win32/nugel.E and banker.a

View previous topic View next topic Go down

win32/nugel.E and banker.a

Post by Greaves31 on Thu 22 Jul 2010, 7:02 am

So my computer isnt letting me exectute files...its seems like this has been happening to alot of people on here. So i have my computer in safe mode right now. After viewing similar forums i used combo fix, here is my log so what should i do next? thank you

ComboFix 10-07-20.03 - Sean Greaves 07/21/2010 15:36:45.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2037.1341 [GMT -4:00]
Running from: c:\users\Sean Greaves\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
c:\program files\Smart-Shopper\cs\antiphishing\antiphishing.html
c:\program files\Smart-Shopper\cs\antiphishing\phishAlert.gif
c:\program files\Smart-Shopper\cs\antiphishing\x.gif
c:\program files\Smart-Shopper\cs\antiphishing\xActive.gif
c:\program files\Smart-Shopper\Uninst.exe
c:\users\Sean Greaves\AppData\Local\{DE623834-E39C-4844-8E36-24E3F29728A5}
c:\users\Sean Greaves\AppData\Local\{DE623834-E39C-4844-8E36-24E3F29728A5}\chrome.manifest
c:\users\Sean Greaves\AppData\Local\{DE623834-E39C-4844-8E36-24E3F29728A5}\chrome\content\_cfg.js
c:\users\Sean Greaves\AppData\Local\{DE623834-E39C-4844-8E36-24E3F29728A5}\chrome\content\overlay.xul
c:\users\Sean Greaves\AppData\Local\{DE623834-E39C-4844-8E36-24E3F29728A5}\install.rdf
c:\windows\7Loader.TAG

.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 19:43 . 2010-07-21 19:44 -------- d-----w- c:\users\Sean Greaves\AppData\Local\temp
2010-07-21 19:43 . 2010-07-21 19:43 -------- d-----w- c:\users\Mcx1-SEANGREAVES-PC\AppData\Local\temp
2010-07-21 19:43 . 2010-07-21 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-21 18:36 . 2010-02-05 13:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-07-21 18:36 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-21 18:36 . 2010-03-10 15:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-21 18:36 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-21 18:36 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-21 18:36 . 2010-07-21 18:36 -------- d-----w- c:\program files\Spyware Doctor
2010-07-21 18:36 . 2010-07-21 18:36 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-21 18:36 . 2010-07-21 18:36 -------- d-----w- c:\users\Sean Greaves\AppData\Roaming\PC Tools
2010-07-21 18:36 . 2010-07-21 18:36 -------- d-----w- c:\programdata\PC Tools
2010-07-21 18:24 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 18:24 . 2010-07-21 18:24 -------- d-----w- c:\programdata\Malwarebytes
2010-07-21 18:24 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 18:24 . 2010-07-21 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:55 . 2010-07-21 17:55 -------- d-----w- c:\program files\Crawler
2010-07-21 17:54 . 2010-07-21 17:54 -------- d-----w- c:\program files\Spyware Terminator
2010-07-21 16:41 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-21 16:41 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-21 16:41 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-21 16:41 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-21 16:41 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-21 16:41 . 2010-07-21 16:41 -------- d-----w- C:\_407708_
2010-07-21 16:41 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-21 16:41 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-21 16:40 . 2010-07-21 16:40 -------- d-----w- c:\programdata\Alwil Software
2010-07-21 16:40 . 2010-07-21 16:40 -------- d-----w- c:\program files\Alwil Software
2010-07-21 13:10 . 2010-07-21 13:10 -------- d-----w- c:\users\Sean Greaves\AppData\Local\ElevatedDiagnostics
2010-07-21 04:03 . 2010-07-21 04:03 -------- d-----w- c:\program files\AVG
2010-07-21 04:02 . 2010-07-21 18:08 -------- d-----w- c:\programdata\avg9
2010-07-21 03:54 . 2010-07-21 03:54 0 ----a-w- c:\windows\nsreg.dat
2010-07-21 03:49 . 2010-07-21 03:49 2804 ----a-w- c:\users\Sean Greaves\AppData\Local\eyaqitih.dll
2010-07-20 19:36 . 2010-07-20 19:36 120 ----a-w- c:\users\Sean Greaves\AppData\Local\Qcuduw.dat
2010-07-20 19:36 . 2010-07-20 19:36 0 ----a-w- c:\users\Sean Greaves\AppData\Local\Ynomivikik.bin
2010-07-20 19:35 . 2010-07-21 19:44 767488 ----a-w- c:\windows\system32\drivers\aenhkzg.sys
2010-07-20 19:35 . 2010-07-21 18:27 -------- d-----w- c:\users\Sean Greaves\AppData\Local\abntnkvoh
2010-06-24 07:01 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:01 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 07:01 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 07:01 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 07:01 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 01:17 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-24 01:17 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-24 01:17 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 07:01 . 2010-02-17 03:00 -------- d-----w- c:\programdata\Microsoft Help
2010-07-10 00:24 . 2010-02-17 03:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-07-02 16:15 . 2010-02-17 02:15 -------- d-----w- c:\users\Sean Greaves\AppData\Roaming\BitTorrent
2010-06-25 07:01 . 2010-02-17 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-06-07 05:12 . 2010-02-17 18:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-03 02:16 . 2010-04-29 00:15 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-03 02:16 . 2010-06-03 02:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-05-27 07:24 . 2010-06-09 08:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 08:25 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 21:28 . 2010-05-24 21:27 -------- d-----w- c:\program files\jZip
2010-05-24 21:28 . 2010-05-24 21:28 -------- d-----w- c:\program files\Yahoo!
2010-05-24 21:28 . 2010-05-24 21:28 -------- d-----w- c:\users\Sean Greaves\AppData\Roaming\Yahoo!
2010-05-24 21:28 . 2010-05-24 21:28 -------- d-----w- c:\programdata\Yahoo! Companion
2010-05-21 18:14 . 2010-02-17 00:39 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-09 08:25 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-18 23:31 . 2010-02-17 03:48 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-05-18 23:31 . 2010-05-18 23:31 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-01 14:49 . 2010-06-09 08:26 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 00:15 . 2010-04-29 00:15 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-04-29 00:15 . 2010-02-26 23:07 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-04-23 07:13 . 2010-05-26 05:36 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-01-16 13:59 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Sean Greaves\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-17 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\users\Sean Greaves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"

