Bank account was drained - please review my logs

There are no signs of any problems in your logs. Are you sure that your account infor was stolen from this PC? Perhaps it occurred while using a different PC.

If you really expect that this PC was the root of your problem then security wise the safest thing to do is a total reinstall.

 

It is clean too.

No! Since everything thus far is clean we are unlikely to find any real problems running any other scanners.

We cannot guarantee that something is not being missed; however since everything is totally clean it is unlikely. If you are really worried, the best answer is to reinstall. Also ALL passwords to EVERYTHING ( not just financial related ) should be changed. However do not change them from your PC or any other PC that may have originally been the source of your bank info being stolen.

Keyloggers and password stealing trojans are designed to steal your info but your PC shows no problems at all. The source of your problems could be elsewhere.

 

Yes it is quite useful but I would just disable the option that has it load when Windows starts up. Just run it as a scanner when you want. A better option would be to purchase it and run it for realtime antispyware protection and scanning.

That's funny! Others are still seeing the problem. I will have to check it myself (if I can find the time). Run SpywareBlaster and check for updates and install any that are needed. Then make sure that you enable all protection in Spyware Blaster. See if AVG pops up while doing this and also run a scan with AVG afterwards to see if it mentions these active-x settings.

Thanks! We do work hard at this.


Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now if you don't want to keep it.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix.
4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Actually according to your logs it is not located there at all and you may have illegal characters in the Administrator user account name making it a problem to read properly with all the tools. See your newfiles.txt log inside of the MGlogs.zip file and you will see the user account is actually showing as:

USERNAME=Administratör

The umlouts maybe causing a problem because further down you will see:

Code:

List contents of C:\Documents and Settings                           
"C:\Documents and Settings\"
ADMINI~1       2007-03-27              "Administrat”r"
ADMINI~2       2007-04-10              "Administratr"

Notice two accounts similarly named and one shows with a "r .

There is no way ComboFix will find this. Also further down in the newfiles.txt log, the below appeared when trying to get to the Desktop:

Because of the "r in the folder name, the tool could not find any files on the Desktop since this is not what the user acount name really is. The umlout is an illegal DOS type character.

You will have to replace the "%userprofile%\Desktop\combofix" by what ever your real full path is and hopefully it will work. You need the quotes.

 

Okay so try the below

• Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"C:\Documents and Settings\Administratör\Skrivbord\combofix" /u

• Note: The space between the combofix" and the /u, it must be there.

Did that work?

 

Actually no! It would seem unlikely to be from the READ & RUN ME because of the below info from your logs:

It may be a good idea to unplug you cable to the internet and uninstall ZoneAlarm. Then reboot and reinstall it to make sure that everything is working correctly.