Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » Credit Card Info Stolen, Looking to make sure comp is clear.

[Pending] HJT Logs - Credit Card Info Stolen, Looking to make sure comp is clear. posted in the Security & Safety forums; Hi. My credit card info apparently was stolen today or yesterday, I have no idea how though. There are no issues with my computer, it has no problems whatsoever. I ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 06-19-2008
New Poster
  
Join Date: Jun 2008
Posts: 1
PC Experience: Very Experienced
Kurobei - See this Members User comments on their Profile page
Default Credit Card Info Stolen, Looking to make sure comp is clear.
Hi. My credit card info apparently was stolen today or yesterday, I have no idea how though.

There are no issues with my computer, it has no problems whatsoever.

I am submitting my logs to try to make sure that things are okay or if there is something hiding somewhere.

Logs begin---------

main.txt
Deckard's System Scanner v20071014.68
Run by Kuro on 2008-06-19 18:30:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2008-06-19 22:30:37 UTC - RP146 - Deckard's System Scanner Restore Point
30: 2008-06-19 22:30:29 UTC - RP145 - Installed Windows XP KB885836.
29: 2008-06-19 22:30:06 UTC - RP144 - Installed Windows XP KB873339.
28: 2008-06-19 22:29:22 UTC - RP143 - Installed Windows XP KB887742.
27: 2008-06-19 22:29:02 UTC - RP142 - Installed Windows XP KB886677.


-- First Restore Point --
1: 2008-06-01 05:48:40 UTC - RP116 - Installed ESET NOD32 Antivirus


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kuro.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:12 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\autopatcher\autopatcher.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
D:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kuro.exe
C:\WINDOWS\system32\cmd.exe
D:\autopatcher\modules\Critical\KB890859_xp_x86_en u.apm_files\WindowsXP-KB890859-x86-ENU.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [KB886716] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...31/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5035/CTPID.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 4818 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 DSDrv4 - c:\program files\dscaler\dsdrv4.sys
S3 qmnmdd - c:\docume~1\kuro\locals~1\temp\qmnmdd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A5103C&REV_10\4&2EC 23395&0&40F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A5103C&REV_10\4&2EC 23395&0&40F0
Service: rtl8139


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-19 18:31:42 0 d-------- C:\Program Files\Windows Journal Viewer
2008-06-19 18:29:11 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-19 18:28:19 0 d-------- C:\WINDOWS\LastGood
2008-06-19 18:26:12 0 d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-06-19 18:24:43 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-06-19 18:21:41 0 d-------- C:\Program Files\Trend Micro
2008-06-19 18:21:15 40960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL <Not Verified; vbAccelerator; SSubTmr6>
2008-06-19 18:21:15 0 d-------- C:\#AutoPatcher_Temp#
2008-06-19 18:04:16 0 d-------- C:\Documents and Settings\Kuro\.housecall6.6
2008-06-18 20:02:53 0 d-------- C:\Documents and Settings\Kuro\Application Data\SPORE Creature Creator
2008-06-18 20:02:42 0 dr-h----- C:\Documents and Settings\Kuro\Application Data\SecuROM
2008-06-18 16:40:40 0 d-------- C:\Program Files\Electronic Arts
2008-06-18 16:40:00 0 d-------- C:\ProgramData
2008-06-18 16:39:49 1066 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-11 21:58:27 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-06-11 21:04:17 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-06-11 20:02:19 0 d-------- C:\Documents and Settings\Kuro\Application Data\Creative
2008-06-11 18:08:04 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-06-11 18:08:04 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-06-11 17:56:32 0 d-------- C:\Documents and Settings\Kuro\Application Data\Leadertech
2008-06-02 21:56:21 0 d-------- C:\Program Files\Common Files\Creative
2008-06-02 21:56:20 0 d--h----- C:\Program Files\Creative Installation Information
2008-06-02 21:53:17 0 d-------- C:\Program Files\Creative
2008-06-02 21:04:30 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-02 21:04:11 0 d-------- C:\autopatcher
2008-06-01 17:05:44 305152 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-01 02:20:01 23 --ahs---- C:\WINDOWS\system32\ecedaedcbb_r.dll
2008-06-01 02:19:44 0 d-------- C:\Program Files\jv16 PowerTools 2007
2008-06-01 01:50:51 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-06-01 01:50:51 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-01 01:48:42 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-01 01:27:02 0 d-------- C:\temp
2008-05-31 17:42:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-31 17:42:29 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-25 11:24:57 0 d-------- C:\WINDOWS\Downloaded Installations


