Credit Card # Stolen; Logs Attached

Welcome to Major Geeks!

Please answer all of the below questions:

1. Did you use any other PCs to make purchases at anytime?
2. What online stores?
3. Have you contacted all stores to ask them about any potential issues?
4. Does anyone else ever have access to your PC?
5. Have you changed the passwords on your PC and to all of your online accounts ( all accounts everywhere ) including email accounts?
6. Why do you have LimeWire running at startup and have you had this active while doing online purchases? This leaves your PC open for unauthorized access!!! You should uninstall this and stop using it or anything like it.

You only attached the one that is clean. We need to see the below two logs:

Code:

"C:\Users\JustinElders\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Dec 29 2010  1898 "mbam-log-2010-12-29 (21-13-05).txt"
Dec  3 2008  4169 "mbam-log-2008-12-03 (21-35-26).txt"

Did you have all of Symantec disabled before trying to run ComboFix? Please try again. Try safe boot mode if normal bootmode will not work.

There are no obvious signs of password/info stealers in the logs you have attached thus far but let's cleanup a few things.



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now let's flush the Java Cache

• Click Start > Settings > Control Panel
• Double click the Java icon (be patient, it may take a while to open)
• Now click the General tab and under the Temporary Internet File area
• Click the Settings button and then click the Delete Files... button.
• In the next popup click OK.

If you have multiple Java plugin icons in Control Panel follow the above to clear all their caches.

Now let's flush the FireFox Cache

To flush your FireFox Cache:

• click Tools
• select Options
• select Privacy
• in the section labeled Private Data click Clear Now
  

Now let's flush the Internet Explorer Cache

To flush your Internet Explorer Cache:

• click Tools
• Internet Options
• Now on the General tab and click Delete Files and select Delete all Offline content too
• Click OK.
• When it finishes Click OK.

Now run Ccleaner!

Now please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.


NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Now run GMER per the below instructions and attach the log
GMER - running with a random name


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• the GMER log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Other than what has already been removed, I'm not seeing any remaining issues. I still cannot be sure that this PC was the cause of your credit card info being stolen. The only item indicating possibly theft of info was the below seen in your Malwarebytes log.

But even this does not really mean that the problem originated from your PC. Yes there was some malware removed and it is possible that it was the source of your problem but we really cannot really say with 100% certainty that it was the cause. It still could be a problem with the sites you are buying from. They may or may not be legit sites or they could even have a problem with infections on their side.

In many cases, the most reliable thing to do in situations like this is to back up personally data, and then format and reinstall to be sure your PC is clean. And before reconnecting to the internet, make sure it is properly protected.

Also note, that if you changed your passwords/logins using this PC, there is still a risk that they were stolen again( I would say a low risk but no impossible ). You should have used a different known clean PC. Also you will need to track closely for the next few months all transactions. You also may want to read the below:

How to report ID theft, fraud, drive-by installs, hijacking and malware?

When should I re-format? How should I reinstall?