WiredWX Hobby Weather ToolsLog in

 


descriptionPeak Protection 2010 Virus? EmptyPeak Protection 2010 Virus?

more_horiz
I believe that my computer has just become infected with the Peak Protection 2010 Virus, and it's claiming that it's a virus protection program that will remove viruses on my computer if I give it my credit card number. The program isn't allowing me to open up Mozilla Firefox nor Internet Explorer.

How can I remove this program? I'm currently in safe mode and I'm running a quick scan on Malware Bytes to see if it can do anything about it, but any assistance would be very much appreciated.

Thank you so much!

descriptionPeak Protection 2010 Virus? EmptyRe: Peak Protection 2010 Virus?

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionPeak Protection 2010 Virus? EmptyRe: Peak Protection 2010 Virus?

more_horiz
Here are the results of the Malware Bytes' scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4134

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/15/2010 8:01:38 PM
mbam-log-2010-10-15 (20-01-38).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 191045
Time elapsed: 33 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\0.4154838970683802.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

descriptionPeak Protection 2010 Virus? EmptyRe: Peak Protection 2010 Virus?

more_horiz
Here's the OTL log file:


OTL logfile created on: 10/15/2010 8:07:43 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 457.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 48.75 Gb Free Space | 65.44% Space Free | Partition Type: NTFS

Computer Name: HOME-CQL6UJGE1V | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/15 20:06:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(3).exe
PRC - [2010/06/27 11:08:12 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/27 11:08:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/15 20:06:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(3).exe
MOD - [2004/08/04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/31 16:05:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/08/04 01:56:44 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2001/10/19 20:40:14 | 000,061,440 | ---- | M] (Canon Inc) [Auto | Stopped] -- C:\Program Files\Canon\MultiPASS4\mpservic.exe -- (MpService)


========== Driver Services (SafeList) ==========

DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/09/18 18:31:04 | 000,048,408 | ---- | M] (Canon) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cis1284.sys -- (cis1284)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/02 22:40:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/02 11:58:27 | 000,000,000 | ---D | M]

[2010/05/21 22:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5z12rfeq.default\extensions
[2010/10/15 20:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5z12rfeq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 18:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/06/25 17:38:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\mptbox.exe (Canon Inc)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 17:55:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/02 12:00:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/10/02 11:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/02 11:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/02 11:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/27 22:42:42 | 000,417,016 | ---- | C] (Vitzo Limited) -- C:\Program Files\Common Files\ZugoInstaller.exe
[2010/09/27 22:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader
[2010/09/27 19:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/09/27 19:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/09/27 00:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/09/17 21:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/17 21:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/09/17 21:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/17 21:12:42 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/09/17 21:12:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/09/17 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/17 21:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/17 21:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/10/15 20:01:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fxnekvq.sys
[2010/10/15 18:09:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/15 17:40:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/15 17:28:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1682526488-725345543-1003UA.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/12 17:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 01:22:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/10 04:28:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1682526488-725345543-1003Core.job
[2010/10/02 16:15:11 | 000,048,812 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 11:58:17 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/27 16:22:41 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/10/15 20:01:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fxnekvq.sys
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/02 16:15:11 | 000,048,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 12:00:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/02 11:58:16 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/17 21:13:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/31 01:09:28 | 000,126,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/23 22:07:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 23:53:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/11 18:21:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/16 16:13:06 | 000,020,900 | ---- | C] () -- C:\WINDOWS\System32\MpUpMon.dll
[2010/02/16 10:29:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/02/15 12:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/27 15:04:44 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/08/27 15:04:32 | 000,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/08/27 15:03:52 | 004,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/08/25 13:38:04 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/08/25 12:56:56 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/25 12:37:02 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/06/02 13:15:44 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/06/02 13:15:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/06/02 13:15:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/06/02 13:14:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/06/02 13:14:30 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/06/02 13:13:58 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/06/02 13:13:50 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/25 17:45:48 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

descriptionPeak Protection 2010 Virus? EmptyRe: Peak Protection 2010 Virus?

more_horiz
As for the other log file, I can't find any file on my desk top that pertains to this. Could it possibly be located in a different place?

descriptionPeak Protection 2010 Virus? EmptyRe: Peak Protection 2010 Virus?

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Peak Protection 2010 Virus? CF_download_FF

    Peak Protection 2010 Virus? CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Peak Protection 2010 Virus? Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Peak Protection 2010 Virus? Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionPeak Protection 2010 Virus? EmptyRe: Peak Protection 2010 Virus?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum