Log Assistance - 8:30pm EST, 9/1/07

[DrWebs]

Unable to remove HKCU (O4) and SSODL (O21) files. I am constantly being hit with popups for Ultimate Cleaner, Ultimate Defender, and Secure PC Cleaner. I printed the screen and pasted it into Photoshop so you can better see what messages I am getting. The photos, along with the log will be attached. This is all on a 1 year old Dell notebook computer, and I was hoping my problem could be resolved without having to do a complete system wipe and losing everything. I have gone over the guide for what to do prior to posting, but am not all that knowledgeable when trying to fix computers. I appreciate your time.

---

You can reference this log by going to: http://hjt.networktechs.com/parse.php?log=373162Logfile of Trend Micro

-DRWebs

[DrWebs]

Didn't include this...

---

Scanning and Cleaning Complete

HouseCall did not find any potential threats on your computer. Make sure you run HouseCall once a week to keep your PC clean and malware free.

-DRWebs

[jholland1964]

Hello DrWebs
Thanks for those prints of your various pop ups and such. That does help a lot. Wish more folks would do that along with posting their logs.
Please follow all those steps given in the Read Me Sticky
Do them in the order given. Do not, I repeat, DO NOT use the analyzer on the forum to attempt repairs. It is woefully out of date and shows many false positives.
Follow the steps given in the sticky. Do at least two more of the online scans, each online scan really looks for something a bit different so that is why we ask you do at least two but since HouseCall showed clean and we know there IS something there then do two others, with Kaspersky as one of them. It will NOT repair anything but will give us a list of infections needing repair. If the other scan you choose offers repair, allow it to do so. Be sure to do the AVG-Anti spy scan and allow it to repair also.
Save all logs.
Then do a full reboot of the computer and run a new hjt scan and save the log and post it here with the others. I really doubt a full wipe of the computer will be necessary, that is Always the last resort here.

[DrWebs]

If you cannot use either AVG Anti-Spyware v7.5 or Microsoft® Windows Defender, please download and install SpyBot - Search & Destroy

I already have Spybot Search and Destroy on my notebook so I just ran that instead of downloading another file (AVG Anti-Spy). Should I just use that instead? I will run the Kapersky and another one later, I was under the impression it was just running one of those online scans from the list. I will give you the results later tonight/early tomorrow morning. Thanks for the help

-DRWebs

[jholland1964]

Please try the AVG anti spy as it will remove trojans.

[PhilliePhan]

I already have Spybot Search and Destroy on my notebook so I just ran that instead of downloading another file (AVG Anti-Spy). Should I just use that instead? I will run the Kapersky and another one later, I was under the impression it was just running one of those online scans from the list.

I'm not sure if AVG will get this one yet, but definitely worth a shot!

-- It looks like you are keeping some things from running via msconfig. Judy will probably want to know what those are.


-- Also looks like you installed a bogus codec and that is what is showing in your HJT and causing the problems.

http://research.sunbelt-software.com...hreatid=149335

O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll

O21 - SSODL: wmpdev - {0ADBCBB0-6816-4B76-BFC2-782D9814C633} - C:\WINDOWS\wmpdev.dll
O21 - SSODL: wmphost - {11FB4783-C8C2-4D03-9BC8-79A67403D27D} - C:\WINDOWS\wmphost.dll


-- I do not know what this is ---> O4 - HKLM\..\Run: [gdccw] "C:\PROGRA~1\COMMON~1\SECURE~1\GDCcw.exe" -start
If you recognize it, please let Judy know.


Best Luck
PP

** Hi Judy - Didn't see you there
My condolences for the Notre Dame thrashing......

[jholland1964]

Hi Judy - Didn't see you there
My condolences for the Notre Dame thrashing......

No kidding! My Uncle, a ND Class of 1947 Alum said the first quarter alone was the worst he had ever seen!
DrWeb, do please tell me what those disabled items as as PP said, we need to know what those are.

[DrWebs]

Sorry been doing stuff these past two days, and these online scans take a while to complete. Here's the Panda and Kapersky scan logs I believe and the AVG Anti Scan report (see attachment). Still need to reboot and redo the HJK scan

Edit:

-- It looks like you are keeping some things from running via msconfig. Judy will probably want to know what those are.

-- Also looks like you installed a bogus codec and that is what is showing in your HJT and causing the problems.

To be perfectly honest, I have no idea what those two statements mean, and what kind of answer you would be looking for

-DD

[jholland1964]

It looks like you are keeping some things from running via msconfig

Some items which were set to run at start up have been disabled by going to Start, Run and typing msconfig.
System Configuration opens and then some items in the start tab have had the checkmarks removed from them so that they don't start up...we need to know what those items are.

Also looks like you installed a bogus codec and that is what is showing in your HJT and causing the problems.

This is a Trojan downloader on your computer. This probably came onto the computer without your knowledge. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.
All three items noted by PP in his post were also noted in the Kaspersky scan as Trojans.
May I ask, did you run the AVG Anti-spy program in Safe Mode?

[DrWebs]

After the safe mode boot, I guess the startup goes to selective mode. I noticed this eventually and set it back to normal mode. I put a picture with this post if it may help, because you did mention checked items. Re-did the AVG scan in safe mode, that's included. Finally after the reboot, re-did the HJK scan. Hopefully that's finally everything and in order. Appreciate the hands on help. Btw, go Phils

-DD