Free Malware Removal Forum

by **minority** » June 10th, 2007, 11:20 pm

Hi Navigator,
My roommate really had no idea what had been done to his computer. I just moved in in May and have no idea who were helping him to set up what he needed for his computer needs. Regarding AOL, I don't know whether he can remember or know whether it was uninstalled or not unless we can find the person who uninstall it for him if it was uninstalled.

He already gave me permission to do whatever is best to get the problem fixed. So, we can just go ahead and fix what can be fixed to the best of our knowledge. Since you said the computer is now clean without sign of infection, we can take it easy to get the computer tuned up to good working level. If you need times to get further opinion, by all means take your time to do that. There is no hurry since I know what's going on and therefore am not bothered by the dialog message that comes up during reboot.

ThanKs so much for helping this far and I'll await your next instruction.

by **Navigator** » June 11th, 2007, 7:51 pm

minority wrote:Hi Navigator,
My roommate really had no idea what had been done to his computer. I just moved in in May and have no idea who were helping him to set up what he needed for his computer needs. Regarding AOL, I don't know whether he can remember or know whether it was uninstalled or not unless we can find the person who uninstall it for him if it was uninstalled.

He already gave me permission to do whatever is best to get the problem fixed. So, we can just go ahead and fix what can be fixed to the best of our knowledge. Since you said the computer is now clean without sign of infection, we can take it easy to get the computer tuned up to good working level. If you need times to get further opinion, by all means take your time to do that. There is no hurry since I know what's going on and therefore am not bothered by the dialog message that comes up during reboot.

ThanKs so much for helping this far and I'll await your next instruction.

No problem...glad to help!

I'm asking for some more input and will be back shortly.

by **minority** » June 11th, 2007, 8:46 pm

Navigator wrote:
minority wrote:Hi Navigator,
My roommate really had no idea what had been done to his computer. I just moved in in May and have no idea who were helping him to set up what he needed for his computer needs. Regarding AOL, I don't know whether he can remember or know whether it was uninstalled or not unless we can find the person who uninstall it for him if it was uninstalled.

He already gave me permission to do whatever is best to get the problem fixed. So, we can just go ahead and fix what can be fixed to the best of our knowledge. Since you said the computer is now clean without sign of infection, we can take it easy to get the computer tuned up to good working level. If you need times to get further opinion, by all means take your time to do that. There is no hurry since I know what's going on and therefore am not bothered by the dialog message that comes up during reboot.

ThanKs so much for helping this far and I'll await your next instruction.

No problem...glad to help!

I'm asking for some more input and will be back shortly.

No hurry. Thanks again!

by **Navigator** » June 13th, 2007, 9:29 am

OK, let's do this....

Before we go through the system 'fixing' and deleting to try to get the error messages to go away, I want you to do this first.

The error message you are getting indicates that some Cox application is missing files...we removed Cox Internet Security Suite earlier, but there must be other components of the security suite from Cox that are related and went uninstalled. I did a lot of 'googling' over the error message and the leftover security lines in your log to try and find the programs they are associated with, as it is not clear from the uninstall list names...but, for example, I now believe that the ESP entry in the HJT Uninstall list is a security program from Authentium that they distribute via certain ISP's...and as I stated before, there is an O23 line leftover in the HJT log for Authentium. It was probably installed by Cox with their security suite.

I hope I'm not confusing you, but what I'm trying to say is this: While I'm trying to figure out what components were installed by the Cox Security software, there should be someone who knows what was installed and how to uninstall it...and that is the Cox support people. IMO it is usually better to do a 'clean' uninstall if possible rather than doing it 'manually'. So, before we go that route, try and go to the appropriate support room at http://www.cox.com/support/ and see if they can assist you with removing all of their security program parts/programs.

I'm not going anywhere, and this thread will stay open...visit with the Cox support through their forums first and see if they can help remove all of the components (or at least list them for you to remove) and then come back and let me know if they could help and then we can go from there.

OK?

by **minority** » June 13th, 2007, 1:19 pm

Here is what I've found in on the Cox website:

http://cox.assistusers.com/

Question: How do I cleanly uninstall the Cox Security Suite ?

