Peak Protection 2010 Virus?

View previous topic View next topic Go down

Peak Protection 2010 Virus?

Post by amdwinxgrl on 15th October 2010, 10:21 pm

I believe that my computer has just become infected with the Peak Protection 2010 Virus, and it's claiming that it's a virus protection program that will remove viruses on my computer if I give it my credit card number. The program isn't allowing me to open up Mozilla Firefox nor Internet Explorer.

How can I remove this program? I'm currently in safe mode and I'm running a quick scan on Malware Bytes to see if it can do anything about it, but any assistance would be very much appreciated.

Thank you so much!

amdwinxgrl
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-03
Gender Gender : Female
OS OS : Windows XP
Points Points : 25231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Peak Protection 2010 Virus?

Post by Belahzur on 15th October 2010, 11:02 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Peak Protection 2010 Virus?

Post by amdwinxgrl on 16th October 2010, 12:10 am

Here are the results of the Malware Bytes' scan:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4134

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

10/15/2010 8:01:38 PM
mbam-log-2010-10-15 (20-01-38).txt

Scan type: Full scan (A:\|C:\|D:\|)
Objects scanned: 191045
Time elapsed: 33 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\0.4154838970683802.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

amdwinxgrl
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-03
Gender Gender : Female
OS OS : Windows XP
Points Points : 25231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Peak Protection 2010 Virus?

Post by amdwinxgrl on 16th October 2010, 12:10 am

Here's the OTL log file:


OTL logfile created on: 10/15/2010 8:07:43 PM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 457.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 48.75 Gb Free Space | 65.44% Space Free | Partition Type: NTFS

Computer Name: HOME-CQL6UJGE1V | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/15 20:06:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(3).exe
PRC - [2010/06/27 11:08:12 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/27 11:08:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/15 20:06:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL(3).exe
MOD - [2004/08/04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/31 16:05:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2004/08/04 01:56:44 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2001/10/19 20:40:14 | 000,061,440 | ---- | M] (Canon Inc) [Auto | Stopped] -- C:\Program Files\Canon\MultiPASS4\mpservic.exe -- (MpService)


========== Driver Services (SafeList) ==========

DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/09/18 18:31:04 | 000,048,408 | ---- | M] (Canon) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cis1284.sys -- (cis1284)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/02 22:40:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/02 11:58:27 | 000,000,000 | ---D | M]

[2010/05/21 22:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/15 20:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5z12rfeq.default\extensions
[2010/10/15 20:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5z12rfeq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/15 18:20:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/06/25 17:38:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\mptbox.exe (Canon Inc)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/15 17:55:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/02 12:00:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/10/02 11:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/02 11:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/02 11:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/27 22:42:42 | 000,417,016 | ---- | C] (Vitzo Limited) -- C:\Program Files\Common Files\ZugoInstaller.exe
[2010/09/27 22:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube Downloader
[2010/09/27 19:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/09/27 19:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/09/27 00:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/09/17 21:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/17 21:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/09/17 21:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/17 21:12:42 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/09/17 21:12:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/09/17 21:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/17 21:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/09/17 21:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

========== Files - Modified Within 30 Days ==========

[2010/10/15 20:01:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\fxnekvq.sys
[2010/10/15 18:09:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/15 17:40:39 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/15 17:28:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1682526488-725345543-1003UA.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/12 17:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/11 01:22:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/10 04:28:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1682526488-725345543-1003Core.job
[2010/10/02 16:15:11 | 000,048,812 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 11:58:17 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/27 16:22:41 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/10/15 20:01:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\fxnekvq.sys
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/15 16:30:37 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/15 16:30:36 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/02 16:15:11 | 000,048,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/02 12:00:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/02 11:58:16 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/17 21:13:11 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/31 01:09:28 | 000,126,168 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/23 22:07:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 23:53:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/11 18:21:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/16 16:13:06 | 000,020,900 | ---- | C] () -- C:\WINDOWS\System32\MpUpMon.dll
[2010/02/16 10:29:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/02/15 12:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/27 15:04:44 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/08/27 15:04:32 | 000,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/08/27 15:03:52 | 004,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/08/25 13:38:04 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/08/25 12:56:56 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/25 12:37:02 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/06/02 13:15:44 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/06/02 13:15:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/06/02 13:15:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/06/02 13:14:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/06/02 13:14:30 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/06/02 13:13:58 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/06/02 13:13:50 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/25 17:45:48 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

amdwinxgrl
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-03
Gender Gender : Female
OS OS : Windows XP
Points Points : 25231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Peak Protection 2010 Virus?

Post by amdwinxgrl on 16th October 2010, 12:14 am

As for the other log file, I can't find any file on my desk top that pertains to this. Could it possibly be located in a different place?

amdwinxgrl
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-02-03
Gender Gender : Female
OS OS : Windows XP
Points Points : 25231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Peak Protection 2010 Virus?

Post by Belahzur on 16th October 2010, 11:57 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum