Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help with b.skitoday,adoginhispen,and 88.80.7.66 thing [RESOLVED]

Started by jslasher88 , Feb 16 2008 04:36 PM

This topic is locked

#16
Tigger93

Posted 16 February 2008 - 07:02 PM

Trusted Helper

Retired Staff
1,870 posts

It's safe and fine to use under Expert's guidance.

Edited by Tigger93, 16 February 2008 - 07:02 PM.

#17
jslasher88

Posted 16 February 2008 - 07:18 PM

Member

Topic Starter
Member
18 posts

Ok well I ran it...it definitely disconnected me from the internet and screwed up my clock settings. I rebooted (should I have had to do that?) and found my log in the C: drive

ComboFix 08-02-17.2 - CHARLTONJF1 2008-02-16 20:07:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.426 [GMT -5:00]
Running from: C:\Documents and Settings\charltonjf1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 19:19 . 2008-02-16 19:19 <DIR> d-------- C:\Deckard
2008-02-16 18:19 . 2008-02-16 18:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-30 19:37 . 2008-01-30 19:37 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-26 11:48 . 2008-01-26 11:48 <DIR> d-------- C:\Documents and Settings\charltonjf1\Application Data\Move Networks
2008-01-24 00:24 . 2008-01-24 00:24 <DIR> d-------- C:\Documents and Settings\charltonjf1\Application Data\Viewpoint
2008-01-23 18:12 . 2008-01-23 18:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-22 13:34 . 2008-01-22 13:34 <DIR> d-------- C:\WINDOWS\SchCache
2008-01-21 23:19 . 2008-01-22 11:45 <DIR> d-------- C:\Program Files\Viewpoint
2008-01-21 23:19 . 2008-01-21 23:19 <DIR> d-------- C:\Program Files\AOD
2008-01-21 23:19 . 2008-01-24 22:05 <DIR> d-------- C:\Program Files\AIM
2008-01-21 23:19 . 2008-01-21 23:19 <DIR> d-------- C:\Documents and Settings\charltonjf1\Application Data\Aim
2008-01-21 23:19 . 2008-01-21 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-21 17:32 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-21 17:32 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-21 17:15 . 2007-09-19 07:39 <DIR> d--hs---- C:\Documents and Settings\charltonjf1\UserData
2008-01-21 17:15 . 2007-10-19 13:38 <DIR> d-------- C:\Documents and Settings\charltonjf1\Application Data\InstallShield
2008-01-21 17:15 . 2007-09-19 07:33 <DIR> d-------- C:\Documents and Settings\charltonjf1\Application Data\Infineon
2008-01-17 08:58 . 2008-01-17 08:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-01-17 08:30 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-17 08:30 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-17 08:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-17 08:29 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 17:58 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
2008-02-11 17:57 41,584 ----a-w C:\WINDOWS\system32\rpcnet.dll
2008-02-11 17:57 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
2008-02-11 15:46 --------- d-----w C:\Program Files\Windows Defender
2008-01-31 00:42 14,348 ----a-w C:\WINDOWS\system32\igfxtray.exe
2008-01-31 00:42 14,348 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-31 00:42 14,348 ----a-w C:\WINDOWS\system32\hkcmd.exe
2008-01-30 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-16 22:34 268,435,456 --sha-w C:\WinPEpge.sys
2008-01-16 18:54 33,408 ----a-w C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-01-16 18:54 101,120 ----a-w C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2007-09-19 19:30 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2007-09-20 17:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007092020070921\index.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 40,048 2007-05-11 07:06:32 C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

----a-w 860,160 2004-09-23 16:41:54 C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

----a-w 1,388,544 2004-10-14 13:11:10 C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

----a-w 271,872 2005-04-26 03:10:24 C:\Program Files\Common Files\Microsoft Shared\Ink\bak\tabtip.exe
----a-w 271,872 2005-04-26 03:10:24 C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe

----a-w 49,152 2004-09-13 19:49:00 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

----a-w 86,016 2005-10-04 19:23:10 C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

----a-w 184,320 2005-03-09 18:54:18 C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

----a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

----a-w 31,016 2006-10-27 04:47:42 C:\Program Files\Microsoft Office\Office12\bak\GrooveMonitor.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

