Combofix won't run

How long ago did you download it? You should not be running it on your own without instructions. Can you follow these instructions please and let me know whether you can run any of it?

READ & RUN ME FIRST - Malware Removal Guide

 

What errors do you get whilst trying to run them?
Did Malware Bytes run?
Did RogueKiller run?

 

Then can you attach the logs from the programs that did run then please.

And in place of MGTools, try this:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.

 

We need to run an OTL Fix

• Right-click OTL.exe to run it. If Windows UAC prompts you, please allow it.
• Copy and Paste the following code into the textbox. Do not include the word Code

Code:

:otl
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
[2013/11/13 14:47:59 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/11/12 18:00:54 | 000,069,895 | ---- | M] () -- C:\Users\J()HN_D()UGH_\AppData\Local\dfl30z32.dll
[2013/11/08 21:59:38 | 000,000,420 | ---- | M] () -- C:\ProgramData\i30bebgfjac.dat
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click Image.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

Run OTL normally now, just a scan now fix, and attach that log too.

Now are you able to run Hitman and MGTools?

 

Does MGTools run in safe mode? (Use safe mode with networking to download it if necessary)

 

OK, other than MGTools and Combofix not running, how is the machine behaving? Because they will not run, does not necessarily mean you are infected. There could be other problems causing it.

What exactly led you to run Combofix anyway?

 

Is there a log for combofix directly on the C:\ drive? :confused
Do you still have combofix downloaded? If so rename it to 4fr7j.com and try and run it again.

 

Normal. It is a tabbed browser and will show multiple processes running. There's also a little article here about the multiple conhost: The story of multiple conhost.exe

I have only removed a small amount of junk, I never found any malware. I really wish you had that log from combofix showing what it removed or replaced. I wonder if it did some damage. This is why it is never advised to run it on your own.

I may have to send you off to the software forum, however let's try this:

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

Is the machineany better?

 

I see this from your screenshot and you can delete it:

C:\Users\J0HN_~1\Appdata\Local\temp\nsjB15B.tmp

Do you have ccleaner installed, or another third party cleaner? If so use it to be rid of temp files.

Also, it appears that combofix is still running, despite the fact you say it is uninstalled. I see signs of it all over the place.

I do admit you do seem to have alot of conhost processes.

Are you able to use system restore at all to go back to a point before things went unstable?

Are you able to use system recovery at all to help?

 

I would like for it to be uninstalled. Do you know how?

Well we'll see what happens after CF is removed but they are, from what I can see, related to combofix.

Damn. So that doesn't help us.

I've seen lots of unstable machines that certain programs will not run on yes. At the moment, we don't actually know what's wrong with yours, for me to say "Oh, yes... I know how to deal with this..." If you know what I mean.

it's also a double edged sword.... and can cause system unstability, esp. if used regularly by untrained persons.

Because not every program see's everything... it's why we use multiple scanners.

Not at all. Sometimes what MBAM misses, superantispyware finds, and so on... or vice cersa.

Only that you do indeed seem to have alot of conhost processes as already mentioned.

Are you able to do a Repair Installation? :confused

Let me know if Combofix is now uninstalled or not.

 

Per the original HijackThis log the below multiple instances of ComboFix and A-Aquared were running.

You need to stop running ComboFix and A-Squared!!!!! Also do the below.


Uninstall the below:

• ESET NOD32
• Any Emisoft software like A-Squared or Emisoft Anti-Malware
• Also uninstall ComboFix using the below steps which assumes that the filenamed combofix.exe is on your Desktop!!!!!! If not there or not named as such then put the file named combofix.exe directly on your Desktop.
  • • Press and hold the Windows key and then press the letter R on your keyboard. This opens the Run dialog box.
    • Copy and paste the below into the Run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
• Now reboot your PC.
• After reboot delete any of the below folders if they still exist:
  • C:\32788R22FWJFW
  • C:\QooBox
• Also delete any remaining copies of ComboFix.exe that you have and if you renamed it ( as shown above to iexplore.exe ) then delete the renamed copies too.
• Now make sure that No Protection Software is running and that UAC is disabled as requested in the READ & RUN ME. If it was not already disabled, you need to reboot after you disable it before trying the below and then disable any protection software again.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now download the current version of MGtools and save it to your Desktop folder. Overwrite any previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista, Win7, or Win8, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below logs:

• the JRT.TXTlog
• C:\MGlogs.zip