I'm an independent computer tech. I'm used to clearing viruses off machines, and dealing with the damage left behind. This one has me stumped.
I have a computer from a new client - Dell laptop, Windows 7 Ultimate, 4 Gb, Core2 Duo (I can give more details if needed). It was booting incredibly slowly - literally 5-8 minutes from on to desktop showing and icons clickable. Other problems too, but I can deal with them when this is fixed. Running AVG Free 2015 (previously installed).
I was able to install and run CCleaner. Removed some startup files, there wasn't anything odd in the installed programs, ran the cleaner and registry and both ran normally.
Took it home, tried my usual tactic of installing MBAM. It wouldn't install, even trying all the chameleons. The visual is - click on the EXE file, it asks if I want to run the program, I click Yes, the screen greys out...and about a minute later the screen clears up. No other action - the program is not run. I'd think there was a dialog waiting for a response from me, but I can't find it - one screen, resolution at recommended so it's not off the edge, and nothing in the taskbar. ???
Stormwatch ads in the browser - but it's neither in Installed Programs nor in the Extensions/Add-ons lists. ???? Eventually removed (I think) - see 2nd paragraph below.
I've turned the firewall on - twice so far. Then I reboot and it's off again (or at least, after a reboot I notice it's off. Not sure exactly when it's being turned off).
I went into Safe Mode and was able easily to install MBAM. Ran it and it found some 400 adware items - but no malware. Ran twice, once without and once with rootkit search installed - no difference. Quarentined all found items (Stormwatch, Gameo, a couple others). Ran another scan, it said all was well. But back in normal mode, .exe files don't run.
Used RKill, TDSSKiller, SuperAntiSpyware - they'll run in Safe Mode and find nothing, won't run in normal mode. RKill.com does the same thing.
Tried a Microsoft Fixit for exe files - did nothing. I can't run Regedit and look for myself, because that's an exe. And can't get into elevated CMD - same greying out. A non-elevated CMD will open, but I can't run the useful things from there.
Browsers run (thank goodness). Adobe Flash tried to update, downloaded but failed to run (same thing, temporary grey).
I haven't tried a live CD yet, nor Repair Computer from the F8 menu. Can't do an SFC /scannow without the elevated CMD.
Oh - and Safe Mode boots a lot faster. Regular is faster than it was - only about 3-5 minutes from on to ready - but still slow. Safe Mode boots at the speed I expect, about 1-2 minutes to ready (even with the delay of hitting F8 and choosing SM with networking). But I can't get into MSConfig, either (and nothing much shows in CCleaner).
I can't tell whether it's still infected, with something I can't find, or if this is aftereffects of something that's been removed. And in either case, I can't figure out how to fix it. Suggestions?