-- Find3M Report ---------------------------------------------------------------

2008-06-19 18:31:49 0 d-------- C:\Program Files\PeerGuardian2
2008-06-19 18:15:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-19 17:56:23 0 d-------- C:\Documents and Settings\Kuro\Application Data\uTorrent
2008-06-18 17:40:58 0 d-------- C:\Documents and Settings\Kuro\Application Data\Macromedia
2008-06-17 17:23:30 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-02 21:56:21 0 d-------- C:\Program Files\Common Files
2008-06-01 02:34:45 0 d-------- C:\Program Files\Movie Maker
2008-06-01 01:55:52 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-01 01:30:18 0 d-------- C:\Documents and Settings\Kuro\Application Data\OpenOffice.org2
2008-05-09 17:57:45 0 d-------- C:\Program Files\Rosetta Stone
2008-05-07 19:42:02 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-27 19:32:01 0 d-------- C:\Documents and Settings\Kuro\Application Data\fltk.org
2008-04-23 04:10:19 23 --a------ C:\WINDOWS\popcinfot.dat
2008-04-19 19:34:36 0 d-------- C:\Documents and Settings\Kuro\Application Data\Mozilla
2008-04-12 23:56:47 4096 --a------ C:\WINDOWS\d3dx.dat
2008-03-25 17:46:17 65536 --a------ C:\WINDOWS\IFinst27.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [08/04/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [08/04/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [08/04/2004 08:00 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [12/19/2007 12:08 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/19/2007 12:08 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [12/19/2007 12:07 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/12/2007 03:36 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 06:54 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [02/20/2008 11:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 07:40 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 07:09 PM]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [08/07/2006 10:06 AM]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [06/13/2008 06:27 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"KB886716"=rundll32.exe apphelp.dll,ShimFlushCache

C:\Documents and Settings\Kuro\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [12/11/2007 1:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuro^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Kuro\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"D:\Games\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"hpqwmiex"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-06-19 18:32:42 ------------

extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2080 @ 1.73GHz
CPU 1: Genuine Intel(R) CPU T2080 @ 1.73GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1014.04 MiB / 533.21 MiB
Pagefile Memory (total/avail): 1216.81 MiB / 873.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.2 MiB

