I have recently been notified that my credit card has been compromised. I am thinking it might be one of the online vendors I may have purchased from that have been compromised but want to make sure there is nothing on my computer. I have run HJT and have attached the log. Any help would be greatly appreciated. Thanks!

There is defiantly something wrong! You mentioned no symptoms or problems beside your card being compromised.

Does your computer run alright? Several of the missing files below are critical Windows system files. I am surprised the computer runs and why did you mention no issues!

Run HJT Scan only and select and remove all the below
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

I hope your computer can do the below because you better get right on it.

Do no banking until we are clean. Change all pass/access codes used on this computer. Do it by phone or on a known clean computer.

Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

Most importantly update MalwareBytes and SuperAntiSptware!

Before you scan with SuperAntiSpyWare do the below:

SuperAntispyware extra config

After installed double-click the icon on your desktop to run it.

Update the program definitions.

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

MalwareBytes extra config

After update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Run them and attach their logs.

Mike

You are definitely going to need to do a system repair after you have completed the steps above. http://www.vistax64.com/tutorials/88236-repair-install-vista.html

I followed the 8-steps and have attached the three logs.

As far as issues I have not had any at all and my computer works fine. Thanks for your help!

Hi trunyon

Sorry man dropped off to sleep in the recliner after dinner, long day!

Boy was that unexpected!

Hardly a Malware issue compared to what I have worked on lately! I also expected you to say at least that yeah there were a few problems!!!!

Also did you Run HJT and try to remove the entries? Because if you did it did not touch them!

Do you have another Admin level logon on this machine?

OK we need a deeper look.

Download http://oldtimer.geekstogo.com/OTViewIt.exe
Run it, when finished post the log that opens then close it and open the other "Extra" log and post it.

Then...

Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike

hey mike,

I did not remove any entries from HJT because I have no idea which ones to remove!

I could not get combo fix to work, it gave me an error - win32, incompatible with vista.

Let me know if there is anything else I need to do. I appreciate your help again.

Just a FYI post.

Please read: Is your system infected? Read this before Cleaning or Formatting
I know I would think seriously about Re-Install if I used a Credit Card online, and got infected

Yes based on all I agree with Kim. By reinstall I mean not a repair but a full format and install.

That is the safest thing to do!

Besides in rereading and considering all I don't even see a good place to even start, there are to many issues. This computer is totally compromised!

Wish I could offer more!

Mike

hey guys, I reformatted and did a clean install of vista, but now I cannot connect to the internet. I don't know if you would have the answer but when I try to diagnose the connection it says "Realtek RTL8168/8111 Family PCI-# Gigabit Ethernet NIC(NDIS 6.0) is experiencing driver or hardware related issues"

I've cycled my modem several times which used to work but that is not working. I jsut don't konw why it is giving me problems since this is a fresh install. Any ideas?

That's a driver fault

Note: Microsoft does hold a lot of drivers, but not all of them, and especially not all of them on one DVD (more likely a million terrabyte !)

You need to locate your drivers for your Network card
This thread may help http://www.techspot.com/vb/topic117607.html
Or just go to Realtek support download page

If you tell us the brand, model, and configuration of your computer, we can perhaps be more help.
Many computers Windows disks will allow you to reinstall Windows in a repair mode from which you can make the correctioins you need in your install, then use the TechSpot 8 Steps to start fixing and recovering. This is a better option for most people, if you have/had valuable data you need to rescue and save.