Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
G.O.D Saikoboy Virus infected-Need Help ! G.O.D Saikoboy Virus infected-Need Help !
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 05-06-2008, 07:28 AM   #1 (permalink)
Registered User
 
Join Date: May 2008
Posts: 1
OS: WinXP Professional sp2


Mistake G.O.D Saikoboy Virus infected-Need Help !
Hi Friends,

My system some where infected by the serious torjans which my macfee unable to get it. The following issues needs to resolved.
1) In internet explorer Titile Bar showing with " G.O.D Saikoboy's".
2) Task manager is disabled.
3) Registry editor is disabled.
4) No "folder option" in Tools.

From this forum I came to know a "combofix tool" which can be used to resolved this issue. I have gone through the steps and got the log file which advised to post the log file here. So please go through the log file.
This log file I generated after uninstalling Mcafee.

Thanks,
swadesh

****************Log-combofix*******************

ComboFix 08-05-01.3 - Administrator 2008-05-06 19:27:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.724 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\SW_Win2000X16.DLL

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-06 19:26 . 2008-05-06 19:26 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-06 18:09 . 2008-05-06 18:09 <DIR> d-------- C:\Program Files\AVG
2008-05-06 18:09 . 2008-05-06 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-05 23:44 . 2008-05-05 23:44 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\Simply Super Software
2008-05-05 23:04 . 2008-05-06 13:54 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-05 17:07 . 2008-05-06 13:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-05 17:07 . 2008-05-06 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 14:21 . 2008-05-05 14:21 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-05-05 12:19 . 2008-05-05 12:19 <DIR> d--hs---- C:\CONFIG
2008-05-03 11:02 . 2008-05-03 11:02 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Application Data\Ahead
2008-05-02 10:00 . 2008-05-02 10:00 <DIR> d-------- C:\WINDOWS\Sun
2008-04-28 11:26 . 2008-04-28 11:26 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Program Files
2008-04-28 11:26 . 2008-05-06 17:58 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Application Data\BitTorrent
2008-04-27 01:41 . 2008-04-27 01:41 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Application Data\DivX
2008-04-26 22:07 . 2008-04-27 14:54 <DIR> d-------- C:\Program Files\Rising Research
2008-04-26 21:34 . 2008-05-01 00:53 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\DivX
2008-04-26 21:33 . 2008-04-26 21:33 <DIR> d-------- C:\Program Files\DivX
2008-04-25 00:51 . 2002-02-18 10:22 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-04-25 00:50 . 2002-02-18 10:23 172,304 --a------ C:\WINDOWS\system32\jview.exe
2008-04-25 00:50 . 2002-02-18 10:23 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2008-04-25 00:50 . 2002-02-18 10:23 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2008-04-24 23:45 . 2008-04-24 23:45 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-24 23:45 . 2002-03-26 14:04 45,568 --a------ C:\WINDOWS\system32\drivers\R8139n51.sys
2008-04-19 12:23 . 2008-04-19 12:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-04-19 12:09 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-19 12:08 . 2008-04-19 12:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-04-19 12:08 . 2008-05-06 19:15 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 12:08 . 2008-05-06 19:28 155,648 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-04-18 23:47 . 2008-04-18 23:47 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Application Data\SUNGIL TELECOM
2008-04-18 23:38 . 2008-04-18 23:38 <DIR> d-------- C:\Program Files\EpiValley
2008-04-18 21:15 . 2008-04-18 21:15 2,359,350 --a------ C:\Concurrent_program_error.bmp
2008-04-16 00:56 . 2008-04-16 00:56 73 --a------ C:\WINDOWS\EurekaLog.ini
2008-04-14 23:53 . 2008-04-14 23:53 <DIR> d-------- C:\Program Files\GeoVid
