Having Problems Again!!!

[Pumpa]

I have gone and done something really stupid here.In the pop-up window I hit the uninstall button. All hell has broken loose and Spybot Search and destroy is having a field day trying to stop registry entries.

cheers
D

[jholland1964]

minou30 I am having the exact same problem with ComboFix. Getting expired message and having the application delete itself. Thanks for letting us know what to do to get ComboFix working.

minou30, combofix is a very powerful tool and should NOT be run without supervision and only under recommendation of malware tech helping you. If you are running this on your own you can cause damage to the system.

Instead of hijacking another's thread please begin your own thread, stating all your problems and AFTER following ALL steps in this link READ ME Before Posting A Request For Assistance!

[jholland1964]

I have gone and done something really stupid here.In the pop-up window I hit the uninstall button. All hell has broken loose and Spybot Search and destroy is having a field day trying to stop registry entries.

cheers
D

Go in and totally UNINSTALL the combofix. To do this delete the copy of combofix, (default location is C:\ComboFix)

Next try this;
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER

• Close all other windows before proceeding.
• this means TURN OFF ALL other security programs too....
• Norton Anti-virus, AVG Anti-spyware,
  
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Reconnect the internet and come back here with the Deckard Scanner Logs.

[Pumpa]

Ok That worked so I have attached the logs

[Pumpa]

Oops pressing the wrong buttons again! Here are the logs

Cheers
D

[jholland1964]

Your system is now showing multiple trojans. Since there seems to be a problem with combofix we will start another way
PLEASE WATCH WHAT YOU ARE DOING, TAKE YOUR TIME AND DON'T CLICK ANYMORE WRONG BUTTONS.

Download the following to your desktop;

CCleaner

30 day Free Trial of Trojan Hunter
his will be a zip file. Open it to install and then update

Disconnect from the Internet. Pull the plug from the back of the computer.

Reboot the system in Safe Mode.

Double Click the CCleaner icon.
When it opens click the Run Cleaner Button.
When it is complete then go to the Trojan Hunter program. Run a full system scan and have it fix what it finds.

Once you have completed both of the above. Shut down.
Reconnect the internet cable and then reboot to normal mode.
Run the Deckard scan program again and post back with the new logs.

[Pumpa]

Finally getting somewhere I think. Downloaded and ran both programs although I had difficulty installing the Trojan Hunter as it seemed to shut itself down before installing so i rebooted in safe mode and installed then. Seemed to work Ok as it deleted several trojans. There is no extra text with DSS scan but HJT ran and left a log so I have posted that as well. PC is running very slow at the moment

Damain

[jholland1964]

Ok Damain, Frankly this scanner log is much worse than the last one. Evidently your "pressing the wrong buttons" has brought in a "boat load" of nasties.
You are going to have to PRINT OUT these instructions because you are going to have to do these steps disconnected from the internet and in Safe Mode and you must follow them "to the letter" and NO PRESSING THE WRONG BUTTONS this time, Ok?
You are going to have to MANUALLY try to delete some of these nasties. Follow the instructions EXACTLY.

First you must Enable Viewing of Hidden Files and Folders
Note: Make sure you also untick "Hide file extensions for known file types" if that is an option that is ticked.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

I want you to shut down the computer. Remove the internet plug from the computer.
After you have done that I want you to boot to SAFE MODE

1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3. Select the option for Safe Mode using the arrow keys.
4. Then press enter on your keyboard to boot into Safe Mode.

Once the computer is booted in Safe Mode you are going to manually search for and delete some files. I will note the FILE you must delete in RED Do NOT, I repeat, DO NOT delete the FOLDER it is in Just delete the FILE noted in RED. Take your time, check off each file deleted on your printed instructions. Do NOT go too fast, take your time. If you cannot find a particular file make a note that you could not find it and move onto the next one.

Here are the files you need to remove. Remember, ONLY those noted in Red, NOT the entire folder it is in.

Navigate to each folder noted. Double Click it to open it.

Ok, here we go.....

Double Click My Computer,
Double Click H drive;
First go here, remember delete only items shown in RED;

H:\VundoFix Backups

Next go here;
H:\Documents and Settings\All Users\Application Data\
Delete these;
axmhonmr.dll
mxuvulgz.dll
olqzgtqx.dll

Now here:
H:\Program Files\
Delete these;
Zqjngoqf
xwpshavw
avp.exe
E404DHelper
Hoxkxufy
Nwhwthmy
Gpsbjzxh
efodevoj
Xkfmgpdp
Dvsohckp
wnyxqpmd
SecCenter
Bbacoalo
ebkxqdij

Now here:
H:\WINDOWS\
Delete this one; avp.exe

Now here:
H:\WINDOWS\system32\
Delete these;
drvwop.dll
drvnal.dll
drvfow.dll
hgghifc.dll
hggecyy.dll
drvzud.dll
opnkhgf.dll
drvnij.dll
drvlom.dll
iifgdbx.dll
drvtam.dll
ddccdda.dll
drvsal.dll
sttss.ini2
sstts.dll
yayvtqo.dll
fibagbia
drvtow.dll
winxtx32.dll

After you have deleted all the files then Stay in Safe Mode and run CCleaner.
Once you have done these steps then shut down the computer. Reconnect the Internet Cable. Reboot the computer in normal mode and I would like you to run a full scan with the Kaspersky Online Scanner . This will not fix anything but will give us locations of infections. Be Sure to SAVE the log. Next run another scan with the Deckard Scanner. Post back here with the Kaspersky log, the Deckard log and a list of any files you were unable to locate.
I say again....PRINT THIS OUT and TAKE YOU TIME

[Pumpa]

Ok I have taken my time and followed your instructions.

H:\Documents and Settings\All Users\Application Data\
mxuvulgz.dll
olqzgtqx.dll
could not find these

H:\Windows\system32\
sstts.dll
yayvtqo.dll
these had a window that read could not delete as this file is being used by another program or person. Close any programs that might be using the file and try again.

Fibagbia
could not find

winxtx32.dll
could not delete as access denied make sure the disk is not full or write protected. Make sure that file is not in use

Ran kasperskey on line scanner and have included the text files
Ran DSS again


Cheers.
Damian

[jholland1964]

"Something" is working in there someplace...Try downloading and running
AVG Anti-Rootkit FREE

If it finds anything, have it clean it.

Once it is done run another Kaspersky scan....please just have it scan My Computer...all those extra logs are not necessary. Having it scan the full computer does the same as doing those multiple scans. Give us a new log.