I'm concerned why i386 was in that folder, i386 is normally in the root of your C:\ drive.
Sure, i'll try to explain it in the most simple terms I can.
The first header part just lets me know the Combofix version, your OS, and if any command switches were used to run combofix, then shows it created a restore point should anything go wrong when it deletes files. (That's why it tells you 1 in 10 machines don't make it through a Combofix run)
The Other Deletions i'm sure is pretty obvious.
The newly created files part does just that, shows newly created file, this is helpful in such cases as Vundo like you had, in this case there weren't any leftovers, only the weird named files in your C:\ drive.
Then the Find3m report shows any modified files, this would show if any legit files were patched by malware, this sometimes happens in more extreme cases such as backdoor bots. (Then if any were patched, Combofix check files sizes and md5 codes)
Next, the registry check, Combofix look at non default registry entries, you had one non default, but the CFscript took that out. (Also shows stuff that runs at startup, but Hijack This does that anyway)
Last, catchme. Detects hidden rootkits or files hidden from our veiw.
Let me know how the machine is functioning.
............................................................................................
Site Admin / Security Administrator
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Sure, i'll try to explain it in the most simple terms I can.
The first header part just lets me know the Combofix version, your OS, and if any command switches were used to run combofix, then shows it created a restore point should anything go wrong when it deletes files. (That's why it tells you 1 in 10 machines don't make it through a Combofix run)
The Other Deletions i'm sure is pretty obvious.
The newly created files part does just that, shows newly created file, this is helpful in such cases as Vundo like you had, in this case there weren't any leftovers, only the weird named files in your C:\ drive.
Then the Find3m report shows any modified files, this would show if any legit files were patched by malware, this sometimes happens in more extreme cases such as backdoor bots. (Then if any were patched, Combofix check files sizes and md5 codes)
Next, the registry check, Combofix look at non default registry entries, you had one non default, but the CFscript took that out. (Also shows stuff that runs at startup, but Hijack This does that anyway)
Last, catchme. Detects hidden rootkits or files hidden from our veiw.
Let me know how the machine is functioning.
Site Admin / Security Administrator
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.