----a-w 123,952 2004-07-28 14:35:26 C:\Program Files\ProtectTools\Embedded Security Software\bak\PSDrt.EXE
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.EXE

----a-w 167,936 2004-06-15 14:57:12 C:\Program Files\ProtectTools\Embedded Security Software\bak\SpTNA.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe

----a-w 1,015,808 2007-09-15 06:27:20 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

----a-w 102,400 2007-09-15 06:29:10 C:\Program Files\Synaptics\SynTP\bak\SynTPStart.exe
----a-w 14,348 2008-01-31 00:42:28 C:\Program Files\Synaptics\SynTP\SynTPStart.exe

----a-w 866,584 2006-11-03 22:20:12 C:\Program Files\Windows Defender\bak\MSASCui.exe
----a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\MSASCui.exe

----a-w 16,384 2004-08-04 12:00:00 C:\WINDOWS\Help\bak\SplshWrp.exe
----a-w 16,384 2004-08-04 12:00:00 C:\WINDOWS\Help\splshwrp.exe

----a-w 208,952 2004-08-04 12:00:00 C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-08-04 12:00:00 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 84,760 2007-06-19 20:26:00 C:\WINDOWS\system32\bak\hkcmd.exe
----a-w 14,348 2008-01-31 00:42:28 C:\WINDOWS\system32\hkcmd.exe

----a-w 125,720 2007-06-19 20:26:02 C:\WINDOWS\system32\bak\igfxpers.exe
----a-w 14,348 2008-01-31 00:42:28 C:\WINDOWS\system32\igfxpers.exe

----a-w 101,144 2007-06-19 20:26:02 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 14,348 2008-01-31 00:42:28 C:\WINDOWS\system32\igfxtray.exe

----a-w 455,168 2004-08-04 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-08-04 12:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 07:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 22:10 271872]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2008-01-30 19:42 14348]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2008-01-30 19:42 14348]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 13:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2008-01-30 19:42 14348]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-30 19:42 14348]
"IfxSecurePlatformIndication"="C:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe" [2008-01-30 19:42 14348]
"PSDruntime"="C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.EXE" [2008-01-30 19:42 14348]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2008-01-30 19:42 14348]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-30 19:42 14348]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-30 19:42 14348]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-30 19:42 14348]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-01-30 19:42 14348]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-30 19:42 14348]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-30 19:42 14348]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-01-30 19:42 14348]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2008-01-30 19:42 14348]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 08:47 159744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]

C:\Documents and Settings\charltonjf1\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-08-10 04:52:18 245760]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-18 15:46:43 14348]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52 53248]
map grover 2009.lnk - C:\Documents and Settings\All Users\MapGroverUtililty\Grover.exe [2007-09-19 14:21:42 32768]
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 18:04:10 117568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2004-06-15 09:44 360448 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 07:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSDNtfy]
C:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll 2004-07-28 09:35 24624 C:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 02:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2006-11-01 09:18 32256 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2004-07-28 09:35]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-01-16 13:54]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-01-16 13:54]
R2 FwcAgent;Firewall Client Agent;"C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe" [2006-12-09 18:04]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 14:49]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 10:58]
R3 wisdpen;Wacom Penabled MiniDriver;C:\WINDOWS\system32\DRIVERS\wisdpen.sys [2007-01-22 13:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d42723c2-65f5-11dc-87f4-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 20:10:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 20:09:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"C:\Program Files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
Completion time: 2008-02-16 20:09:56
.
2008-02-08 15:12:55 --- E O F ---

#18
jslasher88

Posted 16 February 2008 - 07:28 PM

Member

Topic Starter
Member
18 posts

Wow I really have noticed alot of my settings being changed since running ComboFix. I don't my computer acting too differently!...

Crap all my emails and everything got changed to military time when my clcok got switched. How do I permanently switch it back????

Edited by jslasher88, 16 February 2008 - 07:41 PM.

#19
Tigger93

Posted 16 February 2008 - 07:59 PM

Trusted Helper

Retired Staff
1,870 posts

The time setting was temporary; only when it runs. Did you stop Combofix before it stopped?

#20
jslasher88

Posted 16 February 2008 - 08:07 PM

Member

Topic Starter
Member
18 posts

The only thing I did was close the internet bar for this site while it was running, then it seemed to still go okay.

