Log Assistance - 8:30pm EST, 9/1/07

[DrWebs]

-- In addition to what Judy requested, you can probably go ahead and do the following:
Scan with HijackThis and Check the Boxes for the following, if they remain:

O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll

O21 - SSODL: wmpdev - {0ADBCBB0-6816-4B76-BFC2-782D9814C633} - C:\WINDOWS\wmpdev.dll
O21 - SSODL: wmphost - {11FB4783-C8C2-4D03-9BC8-79A67403D27D} - C:\WINDOWS\wmphost.dll

Make sure All Browser Windows are Closed and then Click FIX.

THEN:
Please Boot to Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\mxduo.dll
C:\WINDOWS\wmpdev.dll
C:\WINDOWS\wmphost.dll

This may be a stupid question, but how do I navigate to the bottom three files you posted? Just find them through My Computer and then delete them that way?

Good news, the report was saved but don't know why it didn't show up at first. For some reason I can view it in Safe Mode, but not here. I just went ahead and saved it again. As for removing the Secure Cleaner, I guess I did it already. Not sure if anything else looks fishy. Everything new is attached as usual.

-DRWebs

[jholland1964]

This may be a stupid question, but how do I navigate to the bottom three files you posted? Just find them through My Computer and then delete them that way?

No question is stupid.
Hate to tell you, but according to your AVG scan "No action taken" shows on everything and the nasties we want to get rid of are not showing at all
I think it is time, after you run the VundoFix as instructed, save the log of course and post it here.
But AFTER that, I think we are going to have to try to apply some of that" ripping it out with brute force" that PP mentioned.

Please print out these instructions so that you will have them to refer to....

I want you to download Pocket Killbox
When you start the down load you will get a box with the choices Open, Save, or Cancel. Choose SAVE.
I suggest you go with saving this to the desktop, so click the 'desktop button on the left of the next window, leave the filename as default and click the SAVE button.

That will leave a icon on your desktop - double click that icon (Killbox.zip)

A new window will open, choose the 'Extract all files' button on the left.

This will start the Extraction Wizard in Windows XP.

Select a place for it to extract to - or use the default which is the same folder the zip file is in (The desktop) with a folder name the same as the zip's file name (Killbox).

Then click Next.

With winXP it will tell you when fully extracted with a window which says Extraction Complete

Leave the check mark in 'Show extracted files' it will open a window of the folder just created next. Then click finished.

Once the files are extracted you will see the killbox.exe icon which is a Red Circle with a White X in the middle.

You can now double click the 'killbox.exe' icon to start the program.

If your security setting are set correctly a window will pop up to warn of this programs start - for you to agree or not.

UNCHECK the 'Always ask before opening this file' and click Run to allow it to start (and not give this security warning in future.)


Now you are going to use the Delete on reboot kill and you are going to delete multiple files. Follow these instructions;

You are going to request the files be deleted on the next reboot so please put a dot in the Delete on Reboot position. Which is the second choice down.

In the window where it says Full Path of File to Delete type or copy the following and be sure you do it exactly;

C:\PROGRAM FILES\COMMON FILES\SECUREPCCLEANER\GDCcw.exe

It will provide a window for your to confirm the delete. Click Yes.
Next it will ask if you now wish to reboot, Since you have more files to delete at the same time say NO -

Now continue with the next files one at a time. Each time you will follow the procedure above. Here are the rest of the files you must enter in the box, exactly as written here;

C:\WINDOWS\mxduo.dll

C:\WINDOWS\wmpdev.dll

C:\WINDOWS\wmphost.dll

Once you have entered that last file name, there should be four total, after you have entered the last one say YES and let the system reboot and delete the files.

Once you have run Killbox and the system has rebooted I want you to run a new Kaspersky scan and save the log. Then run a new HJT scan and save the log.

Post back here with the VundoFix log, the new Kaspersky log and the new HJT log.