Can't Run ComboFix

Welcome to MajorGeeks.

Have you ran the official AVG Remover Tool (re-booting, re-running) before attempting to run ComboFix?

http://www.avg.com/us-en/utilities

*This reminder from the R&R ME FIRST:

 

Did you "Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix" as instructed? Including Immunet3.0.2??

Please put MGTools.exe directly onto your desktop as instructed in the R&R ME FIRST guide- not in this folder:

Step 1:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 2:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

* NOTE: You have two services from Sysinternals running but the filenames are unknown. Please tell me what they are.

Step 3:
Now download The Avenger by Swandog469, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the "Input script here:" part of the window.

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Step 4:
Using Windows Explorer - navigate to and delete these left-overs:

• C:\Documents and Settings\Shauna\Application Data\AVG10
• C:\Program Files\AVG
• C:\$AVG

Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Step 5:
Now run the below tool -
TDSSkiller - How to run

Step 6:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

Correct.

 

LOL Perhaps I didn't specifically indicate that the highlighted text should not be included in the script I gave. We'll remove it another way.

Step 1:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 2:
Now Copy the bold text below to notepad. (Do not include any space above the word "REGEDIT4")Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" . Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me whether or not you receive a success message about adding the above to the registry. If you do not get a success message, it definitely did not work.

Step 3:
Using Windows Explorer, navigate to and delete these:
C:\WINDOWS\system32\avgfwdx.dll <-- file
C:\Documents and Settings\All Users\Application Data\cK11467EpBcP11467 <-- folder

Step 4:
Please run this online scanner and attach the results.

Using ESET's Online Scanner

Step 5:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file and the ESETscan.txt to your next reply.

* Make sure you tell me if you had any problems running this procedure.

*What malware problems are you still experiencing?

dr.m

 

Please look in Add/Remove Programs (Programs and Features if using Vista or Windows 7) for the following and uninstall if found. If you get any errors just make a note and continue on.

Using Windows Explorer - navigate to and delete:

• C:\Documents and Settings\Shauna\Local Settings\Application Data\Conduit
• C:\Documents and Settings\Shauna\Local Settings\Application Data\ConduitEngine

Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Now install the latest Sun Java Runtime Environment

*What malware problems are you still experiencing?