2008-04-14 16:55 . 2008-04-14 16:55 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Application Data\vlc
2008-04-13 22:11 . 2008-05-02 11:32 <DIR> d-------- C:\Apps_Doc
2008-04-13 13:21 . 2008-04-14 16:01 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Application Data\Orbit
2008-04-13 13:14 . 2008-04-13 13:14 <DIR> d---s---- C:\Documents and Settings\Rani Avinasha\UserData
2008-04-13 13:09 . 2008-04-13 13:09 <DIR> d-------- C:\Documents and Settings\Rani Avinasha\Application Data\PC Suite
2008-04-13 13:07 . 2008-05-06 18:00 <DIR> d-------- C:\Documents and Settings\Rani Avinasha
2008-04-13 13:07 . 2008-05-06 19:26 1,024 --ah----- C:\Documents and Settings\Rani Avinasha\NtUser.dat.LOG
2008-04-13 13:01 . 2008-04-13 13:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-13 11:47 . 2008-04-13 11:47 <DIR> d-------- C:\WINDOWS\logs
2008-04-13 11:46 . 2008-04-13 11:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-13 11:46 . 2008-04-13 11:46 <DIR> d-------- C:\Program Files\Common Files\Quest Shared
2008-04-13 11:46 . 2008-04-13 11:46 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\Software
2008-04-13 11:46 . 2008-04-13 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Quest Software
2008-04-13 11:45 . 2008-04-13 11:45 <DIR> d-------- C:\Program Files\Quest Software
2008-04-13 11:45 . 2002-12-18 06:54 378,880 --a------ C:\WINDOWS\system32\KXauth.dll
2008-04-13 11:45 . 2005-05-03 14:39 135,168 --a------ C:\WINDOWS\system32\KXproc.dll
2008-04-13 11:32 . 2008-04-16 01:21 <DIR> d-------- C:\Documents and Settings\swadesh\Oracle Jar Cache
2008-04-13 11:31 . 2008-04-13 11:31 <DIR> d-------- C:\Documents and Settings\swadesh\.jinit
2008-04-13 11:27 . 2008-04-24 23:45 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 11:27 . 2005-01-19 01:17 45,164 --------- C:\WINDOWS\system32\plugincpl13121.cpl
2008-04-13 11:27 . 2005-01-19 01:17 36,962 --------- C:\WINDOWS\system32\ActPanel.dll
2008-04-13 03:33 . 2008-05-06 19:18 <DIR> d-------- C:\WINDOWS\hsperfdata_SYSTEM
2008-04-13 01:01 . 2008-04-13 03:29 218 --a------ C:\ORAODBC.INI
2008-04-13 01:01 . 2008-04-13 03:29 196 --a------ C:\ODBCINST.INI
2008-04-12 23:25 . 2008-04-13 11:27 <DIR> d-------- C:\Program Files\Oracle
2008-04-12 23:24 . 2008-04-13 00:12 218 --a------ C:\WINDOWS\oraodbc.ini
2008-04-12 21:47 . 2007-05-02 04:01 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-12 21:46 . 2008-04-12 21:47 <DIR> d-------- C:\Program Files\Java
2008-04-12 21:43 . 2008-04-12 21:43 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-12 21:43 . 2008-04-12 21:45 <DIR> d-------- C:\JDK15
2008-04-12 21:41 . 2008-04-12 21:45 <DIR> d-------- C:\Program Files\netbeans-5.5.1
2008-04-12 21:39 . 2008-04-13 11:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-12 02:17 . 2008-04-12 02:17 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\vlc
2008-04-12 00:44 . 2008-04-12 00:44 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-11 21:54 . 2008-05-01 22:49 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-10 21:08 . 2008-04-10 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-10 21:07 . 2008-04-10 21:07 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\Nokia
2008-04-10 21:06 . 2008-04-10 21:06 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-10 21:06 . 2008-04-10 21:06 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-10 21:04 . 2008-04-10 21:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-10 21:04 . 2008-04-10 21:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-10 21:04 . 2008-04-10 21:06 <DIR> d-------- C:\Program Files\Nokia
2008-04-10 21:04 . 2008-04-10 21:04 <DIR> d-------- C:\Program Files\DIFX
2008-04-10 21:04 . 2008-04-10 21:04 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\PC Suite
2008-04-10 21:04 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-10 21:04 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-10 21:04 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-10 21:04 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-10 21:04 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-10 21:04 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-10 21:03 . 2008-04-10 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-10 00:39 . 2008-04-10 00:39 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-09 22:08 . 2008-04-09 22:08 <DIR> d-------- C:\vbroker
2008-04-09 17:59 . 2008-04-09 22:16 <DIR> d-------- C:\Program Files\MagicISO
2008-04-09 01:42 . 2008-05-04 18:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-08 17:21 . 2008-04-19 00:34 <DIR> d-------- C:\Program Files\GetRight
2008-04-08 12:38 . 2008-04-10 01:26 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\GetRight
2008-04-08 12:30 . 2008-04-10 00:49 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\GetRightToGo
2008-04-08 01:14 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-04-08 01:14 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-04-08 01:14 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-04-07 22:36 . 2008-04-16 19:14 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\DMCache
2008-04-07 20:36 . 2008-04-07 20:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-07 12:05 . 2008-04-07 12:05 <DIR> d-------- C:\Program Files\Winamp
2008-04-07 12:05 . 2008-04-07 12:05 <DIR> d-------- C:\Program Files\Mjuice Media Player
2008-04-07 12:05 . 2008-04-07 12:05 <DIR> d-------- C:\My Music
2008-04-07 12:05 . 2008-05-06 16:13 95 --a------ C:\WINDOWS\winamp.ini
2008-04-07 02:34 . 2008-04-07 02:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-07 02:24 . 2008-04-07 02:24 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-07 02:24 . 2008-04-07 02:24 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-07 02:18 . 2008-04-11 13:44 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\Ahead
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Program Files\Nero
2008-04-07 02:13 . 2008-04-07 02:16 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-07 02:13 . 2008-04-07 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-06 20:08 . 2008-04-07 01:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 12:46 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-06 12:45 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-06 12:42 . 2008-04-06 12:42 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-06 12:41 . 2008-04-06 12:41 <DIR> d-------- C:\Program Files\MSBuild
2008-04-06 12:30 . 2008-04-06 12:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-06 12:29 . 2008-04-15 01:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 12:28 . 2008-04-06 12:28 <DIR> dr-h----- C:\MSOCache
2008-04-06 12:21 . 2008-05-01 01:28 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\BitTorrent
2008-04-06 12:20 . 2008-04-06 12:20 <DIR> d-------- C:\Program Files\DNA
2008-04-06 12:20 . 2008-04-06 12:21 <DIR> d-------- C:\Program Files\BitTorrent
2008-04-06 12:20 . 2008-04-08 06:26 <DIR> d-------- C:\Documents and Settings\swadesh\Application Data\DNA
2008-04-06 12:13 . 2008-04-06 20:08 <DIR> d-------- C:\Program Files\AZR
2008-04-06 12:04 . 2008-04-06 12:04 <DIR> d-------- C:\Program Files\VIA Technologies, Inc
2008-04-06 12:04 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-06 12:04 . 2002-09-16 00:50 64,128 -ra------ C:\WINDOWS\system32\drivers\viaudio.sys
2008-04-06 12:04 . 2001-09-23 11:11 32,768 --a------ C:\WINDOWS\system32\UnAudioNT.dll
2008-04-06 02:50 . 2008-04-06 02:50 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 19:21 155,995 ----a-w C:\WINDOWS\java\Packages\HJ9J1RPZ.ZIP
2008-04-05 07:09 --------- d-----w C:\Program Files\Web Publish
2008-04-05 06:47 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"msci"="C:\DOCUME~1\swadesh\LOCALS~1\Temp\200856184137_mcinfo.exe" [2005-07-01 19:26 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\Rani Avinasha\Start Menu\Programs\Startup\
ÿ.lnk - C:\CONFIG\svchost.exe [2008-05-05 12:19:43 215523]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"installed"= present2
"winlogon"= \svchost.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight.lnk
backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-04-06 12:20 288576 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Documents and Settings\\Rani Avinasha\\Program Files\\BitTorrent\\BitTorrent.exe"=

