Guest Bomb123 Posted August 18, 2010 ID:301964 Share Posted August 18, 2010 Hello here is my log... Is this a false positive or not...Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4444Windows 5.1.2600 Service Pack 3Internet Explorer 7.0.5730.138/18/2010 2:59:56 PMmbam-log-2010-08-18 (14-59-56).txtScan type: Full scan (C:\|)Objects scanned: 164809Time elapsed: 47 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\32788R22FWJFW\Combo-Fix.sys (Trojan.Agent.Gen) -> No action taken.C:\System Volume Information\_restore{A1AD2010-CEA8-4E20-B867-B0A3D92CEA2C}\RP1\A0000062.sys (Trojan.Agent.Gen) -> No action taken.C:\System Volume Information\_restore{A1AD2010-CEA8-4E20-B867-B0A3D92CEA2C}\RP5\A0000209.sys (Trojan.Agent.Gen) -> No action taken.C:\System Volume Information\_restore{A1AD2010-CEA8-4E20-B867-B0A3D92CEA2C}\RP5\A0000281.sys (Trojan.Agent.Gen) -> No action taken.I have quarantined the files. Link to post Share on other sites More sharing options...
Guest Bomb123 Posted August 18, 2010 ID:301966 Share Posted August 18, 2010 Here is the virustotal report http://www.virustotal.com/file-scan/report...dd9c-1282133082I downloaded the combofix from this site http://www.forospyware.com/sUBs/ComboFix.exe Link to post Share on other sites More sharing options...
Guest Bomb123 Posted August 18, 2010 ID:301967 Share Posted August 18, 2010 The md5 of the file does not show much google results. Link to post Share on other sites More sharing options...
Guest Bomb123 Posted August 18, 2010 ID:301976 Share Posted August 18, 2010 Here is my hijackthis log, i removed the entries that i know are safe...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:10:30, on 8/18/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17080)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Emsisoft Anti-Malware\a2service.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [TC-Spy] "C:\Program Files\TC-Spy\TC-Spy.exe" -hO4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1262296040695O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} (Rising Online Antivirus scanner control) - http://rsdownload.rising.com.cn/rs2010/online/ravolctl.cabO16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exeO23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe--End of file - 5590 bytes Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 18, 2010 Root Admin ID:302073 Share Posted August 18, 2010 The combofix file is not a false positive per say. It contains tools that can be dangerous to the system is why it was flagged is all. You can ignore that entry. The other files are in your System Restore and are probably not false positives. I would recommend emptying the system restore and then update your AV and do a full system scan and you should be okay.Turn off System Restore then Turn it back on to clean old restore points. Then create a new Restore Point. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 29, 2010 Staff ID:306413 Share Posted August 29, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts