Doginitspen & skitodayplease is making me crazy!

MommyMidnight · Feb 22, 2008

Please help me get rid of doginitspen & skitodayplease. I can't take it anymore! I've followed some of the threads but I can't figure out which files to paste into AWF. Any help would be appreciated.

Here is my awf file:

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\DELLSU~1\BAK

08/28/2006 10:57 PM 395,776 DSAgnt.exe
1 File(s) 395,776 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

11/15/2007 01:11 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/01/2005 07:05 AM 94,208 ezprint.exe
07/21/2005 01:07 AM 200,704 lxcgmon.exe
2 File(s) 294,912 bytes

Directory of C:\PROGRA~1\LEXMAR~2\BAK

07/12/2005 08:36 AM 299,008 fm3032.exe
1 File(s) 299,008 bytes

Directory of C:\PROGRA~1\NETWAI~1\BAK

09/10/2003 03:24 AM 20,480 netWaiting.exe
1 File(s) 20,480 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 03:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 06:00 AM 15,360 ctfmon.exe
12/14/2005 12:41 AM 77,824 hkcmd.exe
12/14/2005 12:45 AM 118,784 igfxpers.exe
12/14/2005 12:44 AM 98,304 igfxtray.exe
11/01/2006 07:48 PM 1,392,640 WLTRAY.exe
5 File(s) 1,702,912 bytes

Directory of C:\PROGRA~1\DELL\MEDIAD~1\BAK

05/02/2007 05:16 PM 184,320 PCMService.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

08/03/2006 07:51 PM 1,032,192 quickset.exe
1 File(s) 1,032,192 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

12/01/2006 09:13 PM 236,544 GoogleDesktop.exe
1 File(s) 236,544 bytes

Directory of C:\PROGRA~1\LIVE365\RADIO365\BAK

12/19/2006 05:55 PM 884,736 Radio365TrayAgent.exe
1 File(s) 884,736 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

03/08/2006 07:48 PM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\PROGRA~1\THEWEA~1\DESKTO~2\BAK

03/16/2007 06:51 AM 715,888 DesktopWeather.exe
1 File(s) 715,888 bytes

Directory of C:\PROGRA~1\TIVO\DESKTOP\BAK

07/11/2006 07:24 AM 341,504 TiVoNotify.exe
07/11/2006 07:26 AM 1,313,792 TiVoServer.exe
2 File(s) 1,655,296 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

03/27/2007 02:22 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\PROGRA~1\COMCAST\DESKTO~1\BIN\BAK

04/19/2007 02:21 PM 198,184 sprtcmd.exe
1 File(s) 198,184 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 05:50 PM 81,920 issch.exe
07/27/2004 05:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

06/02/2007 02:58 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Directory of C:\PROGRA~1\COMMON~1\TIVOSH~1\TRANSFER\BAK

07/11/2006 07:23 AM 1,174,528 TiVoTransfer.exe
1 File(s) 1,174,528 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

03/09/2007 10:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14864 Feb 5 2008 "C:\Program Files\Dell Support\DSAgnt.exe"
395776 Aug 28 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
14860 Feb 6 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Nov 15 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 4 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
116008 Nov 15 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14860 Feb 6 2008 "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
94208 Aug 1 2005 "C:\Program Files\Lexmark 2300 Series\bak\ezprint.exe"
14860 Feb 6 2008 "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
200704 Jul 21 2005 "C:\Program Files\Lexmark 2300 Series\bak\lxcgmon.exe"
14860 Feb 6 2008 "C:\Program Files\Lexmark Fax Solutions\fm3032.exe"
299008 Jul 12 2005 "C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
14864 Feb 5 2008 "C:\Program Files\NetWaiting\netWaiting.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\bak\netWaiting.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
14860 Feb 6 2008 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14860 Feb 6 2008 "C:\WINDOWS\system32\hkcmd.exe"
77824 Dec 14 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Dec 14 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
14860 Feb 6 2008 "C:\WINDOWS\system32\igfxpers.exe"
118784 Dec 14 2005 "C:\drivers\video\onboard\igfxpers.exe"
118784 Dec 14 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
14860 Feb 6 2008 "C:\WINDOWS\system32\igfxtray.exe"
98304 Dec 14 2005 "C:\drivers\video\onboard\igfxtray.exe"
98304 Dec 14 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
14860 Feb 6 2008 "C:\WINDOWS\system32\WLTRAY.exe"
1392640 Nov 1 2006 "C:\WINDOWS\system32\bak\WLTRAY.exe"
14860 Feb 6 2008 "C:\Program Files\Dell\MediaDirect\PCMService.exe"
184320 May 2 2007 "C:\Program Files\Dell\MediaDirect\bak\PCMService.exe"
14860 Feb 6 2008 "C:\Program Files\Dell\QuickSet\quickset.exe"
1032192 Aug 3 2006 "C:\Program Files\Dell\QuickSet\bak\quickset.exe"
69632 Sep 12 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
1145896 Jan 29 2007 "C:\Program Files\Rhapsody\google_bar\GoogleToolbarInstaller_en.exe"
26694 Oct 14 2007 "C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
1145896 Jun 2 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
236544 Dec 1 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
14860 Feb 6 2008 "C:\Program Files\Live365\Radio365\Radio365TrayAgent.exe"
884736 Dec 19 2006 "C:\Program Files\Live365\Radio365\bak\Radio365TrayAgent.exe"
14860 Feb 6 2008 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Mar 8 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
14860 Feb 6 2008 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
715888 Mar 16 2007 "C:\Program Files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe"
14860 Feb 6 2008 "C:\Program Files\TiVo\Desktop\TiVoNotify.exe"
341504 Jul 11 2006 "C:\Program Files\TiVo\Desktop\bak\TiVoNotify.exe"
14860 Feb 6 2008 "C:\Program Files\TiVo\Desktop\TiVoServer.exe"
1313792 Jul 11 2006 "C:\Program Files\TiVo\Desktop\bak\TiVoServer.exe"
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
14860 Feb 6 2008 "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe"
198184 Apr 19 2007 "C:\Program Files\Comcast\Desktop Doctor\bin\bak\sprtcmd.exe"
14860 Feb 6 2008 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
14860 Feb 6 2008 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
14860 Feb 6 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185896 Jun 2 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14860 Feb 6 2008 "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"
1174528 Jul 11 2006 "C:\Program Files\Common Files\TiVo Shared\Transfer\bak\TiVoTransfer.exe"
14860 Feb 6 2008 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"

