DRM\FCD0.tmp
[COLOR="DarkRed"]File::[/COLOR]
C:\programdata\Microsoft\Windows\DRM\FCF1.tmp
C:\Users\All Users\Microsoft\Windows\DRM\FCD0.tmp
C:\Users\All Users\Microsoft\Windows\DRM\FCF1.tmp
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0181C6E-9218-4792-9F3C-E8DF52B2F1AC}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"avg@toolbar"=-
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=-
[COLOR="DarkRed"]SecCenter::[/COLOR]
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: jre-7u3-windows-x64.exe

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

Let me know how the system is running after you have completed these steps.

 

The system is running well but I can't seem to find the other log. I will run the other scan again later. I am calling a day for now. Thank you for all of your help.

 

No problem.

 

TDSSKiller log and Malwarebytes log

 

Hello,

I would like to review the rest of the logs requested earlier.
This includes an updated MGlogs.zip as well as the new ComboFix.txt after you have run the CFScript.

http://img196.imageshack.us/img196/3557/tdsskiller.gif You also need to delete the TDSS File System as I mentioned in post #16

Do this and then let me know how the system is running.

 

When I uninstall AVG what do I use as a antivirus?

 

Also what is the TDSS file system? How do I find it? I am still working on generating the other logs

 

For now let's focus on making sure your system is clean. You can install whichever antivirus you like after we are done with removing malware.

It should reappear once you rescan with TDSSKiller with the "Detect TDLFS File System" option enabled.
Refer back to TDSSkiller - How to run if needed.
Remember to delete the TDSS File System if it is detected, don't skip it this time.

Ok

 

TDS log

 

How can I tell if AVG remover worked? as soon as i click on the link a black window appears and then immediately dissappears but then when I try to uninstall Java update it says that AVG is uninstalling

 

AVG still shows in the program list but Java does not

 

Updated TDS log with file system removed

 

I had to uninstall AVG through thte control panel. I could not get the link to work

 

System seems to be running ok. Not sure if it is related but when I open IE it says that something caused IE to close and reopen but it does not shut down just the error message

 

Your latest logs are clean, Jaimmers710

__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it is present
8. You can delete c:\FRST if it is present.
9. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
10. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

Is AVG 2012 a good AV program?

 

While it is better than not having any protection at all, I find AVG too bloated and not as effective as some of the other free antivirus programs.

 

I didn't see this before. Is this still an issue? Have you rebooted?

So as soon as you try to open IE, it shuts down?

 

IT hasn't done it since I installed updates to windows and rebooted

 

Is there one in particular you would recommend running on windows 7?

 

At the moment I am using Microsoft Security Essentials and it seems to run fine on Windows 7. You can get it here.