But man...my computer is all acting weird now! EVERYTHING with Microsoft is in the military time...I can manually fix it on the toolbar, but it reverts itself back after I put the computer in standy or whatever.

Also some of the icons to the links in my Favorites got changed. My desktop screensaver setting got changed. My emails are all in military time which drives me nuts! Please at least help me get it back to the way it was before I ran ComboFix...or I may need to have the whole thing reset by the school!

#21
Tigger93

Posted 16 February 2008 - 08:16 PM

Trusted Helper

Retired Staff
1,870 posts

Don't worry, we'll fix it.

First to fix the clock:

Go Start > Control Panel > Date, Time, Language, and Regional Options
Click Regional and Language Options then Customize
Click Customize Regional Options then Time
In the time format box choose this one: h:mm:ss tt

Let me know if that worked.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
"C:\Program Files\Common Files\Microsoft Shared\Ink\bak\tabtip.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
"C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\Program Files\Microsoft Office\Office12\bak\GrooveMonitor.exe"
"C:\Program Files\ProtectTools\Embedded Security Software\bak\PSDrt.EXE"
"C:\Program Files\ProtectTools\Embedded Security Software\bak\SpTNA.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPStart.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\Help\bak\SplshWrp.exe"
"C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.

1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 2, then press Enter.
Press any key to continue.
A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
The program will proceed to move the legit files and will perform another scan for .bak folder
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.

Edited by Tigger93, 16 February 2008 - 08:18 PM.

#22
jslasher88

Posted 16 February 2008 - 08:29 PM

Member

Topic Starter
Member
18 posts

Hi,

-Got the clock stuff fixed. Still having issues with the icons in my favorites for the internet. Oh and almost every time I pushed the Start menu, it was notifying me of "New Programs Installed" and highlighting HijackThis. This was driving me nuts so I uninstalled it from Add/Remove programs for the time being.

I don't have the FindAFW.exe thing either...

#23
Tigger93

Posted 16 February 2008 - 08:34 PM

Trusted Helper

Retired Staff
1,870 posts

Sorry about that, and about Combofix, it should have reset the time when it finished.

Download FindAWF.exe from here or here, and save it to your desktop.

As for the icons in your favorites, visiting those sites should reset them.

#24
jslasher88

Posted 16 February 2008 - 08:40 PM

Member

Topic Starter
Member
18 posts

Ugg, I am upset about the Combofix thing. It definitely didn't set things back the way they were.

And this is what's going on with the weird icons and my favorites. On this site, the symbol for www.abc.com is in front of it. On a video game site, the symbol for Yahoo is the one in front of it. Why is this happening?

#25
Tigger93

Posted 16 February 2008 - 08:44 PM

Trusted Helper

Retired Staff
1,870 posts

Again, the sites should reset themselves when if you visit the site. Could you try and run AWF now please?

Edited by Tigger93, 16 February 2008 - 09:24 PM.

#26
jslasher88

Posted 16 February 2008 - 09:47 PM

Member

Topic Starter
Member
18 posts

Well, I am just starting to wonder how far I want to go with this. I guess I could still get it reset if I really wanted, because I really have nothing on it. How much farther do we have to go to get to a solution?

Also, if I just ignored it, since it doesn't seem to be affecting my computer at all, how dangerous is it to just leave on there?

#27
Tigger93

Posted 16 February 2008 - 10:23 PM

Trusted Helper

Retired Staff
1,870 posts

It's a trojan, not something you want to keep on there.

Only a few steps are required to remove it.

Edited by Tigger93, 16 February 2008 - 10:24 PM.

#28
jslasher88

Posted 16 February 2008 - 10:29 PM

Member

Topic Starter
Member
18 posts

Okay, I guess I'll keep trying.

