WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


NAGEL.E / BANKER VIRUS

2 posters

descriptionNAGEL.E / BANKER VIRUS - Page 1 EmptyRe: NAGEL.E / BANKER VIRUS6th February 2010, 8:23 pm

more_horiz
he's used it this morning and it all SEEMS to have disappeared (popups etc). Too easy? I defragged last night but think it ended up hung. Restarted & all good. Is it lurking?

descriptionNAGEL.E / BANKER VIRUS - Page 1 EmptyRe: NAGEL.E / BANKER VIRUS6th February 2010, 8:26 pm

more_horiz
Hard to say, please re-run Combofix so we can get a log and then we can see what's what.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
NAGEL.E / BANKER VIRUS - Page 1 DXwU4
NAGEL.E / BANKER VIRUS - Page 1 VvYDg

descriptionNAGEL.E / BANKER VIRUS - Page 1 EmptyRe: NAGEL.E / BANKER VIRUS6th February 2010, 8:58 pm

more_horiz
yay !!
-----------------------
ComboFix 10-02-05.02 - Steven P 07/02/2010 9:46.1.2 - x86
Microsoft®️ Windows Vista™️ Home Basic 6.0.6002.2.1252.64.1033.18.3002.2056 [GMT 13:00]
Running from: c:\users\Steven P\Security\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-3767358652-1191654320-1600515110-500
c:\$recycle.bin\S-1-5-21-4205227771-1647843781-2177907723-500
c:\users\Steven P\AppData\Local\taynxb
c:\users\Steven P\AppData\Local\taynxb\awrtsftav.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 20:54 . 2010-02-06 20:54 -------- d-----w- c:\users\Steven P\AppData\Local\temp
2010-02-06 20:54 . 2010-02-06 20:54 -------- d-----w- c:\users\Jorgiah\AppData\Local\temp
2010-02-06 20:54 . 2010-02-06 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-06 04:56 . 2010-02-06 04:56 -------- d-----w- C:\Archive
2010-02-06 04:40 . 2010-02-06 04:40 -------- d-----w- c:\program files\Trend Micro
2010-02-06 04:15 . 2010-02-06 04:15 -------- d-----w- c:\users\Steven P\AppData\Local\Trend Micro
2010-02-05 21:16 . 2009-07-29 14:29 94480 ----a-r- c:\windows\system32\drivers\tmcomm.sys
2010-02-05 19:26 . 2010-02-05 19:26 1140850688 --sha-w- C:\NRTPage.sys
2010-02-04 19:47 . 2010-02-04 19:47 97792 --sha-r- c:\users\Steven P\AppData\Roaming\hpf3l0828.dll
2010-01-24 00:43 . 2010-02-03 07:50 -------- d-----w- c:\users\Steven P\Tracing
2010-01-23 06:18 . 2010-01-23 06:18 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE17B.tmp.exe
2010-01-13 00:21 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 00:21 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 04:00 . 2010-01-13 22:12 181120 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 00:09 . 2009-12-19 05:32 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2010-02-05 00:06 . 2009-01-09 14:01 -------- d-----w- c:\programdata\NortonInstaller
2010-02-02 17:10 . 2009-10-09 02:09 -------- d-----w- c:\users\Jorgiah\AppData\Roaming\LimeWire
2010-01-25 04:00 . 2009-10-09 01:20 -------- d-----w- c:\users\Jorgiah\AppData\Roaming\Sierra Wireless
2010-01-22 18:59 . 2009-03-28 06:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 00:33 . 2009-01-09 14:11 -------- d-----w- c:\program files\Norton Internet Security
2010-01-17 00:32 . 2009-01-09 14:02 -------- d-----w- c:\programdata\Norton
2010-01-17 00:31 . 2008-08-01 23:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-16 23:18 . 2009-12-19 05:28 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2010-01-13 05:03 . 2008-08-02 00:33 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 05:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-09 01:43 . 2009-09-27 03:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-09 01:43 . 2008-08-02 01:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-08 23:19 . 2009-01-10 03:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 23:18 . 2009-01-10 03:34 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 03:07 . 2009-01-10 03:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 03:07 . 2009-01-10 03:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 22:36 . 2010-01-05 22:36 -------- d-----w- c:\users\Steven P\AppData\Roaming\GretagMacbeth
2010-01-05 22:24 . 2010-01-05 22:24 -------- d-----w- c:\program files\X-Rite
2010-01-05 22:23 . 2010-01-05 22:23 -------- d-----w- c:\program files\GretagMacbeth
2010-01-04 23:05 . 2010-01-04 22:56 -------- d-----w- c:\program files\EPSON
2010-01-04 23:05 . 2008-08-01 23:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 06:38 . 2010-01-22 19:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 19:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 19:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 19:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-27 02:56 . 2009-10-09 01:20 105416 ----a-w- c:\users\Jorgiah\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-19 22:11 . 2009-12-19 22:11 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-19 06:00 . 2009-12-19 05:58 -------- d-----w- c:\users\Steven P\AppData\Roaming\Nikon
2009-12-19 05:58 . 2009-12-19 05:30 -------- d-----w- c:\program files\Common Files\Nikon
2009-12-19 05:36 . 2009-12-19 05:36 49152 ----a-r- c:\users\Steven P\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-12-19 05:35 . 2009-12-19 05:35 57344 ----a-r- c:\users\Steven P\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-12-19 05:33 . 2009-12-19 05:30 -------- d-----w- c:\program files\Nikon
2009-12-19 05:32 . 2009-12-19 05:28 -------- d-----w- c:\programdata\Ultima_T15
2009-12-19 05:32 . 2009-12-19 05:28 -------- d-----w- c:\programdata\EnterNHelp
2009-12-19 05:30 . 2009-12-19 05:30 -------- d-----w- c:\programdata\Nikon
2009-12-19 05:28 . 2008-08-01 23:52 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-12-13 03:11 . 2009-01-09 13:56 105416 ----a-w- c:\users\Steven P\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-12 23:52 . 2009-12-12 23:49 -------- d-----w- c:\users\Steven P\AppData\Roaming\HP
2009-12-12 23:50 . 2008-08-02 01:03 -------- d-----w- c:\programdata\HP
2009-12-12 23:50 . 2009-12-12 23:50 -------- d-----w- c:\programdata\WEBREG
2009-12-12 23:49 . 2009-12-12 23:32 188663 ----a-w- c:\windows\hpwins22.dat
2009-12-12 23:47 . 2008-08-01 23:52 -------- d-----w- c:\program files\HP
2009-12-12 23:47 . 2009-12-12 23:47 -------- d-----w- c:\programdata\HP Product Assistant
2009-12-12 23:40 . 2009-12-12 23:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-22 06:09 . 2009-11-22 06:09 439816 ----a-w- c:\users\Steven P\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-17 05:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-14 02:21 . 2009-11-14 02:21 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-02-07 04:08 . 2009-01-10 23:08 696 ----a-w- c:\program files\Collections.html
2009-01-11 00:31 . 2009-01-10 23:31 255 ----a-w- c:\program files\PlayList.txt
2008-08-01 22:13 . 2008-08-01 22:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "c:\program files\AGI\common\agcutils.dll" [2010-02-06 43520]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 04:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe" [2008-05-27 114688]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-24 1732608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