R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
S2 Oracle Apache Server VIS_oracle;Oracle Apache Server VIS_oracle;E:\oracle\visappl\fnd\11.5.0\bin\OAMKSVC.exe E:\oracle\visappl\admin\VIS_oracle.xml apache []
S2 Oracle Fulfillment Server VIS_oracle;Oracle Fulfillment Server VIS_oracle;E:\oracle\visappl\fnd\11.5.0\bin\OAMKSVC.exe E:\oracle\visappl\admin\VIS_oracle.xml jtff_srv []
S2 Oracle Metrics Client VIS_oracle;Oracle Metrics Client VIS_oracle;E:\oracle\visora\8.0.6\bin\d2lc60.exe [2000-10-28 01:43]
S2 Oracle Metrics Server VIS_oracle;Oracle Metrics Server VIS_oracle;E:\oracle\visora\8.0.6\bin\d2ls60.exe [2000-10-28 01:43]
S2 OracleConcMgrVIS_oracle;OracleConcMgrVIS_oracle;E:\oracle\visappl\fnd\11.5.0\bin\CCMSVC.exe VIS_oracle []
S2 OracleDiscoverer4i;OracleDiscoverer4i_VIS;E:\oracle\visora\8.0.6\discwb4\dis4srv.exe [2004-10-28 04:18]
S2 OracleFormsServer-Forms60VIS_oracle;OracleFormsServer-Forms60VIS_oracle;E:\oracle\visappl\fnd\11.5.0\bin\OAMKSVC.exe E:\oracle\visappl\admin\VIS_oracle.xml forms []
S2 OracleReportServer-Rep60_VIS;Oracle Reports Server [Rep60_VIS];E:\oracle\visora\8.0.6\bin\rwmts60.exe [2004-02-28 06:17]
S2 OracleServiceVIS;OracleServiceVIS;e:\oracle\visdb\9.2.0\bin\ORACLE.EXE VIS []
S2 OracleVIS_db920_RDBMSTNSListenerVIS;OracleVIS_db920_RDBMSTNSListenerVIS;E:\oracle\visdb\9.2.0\BIN\TNSLSNR []
S2 OracleVISOra806_2TNSListener80APPS_VIS;OracleVISOra806_2TNSListener80APPS_VIS;E:\oracle\visora\8.0.6\BIN\TNSLSNR80 []
S3 Oracle ICSM oracle VIS_oracle;Oracle ICSM oracle VIS_oracle;E:\oracle\visappl\fnd\11.5.0\bin\OAMKSVC.exe E:\oracle\visappl\admin\VIS_oracle.xml icsm_srv []
S3 Oracle Web Integration Server;Oracle Web Integration Server;E:\oracle\visora\iAS\panama\webintegration\server\bin\serverSvc.exe []
S3 OracleIFSD;OracleIFSD;C:\WINDOWS\system32\drivers\oraifsd.sys []
S3 OracleVIS_db920_RDBMSAgent;OracleVIS_db920_RDBMSAgent;E:\oracle\visdb\9.2.0\bin\agntsrvc.exe [2004-10-20 19:04]
S3 OracleVIS_db920_RDBMSClientCache;OracleVIS_db920_RDBMSClientCache;E:\oracle\visdb\9.2.0\BIN\ONRSD.EXE [2004-10-14 00:25]
S3 OracleVIS_db920_RDBMSHTTPServer;OracleVIS_db920_RDBMSHTTPServer;"E:\oracle\visdb\9.2.0\Apache\Apache\apache.exe" --ntservice []
S3 OracleVIS_db920_RDBMSPagingServer;OracleVIS_db920_RDBMSPagingServer;E:\oracle\visdb\9.2.0/bin/pagntsrv.exe [2002-08-21 04:17]
S3 OracleVIS_db920_RDBMSSNMPPeerEncapsulator;OracleVIS_db920_RDBMSSNMPPeerEncapsulator;E:\oracle\visdb\9.2.0\BIN\ENCSVC.EXE [2004-10-20 19:06]
S3 OracleVIS_db920_RDBMSSNMPPeerMasterAgent;OracleVIS_db920_RDBMSSNMPPeerMasterAgent;E:\oracle\visdb\9.2.0\BIN\AGNTSVC.EXE [2004-10-20 19:06]
S3 OracleVIS_HOMEExtprocAgent;OracleVIS_HOMEExtprocAgent;E:\oracle\visora\8.0.6\BIN\EXTPROCT.EXE extproc []
S3 OracleVIS_ias1022Agent;OracleVIS_ias1022Agent;E:\oracle\visora\iAS\bin\dbsnmp.exe [2001-03-14 07:03]
S3 OracleVIS_ias1022ClientCache;OracleVIS_ias1022ClientCache;E:\oracle\visora\iAS\BIN\ONRSD.EXE [2002-05-11 03:26]
S3 OracleVIS_ias1022DataGatherer;OracleVIS_ias1022DataGatherer;E:\oracle\visora\iAS\bin\vppdc.exe [2001-03-14 07:02]
S3 OracleVIS_ias1022HTTPServer;OracleVIS_ias1022HTTPServer;E:\oracle\visora\iAS\Apache\Apache\Apache.exe [2005-03-25 06:31]
S3 OracleVIS_ias1022PagingServer;OracleVIS_ias1022PagingServer;E:\oracle\visora\iAS\bin\pagntsrv.exe [2001-03-29 04:21]
