Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Credit card number stolen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Credit card number stolen

Unread postby atlmsl » November 1st, 2011, 10:07 am

Okay here is the combofix log. I'm out of town until tomorrow so I'll reply with the router information then. Is it okay to uninstall combofix now?

ComboFix 11-11-01.02 - Michael 11/01/2011 9:42.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4058.2932 [GMT -4:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 13:55 . 2011-11-01 13:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{581C527F-406B-4D66-82F5-1328465BAC7B}\offreg.dll
2011-11-01 13:53 . 2011-11-01 13:56 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-11-01 13:53 . 2011-11-01 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-31 14:32 . 2011-10-31 14:32 -------- d-----w- C:\_OTL
2011-10-30 17:21 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{581C527F-406B-4D66-82F5-1328465BAC7B}\mpengine.dll
2011-10-27 15:18 . 2011-10-27 15:18 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2011-10-27 15:18 . 2011-10-27 15:18 -------- d-----w- c:\programdata\Malwarebytes
2011-10-27 15:18 . 2011-10-31 19:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-27 15:18 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-15 23:09 . 2011-10-15 23:09 -------- d-----w- c:\program files (x86)\Rosetta Stone
2011-10-15 23:09 . 2011-10-15 23:09 -------- d-----w- c:\programdata\RosettaStoneLtdBackup
2011-10-15 22:52 . 2011-10-15 22:53 -------- d-----w- c:\programdata\FLEXnet
2011-10-15 22:52 . 2011-10-15 22:52 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-10-15 22:50 . 2011-10-31 18:43 -------- d-----w- c:\programdata\Rosetta Stone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 15:47 . 2011-07-01 23:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-16 03:00 . 2011-09-16 03:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-16 03:00 . 2011-09-16 03:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-16 03:00 . 2011-09-16 03:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-16 03:00 . 2011-09-16 03:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-16 03:00 . 2011-09-16 03:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-16 03:00 . 2011-09-16 03:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-16 03:00 . 2011-09-16 03:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-16 03:00 . 2011-09-16 03:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-16 03:00 . 2011-09-16 03:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-16 03:00 . 2011-09-16 03:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-16 03:00 . 2011-09-16 03:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-16 03:00 . 2011-09-16 03:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-16 03:00 . 2011-09-16 03:00 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-16 03:00 . 2011-09-16 03:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-16 03:00 . 2011-09-16 03:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-16 03:00 . 2011-09-16 03:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-16 03:00 . 2011-09-16 03:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-16 03:00 . 2011-09-16 03:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-16 03:00 . 2011-09-16 03:00 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-16 03:00 . 2011-09-16 03:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-16 03:00 . 2011-09-16 03:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-16 03:00 . 2011-09-16 03:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-16 03:00 . 2011-09-16 03:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-16 03:00 . 2011-09-16 03:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-16 03:00 . 2011-09-16 03:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-16 03:00 . 2011-09-16 03:00 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-16 03:00 . 2011-09-16 03:00 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-16 03:00 . 2011-09-16 03:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-16 03:00 . 2011-09-16 03:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-16 03:00 . 2011-09-16 03:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-16 03:00 . 2011-09-16 03:00 448512 ----a-w- c:\windows\system32\html.iec
2011-09-16 03:00 . 2011-09-16 03:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-16 03:00 . 2011-09-16 03:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-16 03:00 . 2011-09-16 03:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-16 03:00 . 2011-09-16 03:00 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-16 03:00 . 2011-09-16 03:00 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-02 17:44 . 2011-09-02 17:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 181784]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
"combofix"="c:\combofix\CF13757.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2011-11-01 10:02:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-01 14:02
.
Pre-Run: 210,028,130,304 bytes free
Post-Run: 209,435,316,224 bytes free
.
- - End Of File - - 32A67ED94C363379200CF372744B3C05
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm
Advertisement
Register to Remove

Re: Credit card number stolen

Unread postby DFW » November 1st, 2011, 10:38 am

Is it okay to uninstall combofix now?


No not yet, we may need it, post back when your back with router reset details
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » November 1st, 2011, 10:40 am

Okay, will do
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby atlmsl » November 3rd, 2011, 5:57 pm

My work trip was extended and I won't be home until tomorrow to check the router. I contacted my IP and cannot help me with the default password so tomorrow I will try and contact the manufacturer.
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » November 4th, 2011, 6:40 am

Hi atlmsl

Try this link to find the router's default password, you can look it up. Here
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » November 6th, 2011, 7:22 pm

Ok. I have the password. I'll respond soon with the operation of the computer.
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby atlmsl » November 7th, 2011, 4:44 pm

Everything seems to be running pretty well right now with the router reset. Do you want me to try any of those other scans again?
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » November 8th, 2011, 6:29 am

Hi atlmsl

As long as all the re-directs have stopped I can safely say to got we have got it, all the scans we have run so far did not show any reason for
the re-directs coming from your PC, just make sure that you have changed the default password
on your router, this will stop your router being hijacked again.





Let's clear out the programs we've been using to clean up your computer,
they are not suitable for general malware removal and could cause damage if used inappropriately.



  • Right click on OTL.exe and select Run As Administrator to run it.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.


Keep Malwarebyte's Anti-Malware Installed
This is a excellent application and I advise you keep this installed. Check for updates and run a scan once at least once per week.




Next Delete aswMBR and DDS from your desktop



Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Creat.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.




Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
Using Windows Update in Windows Vista
What is Windows Update?
Microsoft Update Home



Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update,
you can use the Secunia Software Inspector - I suggest that you run it at least once a month


Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online



Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.



Please let me know the clean up went well. and also if you have any more questions.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby atlmsl » November 8th, 2011, 9:43 am

Clean up went well and computer is running great. Thanks so much for you help and patience!
atlmsl
Regular Member
 
Posts: 40
Joined: August 25th, 2011, 6:12 pm

Re: Credit card number stolen

Unread postby DFW » November 8th, 2011, 10:28 am

Your Welcome.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Credit card number stolen

Unread postby Cypher » November 8th, 2011, 11:55 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware