Tech Support Forum - View Single Post

dwbears · 06-28-2007, 06:06 AM

Here is the result of running CombFix.exe:

"Dan" - 2007-06-28 6:47:02 - ComboFix 07-06-28.4 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Dan\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\screensavers.com
C:\WINDOWS\inf\wininitlog.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))

2007-06-28 06:45 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-27 21:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-26 22:32 <DIR> d-------- C:\Deckard
2007-06-26 22:01 <DIR> d-------- C:\ie-spyad
2007-06-26 21:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-20 21:03 <DIR> d-------- C:\DOCUME~1\Dan\APPLIC~1\Cakewalk
2007-06-20 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cakewalk
2007-06-20 19:46 <DIR> d-------- C:\WINDOWS\pss
2007-06-20 18:54 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-17 02:11 <DIR> d-------- C:\Program Files\Netflix

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 12:14:45 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-26 07:26:02 -------- d-----w C:\Program Files\QuickTime
2007-06-26 07:26:02 -------- d-----w C:\Program Files\Messenger
2007-06-26 07:25:45 -------- d-----w C:\Program Files\palmOne
2007-06-26 05:46:25 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\U3
2007-06-25 23:35:20 -------- d-----w C:\Program Files\Norton SystemWorks
2007-06-25 03:44:56 -------- d-----w C:\Program Files\Paint Shop Pro 5
2007-06-24 10:46:15 -------- d-----w C:\Program Files\Cakewalk
2007-05-24 02:33:50 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Snapfish
2007-05-19 04:23:45 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 01:42:58 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 04:47:24 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Talkback
2007-05-06 22:23:35 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Jasc
2007-05-06 21:44:28 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Opera
2007-05-06 19:36:50 3,486 ----a-w C:\WINDOWS\mozver.dat
2007-04-28 23:11:27 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-12 03:56:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-04-03 12:04:14 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-28 23:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 23:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-09-24 22:20]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 17:43]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Norton Ghost 9.0"="C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2004-11-22 18:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE" [2005-08-04 02:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 21:12]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-11 22:56]

Contents of the 'Scheduled Tasks' folder
2007-06-23 10:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Dan.job
2007-06-25 23:35:20 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
2007-06-28 05:00:04 C:\WINDOWS\tasks\Symantec Drmc.job
2007-06-28 05:01:12 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-28 06:54:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-28 6:56:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-28 06:56

--- E O F ---

06-28-2007, 06:06 AM	#7 (permalink)
dwbears Registered User Join Date: May 2007 Posts: 11 OS: Win XP Pro	Re: request wininitlog.exe help. Here is the result of running CombFix.exe: "Dan" - 2007-06-28 6:47:02 - ComboFix 07-06-28.4 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Dan\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\screensavers.com C:\WINDOWS\inf\wininitlog.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 ))))))))))))))))))))))))))))))) 2007-06-28 06:45 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-27 21:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-06-27 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-06-26 22:32 <DIR> d-------- C:\Deckard 2007-06-26 22:01 <DIR> d-------- C:\ie-spyad 2007-06-26 21:53 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-20 21:03 <DIR> d-------- C:\DOCUME~1\Dan\APPLIC~1\Cakewalk 2007-06-20 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Cakewalk 2007-06-20 19:46 <DIR> d-------- C:\WINDOWS\pss 2007-06-20 18:54 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-06-17 02:11 <DIR> d-------- C:\Program Files\Netflix (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-27 12:14:45 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-26 07:26:02 -------- d-----w C:\Program Files\QuickTime 2007-06-26 07:26:02 -------- d-----w C:\Program Files\Messenger 2007-06-26 07:25:45 -------- d-----w C:\Program Files\palmOne 2007-06-26 05:46:25 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\U3 2007-06-25 23:35:20 -------- d-----w C:\Program Files\Norton SystemWorks 2007-06-25 03:44:56 -------- d-----w C:\Program Files\Paint Shop Pro 5 2007-06-24 10:46:15 -------- d-----w C:\Program Files\Cakewalk 2007-05-24 02:33:50 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Snapfish 2007-05-19 04:23:45 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-10 01:42:58 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-08 04:47:24 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Talkback 2007-05-06 22:23:35 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Jasc 2007-05-06 21:44:28 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\Opera 2007-05-06 19:36:50 3,486 ----a-w C:\WINDOWS\mozver.dat 2007-04-28 23:11:27 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-12 03:56:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe 2007-04-03 12:04:14 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-03-28 23:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 23:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-09-24 22:20] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 17:43] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Norton Ghost 9.0"="C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2004-11-22 18:20] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57] "Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE" [2005-08-04 02:42] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56] "Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 21:12] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-11 22:56] Contents of the 'Scheduled Tasks' folder 2007-06-23 10:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Dan.job 2007-06-25 23:35:20 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job 2007-06-28 05:00:04 C:\WINDOWS\tasks\Symantec Drmc.job 2007-06-28 05:01:12 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-28 06:54:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-28 6:56:11 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-28 06:56 --- E O F ---