Here's the awf.txt file log as requested:

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2008-02-16
The current time is: 23:27:07.22

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\WIFD1F~1\BAK

2006-11-03 05:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\HELP\BAK

2004-08-04 07:00 AM 16,384 SplshWrp.exe
1 File(s) 16,384 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2004-08-04 07:00 AM 15,360 ctfmon.exe
2007-06-19 03:26 PM 84,760 hkcmd.exe
2007-06-19 03:26 PM 125,720 igfxpers.exe
2007-06-19 03:26 PM 101,144 igfxtray.exe
4 File(s) 326,984 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

2004-09-23 11:41 AM 860,160 Smax4.exe
2004-10-14 08:11 AM 1,388,544 SMax4PNP.exe
2 File(s) 2,248,704 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

2004-09-13 02:49 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HPQ\HPPROT~1\BAK

2005-10-04 02:23 PM 86,016 PTHOSTTR.EXE
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\INTERV~1\DVDCHE~1\BAK

2005-03-09 01:54 PM 184,320 DVDCheck.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\MICROS~3\OFFICE12\BAK

2006-10-26 11:47 PM 31,016 GrooveMonitor.exe
1 File(s) 31,016 bytes

Directory of C:\PROGRA~1\PROTEC~1\EMBEDD~1\BAK

2004-07-28 09:35 AM 123,952 PSDrt.EXE
2004-06-15 09:57 AM 167,936 SpTNA.exe
2 File(s) 291,888 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

2007-09-15 01:27 AM 1,015,808 SynTPEnh.exe
2007-09-15 01:29 AM 102,400 SynTPStart.exe
2 File(s) 1,118,208 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

2004-08-04 07:00 AM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

2007-05-11 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\INK\BAK

2005-04-25 10:10 PM 271,872 tabtip.exe
1 File(s) 271,872 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

2007-09-25 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

2004-08-04 07:00 AM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
16384 Aug 4 2004 "C:\WINDOWS\Help\SplshWrp.exe"
16384 Aug 4 2004 "C:\WINDOWS\Help\bak\SplshWrp.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
84760 Jun 19 2007 "C:\WINDOWS\system32\hkcmd.exe"
84760 Jun 19 2007 "C:\WINDOWS\system32\bak\hkcmd.exe"
125720 Jun 19 2007 "C:\WINDOWS\system32\igfxpers.exe"
125720 Jun 19 2007 "C:\WINDOWS\system32\bak\igfxpers.exe"
101144 Jun 19 2007 "C:\WINDOWS\system32\igfxtray.exe"
101144 Jun 19 2007 "C:\WINDOWS\system32\bak\igfxtray.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
86016 Oct 4 2005 "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE"
86016 Oct 4 2005 "C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
184320 Mar 9 2005 "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
184320 Mar 9 2005 "C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
65824 Oct 26 2006 "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
31016 Oct 26 2006 "C:\Program Files\Microsoft Office\Office12\bak\GrooveMonitor.exe"
123952 Jul 28 2004 "C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.EXE"
123952 Jul 28 2004 "C:\Program Files\ProtectTools\Embedded Security Software\bak\PSDrt.EXE"
167936 Jun 15 2004 "C:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe"
167936 Jun 15 2004 "C:\Program Files\ProtectTools\Embedded Security Software\bak\SpTNA.exe"
1015808 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
1015808 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761946 Mar 31 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
761946 Mar 31 2006 "C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\SynTPEnh.exe"
102400 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
102400 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPStart.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
271872 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB895953$\tabtip.exe"
271872 Apr 25 2005 "C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe"
271872 Apr 25 2005 "C:\Program Files\Common Files\Microsoft Shared\Ink\bak\tabtip.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"

end of report

#29
Tigger93

Posted 16 February 2008 - 10:53 PM

Trusted Helper

Retired Staff
1,870 posts

Looking good.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\Adobe\Reader 8.0\Reader\bak\
C:\Program Files\Analog Devices\SoundMAX\bak\
C:\Program Files\Common Files\Microsoft Shared\Ink\bak\
C:\Program Files\HP\HP Software Update\bak\
C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\
C:\Program Files\InterVideo\DVD Check\bak\
C:\Program Files\Java\jre1.6.0_03\bin\bak\
C:\Program Files\Microsoft Office\Office12\bak\
C:\Program Files\ProtectTools\Embedded Security Software\bak\
C:\Program Files\Synaptics\SynTP\bak\
C:\Program Files\Windows Defender\bak\
C:\WINDOWS\Help\bak\
C:\WINDOWS\ime\IMJP8_1\bak\
C:\WINDOWS\system32\bak\
C:\WINDOWS\system32\IME\TINTLGNT\bak\
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.

