Home > Combofix Log > ComboFix Log Disgnosis?

ComboFix Log Disgnosis?

If you are asked to reboot the machine choose Yes.NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found hereC:\_OTMoveIt\MovedFiles\********_******.log(where "********_******" is the "date_time")* Please download ComboFix Completion time: 2012-09-28  08:21:50 ComboFix-quarantined-files.txt  2012-09-28 15:21 . Join the community Back I agree Kaspersky Lab Kaspersky Lab Technical Support Help Search Members Kaspersky Lab's Fan Club Forum (RU) Kaspersky Lab's Fan Club Portal (EN) Search this forum only? Pre-Run: 138,295,234,560 bytes free Post-Run: 138,598,985,728 bytes free . http://libraryonlineweb.com/combofix-log/combofix-log-need-help-as-what-to-do.php

c:\program files\IDT\WDM\stacsv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Thank you! F.07_T090618_WXH3_L409_M1016_J160_7Intel_8Atom N270_91.6_#090915_N14E44315_()_XMOBILE_CN10_Z.MRK 2009-09-16 02:27 . 2009-05-06 23:39 -------- d-----w- c:\program files\HPQ 2009-09-15 21:53 . 2009-05-06 23:35 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-15 21:43 . 2009-05-06 23:34 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-15 19:11 scanning hidden files ...  .

They might be images/pictures.--- Code: ---O24 - Desktop Component 0: (no name) - http://online.comcast.net/images/headerBkg.gifO24 - Desktop Component 1: (no name) - http://a.sc.msn.com/3H/]4B2,]W{U[5UV-93_}+P3K.gifO24 - Desktop Component 2: (no name) - http://www.comcast.net/images/headerBkgHome.jpgO24 - uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\ocewgxd1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - scanning hidden autostart entries ...scanning hidden files ... You can even use your credit card!

Keep windows updated. Email Reset Password Cancel Need to recover your Spiceworks IT Desktop password? If we have ever helped you in the past, please consider helping us. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

Can you turn off system restore , restart the computer and then turn it back on the clean that folder. Then continue on. Group: Gold beta testers Posts: 56947 Joined: 28.01.2006 From: Timisoara, Romania Hellothe problem is? https://forum.avast.com/index.php?topic=33898.5;imode Anyone familiar with deciphering the logs on this?

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. S0 cerc6;cerc6; [x] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [8/3/2011 6:23 AM 828944] . Please Help what can I do? Forum New Posts FAQ Forum Actions Mark Forums Read Quick Links Today's Posts View Site Leaders What's New?

the others are just cookies. https://forum.kaspersky.com/index.php?showtopic=71364 TECHNOLOGY IN THIS DISCUSSION Read these next... © Copyright 2006-2017 Spiceworks Inc. scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" Reply With Quote October 13th, 2009,11:07 AM #10 Cider View Profile View Forum Posts Only african to own a PC!

Back to top #3 teacup61 teacup61 Bleepin' Texan! this contact form If you need help post in the forum. By creating an account, you're agreeing to our Terms of Use, Privacy Policy and to receive emails from Spiceworks. Reply With Quote October 13th, 2009,03:10 AM #8 Tex1984 View Profile View Forum Posts Junior Member Join Date Oct 2009 Posts 8 here is the scan log ;*********************************************************************************************************************************************************************************** ANALYSIS: 2009-10-12 20:01:46

or read our Welcome Guide to learn how to use this site. Not a member? Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com have a peek here Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads Prev Page 2 of 2 1 2 Back to Virus, Trojan, Spyware, and Malware Removal Logs 0

You can cause major problems. Back to top #9 teacup61 teacup61 Bleepin' Texan! Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:02:51 AM Posted 15 September 2007 - 12:05 PM Hello, Something interfered with ComboFix, and I believe it was

Please Wait...

Back to top #7 ejack37 ejack37 Topic Starter Members 5 posts OFFLINE Local time:12:51 AM Posted 15 September 2007 - 12:40 PM Uninstalled the Microsoft Antivirus here is the new Hijackthis Log : Please Help Diagnose Started by ejack37 , Sep 13 2007 09:06 PM This topic is locked 8 replies to this topic #1 ejack37 ejack37 Members 5 posts OFFLINE bobbydee: System Report oldman: We'll try to get rid of moe money in safe mode.* Please download OTMoveIt2 by OldTimer.Save it to your desktop. Reply With Quote October 12th, 2009,06:24 AM #3 Tex1984 View Profile View Forum Posts Junior Member Join Date Oct 2009 Posts 8 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at

Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe Advanced Search Forum Security Discussions Spyware / Adware A "Combofix" log If this is your first visit, be sure to check out the FAQ by clicking the link above. Join Date Jun 2003 Location Israel Posts 1,683 OK , they are all sitting in your System Restore folder. Check This Out Please try the request again.

By creating an account, you're agreeing to our Terms of Use, Privacy Policy and to receive emails from Spiceworks. Licensed to: Kaspersky Lab Register Help Remember Me? CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Best Answer Cayenne OP Cwiegraffe Sep 28, 2012 at 7:57 UTC Yes, if you’re not, I do not recommend you use Combo fix, hijack this or any other similar program until

is infected!! -------- c:\windows\system32\eventlog.dll . . . A case like this could easily cost hundreds of thousands of dollars. c:\windows\win32k.sys . ---- Previous Run ------- . Error reading poptart in Drive A: Delete kids y/n?

Error reading poptart in Drive A: Delete kids y/n? It is important that it is saved directly to your desktop**[*]Please, never rename Combofix unless instructed.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged The time now is 08:51 AM.

Malware Response Team 17,075 posts OFFLINE Gender:Female Location:Wills Point, Texas Local time:02:51 AM Posted 18 September 2007 - 03:47 PM I have no idea how I missed this. Thank you! Error reading poptart in Drive A: Delete kids y/n? Thanks, tea Please make a donation so I can keep helping people just like you.Every little bit helps!

You may have to register before you can post: click the register link above to proceed. AVG anti virus for example. Secrets to Career Success eBook... Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running.

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. You may get a better answer to your question by starting a new discussion. We leave all our systems on needlessly here, so to cut out waste i decided to set up an automated startup/shutdown policy. Error reading poptart in Drive A: Delete kids y/n?