Answer: Note: Prior to taking additional steps, first attempt to uninstall the Cox Security Suite via Add/Remove Programs. Step-by-step instructions are provided in the "Uninstalling the Cox Security Suite " knowledgebase article. If Add/Remove Programs does not work, proceed to the following steps.
-------------------------------------
Resolution

Step 1. Open the Task Manager by pressing Ctrl+Alt+Del

Step 2. Click on the Processes Tab

Step 3. Look for the following processes and end them (Depending on the state of the software, not all items will be found)

Dvpapi
Syssvcnt.exe
Console.exe
Step 4. Make sure Windows installer Clean up is installed

Step 5. In the Windows installer clean up, look for and remove the following (Depending on the state of the software, not all items will be found)

Anti-Spyware ( Pest Patrol ) [3.0.0]
Anti-Virus ( Command Software ) [3.0.0]
Authentium [4.93.0]
Cox ( CVUS ) [3.0.0]
ESP [3.0.0]
Firewall ( Core ) [3.0.0]
Firewall ( user) [3.0.0]
Popup Blocker [3.0.0]
Third Party Prerequisites [3.0.0]
Web Filtering (Base) [3.0.0]
Web Filtering (Base2) [3.0.0]
Web Filtering ( RuleSpace ) [3.0.0]
Web Filtering ( Rulespace (Kids page) ) [3.0.0]

Step 6. Remove the following folders (The following assumes c:\* is the main drive):

C:\program files\ Cox
C:\program files\Common Files\Authentium Shared\*.msi
*make sure all files are deleted within the Authentium Shared folder, you may not be able to delete all folders within the Authentium Shared folder*
C:\program files\Common Files\ Command Software
C:\program files\Common Files\ Pest Patrol
C:\program files\Common Files\ RuleSpace
C:\Documents and Settings\All Users\Application Data\Authentium

Note: Some folders may be hidden. To view hidden files and folders:

A) Click on Tools\Folder Options...

B) Select Show hidden files and folders

C) Click OK

Step 7.Clear all temporary files:

Start>Run>%temp%

Start>Control Panel>Internet options>Delete Files

Step 8. DO NOT REBOOT - Go to the web and reinstall the Cox Security Suite

-end
---------------------------------------------------------------------------
Should I go ahead and perform the above instructions? Please let me know.

by **Navigator** » June 13th, 2007, 4:13 pm

minority wrote:Should I go ahead and perform the above instructions? Please let me know.

I would...I believe this is just what we need as it lists all the subprograms of Cox Security Suite. If the instructions are clear enough for you (you sound pretty computer knowledgeable), give it a go and then post another HJT log when you are complete here along with a report of any error messages you are still receiving (if any). Looking at the instructions this may resolve your error issue.

I would however NOT do step 8 (re-install the software) unless you want to go back to the Cox Security programs...in which case you will need to uninstall AVG and ZA (they will both uninstall much easier/cleaner than Cox if you are wondering). Since you already have AVG and ZA installed and operational, you can just reboot after step 7.

Let me know how it goes!

by **minority** » June 13th, 2007, 6:16 pm

One quick question: Do I have to download Windows installer Clean up somewhere?

by **minority** » June 13th, 2007, 8:42 pm

Hi Navigator, I found the Windows installer Clean up utility at MS website. I'll just go ahead and use it as instructed.

by **Navigator** » June 13th, 2007, 9:28 pm

great...let me know how it goes!

by **minority** » June 14th, 2007, 12:19 am

Step 1. Open the Task Manager by pressing Ctrl+Alt+Del

Step 2. Click on the Processes Tab

Step 3. Look for the following processes and end them (Depending on the state of the software, not all items will be found)

Dvpapi
Syssvcnt.exe
Console.exe

Located Dvpapi and ended process. Couldn't find Syssvcnt.exe and Console.exe

Step 4. Make sure Windows installer Clean up is installed

Step 5. In the Windows installer clean up, look for and remove the following (Depending on the state of the software, not all items will be found)