1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 3, then press Enter.
Press any key to continue.
A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
The program will proceed to remove the bad folders and will perform another scan for .bak folder
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.

Edited by Tigger93, 16 February 2008 - 10:53 PM.

#30
jslasher88

Posted 16 February 2008 - 10:56 PM

Member

Topic Starter
Member
18 posts

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2008-02-16
The current time is: 23:55:01.02

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\WIFD1F~1\BAK

2006-11-03 05:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\HELP\BAK

2004-08-04 07:00 AM 16,384 SplshWrp.exe
1 File(s) 16,384 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2004-08-04 07:00 AM 15,360 ctfmon.exe
2007-06-19 03:26 PM 84,760 hkcmd.exe
2007-06-19 03:26 PM 125,720 igfxpers.exe
2007-06-19 03:26 PM 101,144 igfxtray.exe
4 File(s) 326,984 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

2004-09-23 11:41 AM 860,160 Smax4.exe
2004-10-14 08:11 AM 1,388,544 SMax4PNP.exe
2 File(s) 2,248,704 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

2004-09-13 02:49 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HPQ\HPPROT~1\BAK

2005-10-04 02:23 PM 86,016 PTHOSTTR.EXE
1 File(s) 86,016 bytes

Directory of C:\PROGRA~1\INTERV~1\DVDCHE~1\BAK

2005-03-09 01:54 PM 184,320 DVDCheck.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\MICROS~3\OFFICE12\BAK

2006-10-26 11:47 PM 31,016 GrooveMonitor.exe
1 File(s) 31,016 bytes

Directory of C:\PROGRA~1\PROTEC~1\EMBEDD~1\BAK

2004-07-28 09:35 AM 123,952 PSDrt.EXE
2004-06-15 09:57 AM 167,936 SpTNA.exe
2 File(s) 291,888 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

2007-09-15 01:27 AM 1,015,808 SynTPEnh.exe
2007-09-15 01:29 AM 102,400 SynTPStart.exe
2 File(s) 1,118,208 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

2004-08-04 07:00 AM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

2007-05-11 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\INK\BAK

2005-04-25 10:10 PM 271,872 tabtip.exe
1 File(s) 271,872 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

2007-09-25 12:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

2004-08-04 07:00 AM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
16384 Aug 4 2004 "C:\WINDOWS\Help\SplshWrp.exe"
16384 Aug 4 2004 "C:\WINDOWS\Help\bak\SplshWrp.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
84760 Jun 19 2007 "C:\WINDOWS\system32\hkcmd.exe"
84760 Jun 19 2007 "C:\WINDOWS\system32\bak\hkcmd.exe"
125720 Jun 19 2007 "C:\WINDOWS\system32\igfxpers.exe"
125720 Jun 19 2007 "C:\WINDOWS\system32\bak\igfxpers.exe"
101144 Jun 19 2007 "C:\WINDOWS\system32\igfxtray.exe"
101144 Jun 19 2007 "C:\WINDOWS\system32\bak\igfxtray.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Sep 23 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 Oct 14 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
86016 Oct 4 2005 "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE"
86016 Oct 4 2005 "C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
184320 Mar 9 2005 "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
184320 Mar 9 2005 "C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
65824 Oct 26 2006 "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
31016 Oct 26 2006 "C:\Program Files\Microsoft Office\Office12\bak\GrooveMonitor.exe"
123952 Jul 28 2004 "C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.EXE"
123952 Jul 28 2004 "C:\Program Files\ProtectTools\Embedded Security Software\bak\PSDrt.EXE"
167936 Jun 15 2004 "C:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe"
167936 Jun 15 2004 "C:\Program Files\ProtectTools\Embedded Security Software\bak\SpTNA.exe"
1015808 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
1015808 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761946 Mar 31 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
761946 Mar 31 2006 "C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\SynTPEnh.exe"
102400 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
102400 Sep 15 2007 "C:\Program Files\Synaptics\SynTP\bak\SynTPStart.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
271872 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB895953$\tabtip.exe"
271872 Apr 25 2005 "C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe"
271872 Apr 25 2005 "C:\Program Files\Common Files\Microsoft Shared\Ink\bak\tabtip.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"

end of report