Thank you SO much!!!!

Blind Dragon · Feb 22, 2008

Fix AWF Infection
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

"C:\Program Files\Dell Support\bak\DSAgnt.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Lexmark 2300 Series\bak\ezprint.exe"
"C:\Program Files\Lexmark 2300 Series\bak\lxcgmon.exe"
"C:\Program Files\Lexmark Fax Solutions\bak\fm3032.exe"
"C:\Program Files\NetWaiting\bak\netWaiting.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\WINDOWS\system32\bak\WLTRAY.exe"
"C:\Program Files\Dell\MediaDirect\bak\PCMService.exe"
"C:\Program Files\Dell\QuickSet\bak\quickset.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Live365\Radio365\bak\Radio365TrayAgent.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe"
"C:\Program Files\TiVo\Desktop\bak\TiVoNotify.exe"
"C:\Program Files\TiVo\Desktop\bak\TiVoServer.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
"C:\Program Files\Comcast\Desktop Doctor\bin\bak\sprtcmd.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\TiVo Shared\Transfer\bak\TiVoTransfer.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
Press 2 then Enter
Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
The program will proceed to move the legit files and will perform another scan for bak folders.
It may take a few minutes to complete, so please be patient.
When it is complete, it will open a text file in Notepad called AWF.txt.
Please attach AWF.txt file in your next reply along with a fresh HJT log

Fix AWF Folders
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\PROGRA~1\DELLSU~1\BAK
C:\PROGRA~1\ITUNES\BAK
C:\PROGRA~1\LEXMAR~1\BAK
C:\PROGRA~1\LEXMAR~2\BAK
C:\PROGRA~1\NETWAI~1\BAK
C:\WINDOWS\EHOME\BAK
C:\WINDOWS\SYSTEM32\BAK
C:\PROGRA~1\DELL\MEDIAD~1\BAK
C:\PROGRA~1\DELL\QUICKSET\BAK
C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
C:\PROGRA~1\LIVE365\RADIO365\BAK
C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
C:\PROGRA~1\THEWEA~1\DESKTO~2\BAK
C:\PROGRA~1\TIVO\DESKTOP\BAK
C:\PROGRA~1\YAHOO!\MESSEN~1\BAK
C:\PROGRA~1\COMCAST\DESKTO~1\BIN\BAK
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
C:\PROGRA~1\COMMON~1\TIVOSH~1\TRANSFER\BAK
C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Press 3, then press Enter.
Press any key to continue.
A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
The program will proceed to remove the bad folders and will perform another scan for .bak folder
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in notepad called AWF.txt.
Please attach the AWF.txt file in your next reply.

Run Fix AWF one more time and press 4, then press Enter.

MommyMidnight · Feb 23, 2008

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

Here is the last log:

The current date is: Sat 02/23/2008
The current time is: 0:15:15.31

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

I really appreciate your help.

Blind Dragon · Feb 23, 2008

Please uninstall FindAWF

and

Highjackthis Instructions

Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
After installing, the program launches automatically, select Scan now and save a log
After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
***Under no circumstances should you add any items to the HJT ignore list. Under no circumstances should you change the directory that highjackthis downloads to. Under no circumstances should you Fix anything without specific instruction to do so. Under no circumstances should you click any buttons other that specified in the directions including AnalyzeThis!***

MommyMidnight · Feb 23, 2008

It won't let me use the paper clip - it says "error on page"
Here is the log - sorry I had to cut and paste:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:08 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Plaxo\3.8.0.64\PlaxoHelper_en.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

MommyMidnight · Feb 23, 2008

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?.src=fp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061201
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.0.64\PlaxoHelper_en.exe -a
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

MommyMidnight · Feb 23, 2008

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lisa\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://game1.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12963 bytes

Doginitspen & skitodayplease is making me crazy!

MommyMidnight

Posts: 6 +0

Blind Dragon

Posts: 3,774 +4

MommyMidnight

Posts: 6 +0

Blind Dragon

Posts: 3,774 +4

MommyMidnight

Posts: 6 +0

MommyMidnight

Posts: 6 +0

MommyMidnight

Posts: 6 +0

Similar threads

Latest posts