c:\users\Steven P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-1-11 157000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-10-26 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-5 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2010-1-6 708608]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2010-1-6 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d3,0e,ee,4a,94,24,ca,01

R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [11/01/2009 11:37 a.m. 10240]
R2 PDIHWCTL;PDIHWCTL;c:\windows\System32\drivers\pdihwctl.sys [6/01/2010 11:24 a.m. 14416]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2/08/2008 2:40 p.m. 361808]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [14/11/2009 12:31 a.m. 92008]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2/08/2008 1:04 p.m. 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [5/06/2008 6:54 a.m. 113664]
S2 gupdate1ca3f1fd4725840;Google Update Service (gupdate1ca3f1fd4725840);c:\program files\Google\Update\GoogleUpdate.exe [27/09/2009 4:08 p.m. 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 3:33 p.m. 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/10/2009 6:10 p.m. 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 p.m. 704864]
S3 i1;i1 Pro;c:\windows\System32\drivers\i1.sys [6/01/2010 11:24 a.m. 26045]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\AWC Startup.job
- c:\program files\Cisco\IObit\Advanced SystemCare 3\AWC.exe [2009-11-02 20:33]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 03:08]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 03:08]

2010-01-28 c:\windows\Tasks\HPCeeScheduleForSteven P.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-01 22:14]

2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{6B017BE1-86DF-494A-9744-2553EA19B92F}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{BD0B4BE0-711F-4243-9F62-2895FC946B25}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride =
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 09:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-07 09:57:00
ComboFix-quarantined-files.txt 2010-02-06 20:56

Pre-Run: 72,396,464,128 bytes free
Post-Run: 72,320,122,880 bytes free

- - End Of File - - 1428B46E1365AB65B32B98C7098984F0

descriptionNAGEL.E / BANKER VIRUS - Page 1 EmptyRe: NAGEL.E / BANKER VIRUS6th February 2010, 9:01 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
NAGEL.E / BANKER VIRUS - Page 1 DXwU4
NAGEL.E / BANKER VIRUS - Page 1 VvYDg

descriptionNAGEL.E / BANKER VIRUS - Page 1 EmptyRe: NAGEL.E / BANKER VIRUS6th February 2010, 9:30 pm

more_horiz
Awesome !! thank you so much for all your help - we would have been knackered without you Hooray!

descriptionNAGEL.E / BANKER VIRUS - Page 1 EmptyRe: NAGEL.E / BANKER VIRUS

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum