Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jaymyka.wen9.com


  • Please log in to reply
1 reply to this topic

#1 River.Psyche

River.Psyche

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 20 October 2007 - 12:41 AM

never mind. i've fixed the problem with the time. i just reverted the settings back to normal. anyhow, as i've told you before, i've already found the jay.exe file and i now know what was in the Autorun.inf file and combofix was correct to erase those since that was the script that made jay.exe run so i deleted the two instances of jay.exe (on my c:\ and e:\). what i want to know now is that are there any more processes / things that i need to fix based on my logs?

Actually, ive run along this site just to find the answer to my problem. Im trying to remove jaymyka.wen9.com on my IE bar. Ive followed the instructions that ive found in this site and im still at lost. I mean, I still see the jaymyka.wen9.com on my IE bar. What should I do? Im new here.

This was the log, ive created after running the instructions.

ComboFix 07-10-19.1 - AngelAyiLupert 2007-10-20 13:02:43.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.70 [GMT 8:00]
Running from: D:\ATF-cleaner\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-20 12:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 11:53 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-19 21:45 202,474 -rahsc--- C:\jay.exe
2007-10-13 09:57 <DIR> d-------- C:\Documents and Settings\AngelAyiLupert\Application Data\TypingMaster7
2007-10-11 21:28 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-10-11 21:26 <DIR> d----c--- C:\Documents and Settings\AngelAyiLupert\Application Data\Bitdefender
2007-10-11 21:21 <DIR> d-------- C:\Program Files\BitDefender
2007-10-11 21:21 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-10-11 21:09 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-09-26 18:03 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-22 23:26 <DIR> d-------- C:\Program Files\Norton Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 03:43 --------- dc----w C:\Documents and Settings\AngelAyiLupert\Application Data\AVG7
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-20 07:54 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2004-08-03 22:56:50 202,474 --sha-r C:\WINDOWS\system32\mveo.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}"= C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2007-10-02 11:38 91432]

[HKEY_CLASSES_ROOT\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 17:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-10-27 14:49 C:\WINDOWS\SOUNDMAN.EXE]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" []
"MMTray"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-15 00:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"mmtask"="C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2005-03-15 08:58]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 06:22]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-08-27 15:24]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-10-01 15:23]
"ampli"="WINDOWS\system32\mveo.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="D:\MusicMatch\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 07:34]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
S1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{488b129d-0c2e-11dc-b712-00e04ce13e7c}]
AutoRun\command - G:\fooool.exe
explore\Command - G:\fooool.exe
open\Command - G:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63dc0ee6-f183-11db-b6d9-00e04ce13e7c}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
_\command - NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94aed810-4330-11dc-b76f-00e04ce13e7c}]
AutoRun\command - G:\jay.exe
explore\Command - G:\jay.exe
open\Command - G:\jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e95f76f9-5eb0-11dc-b792-00e04ce13e7c}]
Auto\command - H:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command - H:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-19 16:00:04 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-09-26 01:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-14 02:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-20 03:00:03 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-20 04:00:03 C:\WINDOWS\Tasks\At13.job"
"2007-10-14 05:00:01 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-14 06:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-14 07:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-14 08:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-12 09:00:01 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-12 10:00:01 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-19 17:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-12 11:00:01 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-19 12:00:06 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-19 13:00:19 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-19 14:00:05 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-19 15:00:00 C:\WINDOWS\Tasks\At24.job"
"2007-10-19 18:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-11 19:00:03 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-09-29 20:00:01 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-09-29 21:00:03 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-09-29 22:00:02 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\7Ts4OVq5.exe
"2007-10-01 23:00:05 C:\WINDOWS\Tasks\At8.job"
"2007-08-30 00:00:00 C:\WINDOWS\Tasks\At9.job"
"2007-10-20 05:03:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-22 15:26:36 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 13:04:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe?? ???????0y?wx???????????????~y?w????????????#????? ?????#????????????????!???H?g???g2???f+?g????????????????)??g???????g????H?U?0?T?????x???????????2?????????@?l?S?t?S?????????????????X?T?????.?N?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2007-10-20 13:05:04
.
--- E O F ---

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:44 AM

Posted 20 October 2007 - 08:56 AM

Welcome to BC River.Psyche

Who asked you to download and run Combofix? Did you find out about this tool while reading instructions provided to someone else in another thread? If so, those instructions were most likely posted by a forum staff expert to help fix that particular members problems, NOT YOURS. Using someone else's fix instructions could lead to serious problems with your operating system.

You should not be using Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could adversely impact your system and prevent it from ever starting again.

What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the "Administrator Account" or an "account with administrator privileges"?

You need to start there first. If you don't have any anti-virus or anti-malware programs see, BC's list of Freeware Replacements For Common Commercial Apps. There are several free online anti-virus scans listed which you can perform. I would also recommend that you download and scan with SUPERAntiSpyware Free in "SAFE MODE".
Please update the defintions before performing a scan. If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users