Junior Member
After the safe mode boot, I guess the startup goes to selective mode. I noticed this eventually and set it back to normal mode. I put a picture with this post if it may help, because you did mention checked items. Re-did the AVG scan in safe mode, that's included. Finally after the reboot, re-did the HJK scan. Hopefully that's finally everything and in order. Appreciate the hands on help. Btw, go Phils
-DD
Administrator
In SAFE MODE I want you to run AVG again following these instructions;
Please Launch AVG Anti-Spyware.
-- Click on the Scanner button and choose the Settings Tab.
---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware.
--->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box.
-- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine.
-- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine. (this includes cookies)
-- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop
I also want you to Generate a Start Up listing using HiJackThis;
In order to do this go into the Config option when you start HijackThis and then click on the Misc Tools button at the top.
You will then click on the button labeled "Generate StartupList Log"
the program will automatically open up a notepad filled with the Startup items from your computer. Copy and paste these entries into a message and submit it along with the new AVG scan log.
High-Voltage Messiah
They're hanging in there despite the myriad of injuries this year!Originally Posted by DrWebs
-- Do you know what this entry is?
O4 - HKLM\..\Run: [gdccw] "C:\PROGRA~1\COMMON~1\SECURE~1\GDCcw.exe" -start
-- In addition to what Judy requested, you can probably go ahead and do the following:
Scan with HijackThis and Check the Boxes for the following, if they remain:
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O21 - SSODL: wmpdev - {0ADBCBB0-6816-4B76-BFC2-782D9814C633} - C:\WINDOWS\wmpdev.dll
O21 - SSODL: wmphost - {11FB4783-C8C2-4D03-9BC8-79A67403D27D} - C:\WINDOWS\wmphost.dll
Make sure All Browser Windows are Closed and then Click FIX.
THEN:
Please Boot to Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:
C:\WINDOWS\mxduo.dll
C:\WINDOWS\wmpdev.dll
C:\WINDOWS\wmphost.dll
You should have the Viewing of Hidden Files enabled as per the sticky thread instructions.
Your logs are surprisingly clean, save for the baddie above. The items Judy requested will let us know more....
Let us know if you have any trouble removing these.
Cheers
PP
Administrator
After doing what I requested, Please follow the instructions given by PP
I "think" after searching for several days I may have found this same entry on a German anti-malware forum. Had to use BabelFish to translate but I believe this may be SecurePCCleaner another form of the rogue spyware remover Ultimate Cleaner. Just found this this evening after looking for info on this file since the first HJT log. From what I have found, and now have found several links, all are dated AFTER August 17, 2007. Alas, none of them give a removal instruction, just what it is.O4 - HKLM\..\Run: [gdccw] "C:\PROGRA~1\COMMON~1\SECURE~1\GDCcw.exe" -start
Junior Member
For some reason I thought I put that in the first post, but like an idiot I didn't. Assuming the Ultimate Cleaner pop ups were a scam I ignored them, but I couldn't take the constant pop ups and bit on the Secure PC Cleaner one. Ran the scan, it obviously fixed nothing and I knew I was screwed. I immediately tried to remove it, but I doubt it's all gone. I just ran the AVG scan again before quarantining the detected, and checking to save a report after every scan. For whatever reason I rebooted w/o actually saving the report as a separate .txt file, and when I looked at the reports tab, the only one I see was from the other day. I'll try and get the rest of your requests done by tomorrow morning. Sorry for my ineptitude
-DRWebs
High-Voltage Messiah
No worries - It was my faultFor some reason I thought I put that in the first post, but like an idiot I didn't. Assuming the Ultimate Cleaner pop ups were a scam I ignored them, but I couldn't take the constant pop ups and bit on the Secure PC Cleaner one. Ran the scan, it obviously fixed nothing and I knew I was screwed. I'll try and get the rest of your requests done by tomorrow morning. Sorry for my ineptitudeI read the post, but never made the connection . . . I'm slipping in my old age.
Anyhoo, see if you are able to uninstall Ultimate Cleaner via Add/Remove Programs. We'd like to remove that one cleanly, if possible, rather than ripping it out with brute force.
My first instinct with this was Vundo - looks similar to what we have seen from the Vundo family of trojans in the past. Heck, it may well be Vundo - I've been away from malware for a while and I'm not on top of it like I used to be....
Judy is much more up to date on the baddies than I these days.
-- Let us know if you have any problems with the removal.
Cheers
PP
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