S3 OracleVIS_ias1022WebCache;OracleVIS_ias1022WebCache;E:\oracle\visora\iAS\bin\webcached.exe [2005-03-25 06:24]
S3 OracleVIS_ias1022WebCacheAdmin;OracleVIS_ias1022WebCacheAdmin;E:\oracle\visora\iAS\bin\webcached.exe [2005-03-25 06:24]
S3 OracleVIS_ias1022WebCacheMon;OracleVIS_ias1022WebCacheMon;E:\oracle\visora\iAS\bin\webcachemon.exe [2005-03-25 06:24]
S3 sit_bus;SIT_1x_usbmodem Device;C:\WINDOWS\system32\Drivers\sit_bus.sys [2007-04-17 12:21]
S3 sit_flt;SUNGIL USB Filter Service;C:\WINDOWS\system32\DRIVERS\sit_flt.sys [2007-04-18 15:57]
S3 sit_mdm;SIT_1x_usbmodem ;C:\WINDOWS\system32\Drivers\sit_mdm.sys [2007-04-17 14:52]
S3 sit_prt;SIT_1x_usbmodem Port;C:\WINDOWS\system32\Drivers\sit_prt.sys [2007-04-17 12:28]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 19:05:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-06 03:30:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-06 04:30:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-05 05:30:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-05 06:30:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-04 07:30:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-04 08:30:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-06 09:30:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-06 10:30:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-06 11:30:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-06 12:30:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-02 19:30:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-06 13:30:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-02 14:30:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-04 15:30:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-05 16:30:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-05 17:30:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-05-02 20:30:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-04-29 21:30:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-04-18 19:00:49 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-04-18 19:00:49 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-04-18 19:00:49 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-04-18 19:00:49 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
"2008-04-18 19:00:49 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\V77h1Wgp.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 19:29:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
msci = C:\DOCUME~1\swadesh\LOCALS~1\Temp\200856184137_mcinfo.exe /insfin?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????A?X?D????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleVISOra806_2TNSListener80APPS_VIS]
"ImagePath"="E:\oracle\visora\8.0.6\BIN\TNSLSNR80 "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleVIS_db920_RDBMSPagingServer]
"ImagePath"="E:\oracle\visdb\9.2.0/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleVIS_db920_RDBMSTNSListenerVIS]
"ImagePath"="E:\oracle\visdb\9.2.0\BIN\TNSLSNR "
.
Completion time: 2008-05-06 19:29:51
ComboFix-quarantined-files.txt 2008-05-06 13:59:46

Pre-Run: 32,405,655,552 bytes free
Post-Run: 32,452,521,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

306
swadesh_routray is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:15 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82