R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]


--- Other Services/Drivers In Memory ---

*Deregistered* - aenhkzg
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2397187988-3055946171-1919316422-1001Core.job
- c:\users\Sean Greaves\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-17 02:04]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2397187988-3055946171-1919316422-1001UA.job
- c:\users\Sean Greaves\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-17 02:04]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Osafanuperam - c:\users\Sean Greaves\AppData\Local\wlapin.dll
HKCU-Run-ncdkjjrc - c:\users\Sean Greaves\AppData\Local\abntnkvoh\gdxkelutssd.exe
HKCU-Run-Kruzunaniyanun - c:\users\Sean Greaves\AppData\Local\usulihiw.dll
HKLM-RunOnce- - (no file)
AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aenhkzg]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-21 15:48:56
ComboFix-quarantined-files.txt 2010-07-21 19:48

Pre-Run: 183,935,635,456 bytes free
Post-Run: 186,761,953,280 bytes free

- - End Of File - - F6DB5D3EC206C3F76AE746BB0A0E0B26

Greaves31

Unborn
Unborn

Posts : 3
Joined : 2010-07-22
Operating System : windows7

View user profile

Back to top Go down

Re: win32/nugel.E and banker.a

Post by DragonMaster Jay on Thu 22 Jul 2010, 8:25 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





ComboFix should not be run without the guidance of a helper. It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

See this link to get more info on why it is dangerous.

===============================

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: win32/nugel.E and banker.a

Post by Greaves31 on Thu 22 Jul 2010, 9:39 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4336

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/21/2010 4:57:56 PM
mbam-log-2010-07-21 (16-57-56).txt

Scan type: Quick scan
Objects scanned: 138987
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper - Compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\SmartShopper Help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper\Uninstall SmartShopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

Greaves31

Unborn
Unborn

Posts : 3
Joined : 2010-07-22
Operating System : windows7

View user profile

Back to top Go down

Re: win32/nugel.E and banker.a

Post by Greaves31 on Thu 22 Jul 2010, 9:39 am

my computer seems to be running fine now. did combofix solve the problem?

Greaves31

Unborn
Unborn

Posts : 3
Joined : 2010-07-22
Operating System : windows7

View user profile

Back to top Go down

Re: win32/nugel.E and banker.a

Post by DragonMaster Jay on Thu 22 Jul 2010, 5:54 pm

Not sure.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: win32/nugel.E and banker.a

Post by Sponsored content Today at 5:53 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum