Home > Yet Another > Yet Another HJT Log File For 'DCOM Server Process'

Yet Another HJT Log File For 'DCOM Server Process'

by R. Anyway, last what happened, i was running that Prevx 3.0 on a system and even if the system was much more stable then before i would get each time when i C:\WINDOWS\TEMP\Perflib_Perfdata_794.dat moved successfully. scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1164)c:\windows\system32\igfxdev.dll.Completion time: 2009-08-26 18:42ComboFix-quarantined-files.txt 2009-08-26 22:42Pre-Run: 41,242,914,816 bytes freePost-Run: 41,373,999,104 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating Source

Share this post Link to post Share on other sites BrewerJ    New Member Topic Starter Members 5 posts ID: 5   Posted August 26, 2009 Please temporarily disable your Anti-Virus If that's the case then you'll need to repair the drive or do some drastic fixes.Let me know if you have an XP or Vista CD/DVD that you can use, or The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. Back to top #3 myrti myrti Sillyberry Malware Study Hall Admin 33,638 posts OFFLINE Gender:Female Location:At home Local time:04:34 PM Posted 26 February 2010 - 08:11 PM Hello and welcome

If not, an attacker may get the new passwords and transaction information. http://www.bleepingcomputer.com/combofix/how-to-use-combofix You must rename the default download file. Click apply and OK and close all open windows.About that random O4.. Figure a day or two.In your startup items are things you can do without.Did you scan the PC with the usual?

disable BIOS menory options such as caching or shadowing. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Mail Scanner;"c:\program files\alwil software\avast4\ashmaisv.exe" /service --> c:\program files\alwil software\avast4\ashMaiSv.exe [?]S3 avast! Join our site today to ask your question.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details. I've done that many times so I'll be fine to do it on my own. Thanks again - I hope we are getting close. They have special removal programms, you may find under my links.

Is this the same thing you had happen? Back to top #7 KingB KingB Member Full Member 8 posts Posted 11 April 2005 - 02:02 AM I think that missing file was probably one of the renamed 'random' ones. Mark why won't my laptop work?Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time aroundDo not send So the renamed combofix or the MalwareBytes till won't run?

Seems like we NAILED that one. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy CNET Reviews To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for Please save all work in progress and log off....

Even when ComboFix appears to be doing nothing, look at your Drive light. this contact form A new version of the tool will be offered every month. Antivirus service depends on the avast! Now copy/paste the text between the lines below into the Notepad window: ------------------------------------------------------------------------ File:: C:\32788R22FWJFW.6.tmp C:\32788R22FWJFW.5.tmp C:\32788R22FWJFW.4.tmp C:\32788R22FWJFW.3.tmp C:\32788R22FWJFW.2.tmp C:\32788R22FWJFW.1.tmp C:\32788R22FWJFW.0.tmp c:\windows\system32\k9261108.exe c:\windows\system32\D7A23C43EA.sys ------------------------------------------------------------------------ 3.

Use your arrow keys to move to "Safe Mode" and press your Enter key.* Using Windows Explorer, locate the following files and delete them:c:\windows\system32\vgtcnqe.exeC:\WINDOWS\Nail.exeC:\WINDOWS\svcproc.exe* Reboot your system back to normal mode.Post Technical information *** stop: 0x0000000A (0x00000078,0x0000001B,0x00000001,0x81AF0772) To get the computer out of this I have to do a hard reboot. Register now! have a peek here combofixlog.txt 0 Message Author Comment by:juliedoodle ID: 233143082009-01-07 New HJT log, after running combofix.

KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exeO23 - Service: AdvancedSystemCareAntivirus (ASCAntivirusSrv) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. Please set your system to show all files. Thanks again.

I ran the combofix app with the notepad file as you said.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! And thanks for attaching the logs. C:\WINDOWS\svcproc.exe: UPX! If I boot into safe mode then it will stay up.

It's not designed to overwrite your user data. Flag Permalink Reply This was helpful (0) Collapse - Responses there are very good but not instant. It may take several days to get a response but your log will be reviewed and answered as soon as possible. http://popupjammer.com/yet-another/yet-another-hijackthis-log-file.html Any ideas how to get rid of for good?Logfile of HijackThis v1.99.1Scan saved at 7:05:53 PM, on 4/9/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Stardock\SDMCP.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.exec:\windows\system32\vgtcnqe.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\hkcmd.exeC:\HP\KBD\KBD.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program

FirstReboot your computer in "Safe Mode" using the F8 method. In the "File to upload & scan" box, click the "browse" button and locate the following file:C:\WINDOWS\TEMP\IKB8BF.EXE <- this fileClick "Open", then click the "Submit" button. -- Post back with the Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. I suggest you do this and select Immediate E-Mail notification and click on Proceed.

Join & Ask a Question Advertise Here Enjoyed your answer? It changes to swreg.exe - Bad Disk NirCmd.cfexe - Bad Disk svchost.exe, sed, exe, ERUNT, services.exe, lsass.exe, userinit.exe, explorer.exe. Please note that your topic was not intentionally overlooked.