Anti-Spyware ( Pest Patrol ) [3.0.0]
Anti-Virus ( Command Software ) [3.0.0]
Authentium [4.93.0]
Cox ( CVUS ) [3.0.0]
ESP [3.0.0]
Firewall ( Core ) [3.0.0]
Firewall ( user) [3.0.0] <---unable to locate this
Popup Blocker [3.0.0] <---unable to locate this
Third Party Prerequisites [3.0.0]
Web Filtering (Base) [3.0.0]
Web Filtering (Base2) [3.0.0] <--- unable to locate this
Web Filtering ( RuleSpace ) [3.0.0]
Web Filtering ( Rulespace (Kids page) ) [3.0.0]

The following located and removed:
Anti-Spyware ( Pest Patrol ) [3.0.0]
Anti-Virus ( Command Software ) [3.0.0]
Authentium [4.93.0]
Cox ( CVUS ) [3.0.0]
ESP [3.0.0]
Firewall ( Core ) [3.0.0]
Third Party Prerequisites [3.0.0]
Web Filtering (Base) [3.0.0]
Web Filtering ( RuleSpace ) [3.0.0]
Web Filtering ( Rulespace (Kids page) ) [3.0.0]

The following could not be located:
Firewall ( user) [3.0.0]
Popup Blocker [3.0.0]
Web Filtering (Base2) [3.0.0]

The following not listed above but found and was removed:
Web Filtering (RuleSpace Anti-Phishing)

Step 6. Remove the following folders (The following assumes c:\* is the main drive):

C:\program files\ Cox <--- unable to delete this one
C:\program files\Common Files\Authentium Shared\*.msi
*make sure all files are deleted within the Authentium Shared folder, you may not be able to delete all folders within the Authentium Shared folder*
C:\program files\Common Files\ Command Software
C:\program files\Common Files\ Pest Patrol
C:\program files\Common Files\ RuleSpace
C:\Documents and Settings\All Users\Application Data\Authentium

The above files and folders were found and deleted except C:\program files\ Cox. Attempts to delete the file and folder gave the following message:
"Cannot delete core01.dll: It is being used by another person or pprogram. Close any programs that might be using the file and try again".

Step 7.Clear all temporary files:

Start>Run>%temp%

Start>Control Panel>Internet options>Delete Files

When the operation Start>Run>%temp% was performed, it open to Temp Window with the follwing content:
1. Google Toolbatr Folder (contained no file)
2. hpodvd09.log 114 kb
3. IndHide5.dll 6.3.2.116 IAdHide
Number 1 was deleted. Numbers 2 and 3 couldn't be deleted. It said the file was being used, etc.

Step 8. DO NOT REBOOT - Go to the web and reinstall the Cox Security Suite

I skipped this step per your instruction. Upon reboot I received the same message that said, "Security Product could not start on your machine. Technical details of failure have been saved in the startup log file. Please contact your support representative for further help" followed by "Security Application was unable to start. Do you want to repair the installation". Again, I clicked "NO".

Here's the startup log file for this event:
System.log
[070613 21:00:40][69484] System log created
[070613 21:00:41][70109] Disabling AV option due to incompatible product found: ZoneAlarm or E-Trust Antivirus
[070613 21:00:41][70265] Disabling FW option due to incompatible product found: ZoneAlarm or E-Trust Firewall

Systemext.log
Error 2007-06-13 21:00:40 C:\Program Files\Cox\Applications\app\Console.exe None -2147221486 Compaq_Owner GEORGE
Error in common.Registry.OpenKey: The requested registry object "SOFTWARE\Authentium\Curtains\v1.5" does not exist.

by **Navigator** » June 14th, 2007, 12:41 am

OK..

Post another HJT log to let me see what it contains...

by **minority** » June 14th, 2007, 9:30 am

Sorry about that, Navigator. Here's the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:18:17 AM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - C:\Program Files\Cox\Applications\App\PopupBHO01.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Cox\Applications\App\PopupBHO01.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] C:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1138476297\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1138476297\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/act ... ontrol.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/eng/marbles_2_0_0_23.cab
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool

- http://67.15.101.3/g_bin/eng/billard8_2_0_0_24.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

by **Navigator** » June 14th, 2007, 12:49 pm

OK...that's interesting. Some of the programs you stated were located and removed per COx's instructions are still showing in HJT; perhaps it's the Spybot program' Tea Timer blocking the changes...let's turn it off for now and proceed as follows:

1. Run Spybot-S&D

Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts
Restart your computer.

reference page here: http://www.russelltexas.com/malware/teatimer.htm

2. Go to Start | Run and type this in the box: services.msc

Locate this service, 'dvpapi' ,then right click on it and select properties.
Under Service Status: select Stop
In the drop down box labeled, Startup Type: select Disabled

3. Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Cox\Applications\App\PopupBHO01.dll
O4 - HKLM\..\Run: [ESP] C:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1138476297\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1138476297\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - <res://C:>\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - <http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU>
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

Now close all windows other than HiJackThis, then click Fix Checked.

4. Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5. Please delete these folders using Windows Explorer (if present):

Click Start>>All Programs>>Accessories>>Windows Explorer
Navigate to the listed folders, then right-click to select them and click delete

C:\Program Files\Cox
C:\Program Files\Common Files\AOL
C:\Program Files\AOL Computer Check-Up
C:\Program Files\mcafee.com
C:\Program Files\Common Files\Command Software

6. After that, Reboot.

7. Please post back with a new HJT log and let me know if there are any problems...

by **minority** » June 15th, 2007, 12:56 am

Navigator wrote:OK...that's interesting. Some of the programs you stated were located and removed per COx's instructions are still showing in HJT; perhaps it's the Spybot program' Tea Timer blocking the changes...let's turn it off for now and proceed as follows:

1. Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts
Restart your computer.
reference page here: http://www.russelltexas.com/malware/teatimer.htm

I performed the above operation, but the "Resident TeaTimer" was already unchecked.

Navigator wrote:2. Go to Start | Run and type this in the box: services.msc
Locate this service, 'dvpapi' ,then right click on it and select properties.
Under Service Status: select Stop
In the drop down box labeled, Startup Type: select Disabled

Done.

Navigator wrote:3. Please re-open HiJackThis and choose scan only. Check the boxes next to all the entries listed below.

O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Cox\Applications\App\PopupBHO01.dll
O4 - HKLM\..\Run: [ESP] C:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1138476297\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1138476297\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - <res://C:>\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - <http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU>
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe <--- unable to find this.

Now close all windows other than HiJackThis, then click Fix Checked.

The above HJT entries fixed except O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe . Reason: not found.

Navigator wrote:4. Reboot into safe mode by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5. Please delete these folders using Windows Explorer (if present):
Click Start>>All Programs>>Accessories>>Windows Explorer
Navigate to the listed folders, then right-click to select them and click delete

C:\Program Files\Cox
C:\Program Files\Common Files\AOL
C:\Program Files\AOL Computer Check-Up <--- not found.
C:\Program Files\mcafee.com
C:\Program Files\Common Files\Command Software

6. After that, Reboot.

The above performed and folders/files removed except C:\Program Files\AOL Computer Check-Up. Reason: folder not found. But instead I found C:\Program files\America Online 9.0a which I deleted.

I also found the following folders:
C:\Program files\Netscape <--- I had removed this program via Add/Remove prior to posting for help in this forum.
C:\Program files\Symantec\LiveUpdate
C:\Program files\Common files\AOL\ <--which contains the following files:

C:\Program files\Common files\aolback <--- contains 7 files.
Should I delete the above folders/files also?

by **minority** » June 15th, 2007, 12:59 am

After fixing the HJT entries and folders/files according to you instruction, I did not received any more message upon reboot. Here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:41 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - C:\Program Files\Cox\Applications\App\PopupBHO01.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/act ... ontrol.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/eng/marbles_2_0_0_23.cab
O16 - DPF: {B030900C-746A-47BF-8B1D-EA3FB3395563} (CoxFastConnect20 Control) - https://fastconnect.cox.net/cd20/CoxFastConnect20.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool

- http://67.15.101.3/g_bin/eng/billard8_2_0_0_24.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Free Malware Removal Forum

Trojans and browser hijack problems

Who is online