C: is Fixed (NTFS) - 6.32 GiB total, 1.18 GiB free.
D: is Fixed (NTFS) - 68.21 GiB total, 12.44 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 6.32 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 68.21 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C: \\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:En abled:Rosetta Stone Online Component"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Games\\Kyodai Mahjongg 2006\\kmj.exe"="D:\\Games\\Kyodai Mahjongg 2006\\kmj.exe:*:Enabled:Kyodai Mahjongg"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C: \\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:En abled:Rosetta Stone Online Component"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kuro\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KUROPAD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kuro
LOGONSERVER=\\KUROPAD
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Kuro\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\ System32\Wbem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kuro\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kuro\LOCALS~1\Temp
USERDOMAIN=KUROPAD
USERNAME=Kuro
USERPROFILE=C:\Documents and Settings\Kuro
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kuro (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A053D60-9267-11D5-8A2B-0050DA8B7D89}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Audiosurf --> "D:\Games\Steam\steam.exe" steam://uninstall/12900
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker --> D:\Games\Neverwinter Nights\premium\uninst Neverwinter Nights(TM) Kingmaker.exe
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Chronotron Plug-in for Winamp/WMP 9 (remove only) --> "C:\Program Files\Chronotron Inc\Chronotron\uninst-chronotron.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpv30A5a.inf
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
DScaler 4.1.15 --> "C:\Program Files\DScaler\unins000.exe"
Dungeon Keeper 2 --> C:\WINDOWS\IsUninst.exe -f"d:\games\dungeon keeper 2\Uninst.isu" -c"d:\games\dungeon keeper 2\uninst.dll"
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
ESET NOD32 Antivirus --> MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Evil Genius --> "D:\Games\Evil Genius\unins000.exe"
FINAL FANTASY XI --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI: Chains of Promathia --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
Foxit PDF Editor --> C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Freelancer --> "D:\Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_SprtHD5m\UIU32m. exe -U -ISprtHD5m.inf
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Quick Launch Buttons 6.40 B2 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
IsoBuster 2.3 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
jv16 PowerTools 2007 --> "C:\Program Files\jv16 PowerTools 2007\unins000.exe"
MechWarrior 2 --> C:\WINDOWS\uninst.exe -fD:\GAMES\MECHWA~1\DeIsL1.isu
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spunins t.exe"
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Games\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\setup.exe" -l0x9
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Planescape - Torment --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A053D60-9267-11D5-8A2B-0050DA8B7D89}\setup.exe"
PlayOnline Viewer and Tetra Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime Alternative 2.5.1 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Rosetta Stone V3 --> MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
SPORE™ Creature Creator --> "C:\Program Files\InstallShield Installation Information\{8CC42289-E228-4A35-B8A9-015242283BB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Games\Morrowind\CSUninstall\Setup.exe" -l0x9
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XPS Essentials Pack --> MsiExec.exe /X{6A69D94E-C569-4154-9643-72E94D1DDFDA}
XPS Essentials Pack 1.0 --> %SystemRoot%\$NtUninstallXpsEP$\spuninst\spuninst. exe /u


-- Application Event Log -------------------------------------------------------

Event Record #/Type354 / Warning
Event Submitted/Written: 06/19/2008 06:27:46 PM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type345 / Warning
Event Submitted/Written: 06/19/2008 06:25:34 PM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type332 / Error
Event Submitted/Written: 06/15/2008 11:32:21 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x0397acf0.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type331 / Error
Event Submitted/Written: 06/14/2008 02:09:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module firefox.exe, version 1.8.20080.40413, fault address 0x00024dfa.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type319 / Error
Event Submitted/Written: 06/08/2008 03:47:21 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sh3.exe, version 1.0.0.1, faulting module d3d8.dll, version 5.3.2600.2180, fault address 0x000318e4.
Processing media-specific event for [sh3.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1823 / Error
Event Submitted/Written: 06/19/2008 06:17:30 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Event Record #/Type1822 / Error
Event Submitted/Written: 06/19/2008 06:17:30 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.

Event Record #/Type1816 / Warning
Event Submitted/Written: 06/19/2008 03:21:57 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\KUROCHA on the network \Device\NetBT_Tcpip_{73395449-D146-467F-8EAF-548EED6C9F92}.
The data is the error code.

Event Record #/Type1815 / Warning
Event Submitted/Written: 06/19/2008 07:45:51 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\KUROCHA on the network \Device\NetBT_Tcpip_{73395449-D146-467F-8EAF-548EED6C9F92}.
The data is the error code.

Event Record #/Type1814 / Warning
Event Submitted/Written: 06/19/2008 05:33:47 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\KUROCHA on the network \Device\NetBT_Tcpip_{73395449-D146-467F-8EAF-548EED6C9F92}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-06-19 18:32:42 ------------




Thank you for any and all assistance.
  #2  
Old 06-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,089
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Credit Card Info Stolen, Looking to make sure comp is clear.
I can only see one file that needs removing which I am sure has nothing to do with your details that were stolen.



Download OTMoveIt2 http://download.bleepingcomputer.com.../OTMoveIt2.exe

Go to the location where you saved OTMoveIT2 and double click it. (If you're using Vista, right click on it and choose Run as Administrator).
Copy all the information found below. Highlight all of it, right click it and choose Copy.

C:\WINDOWS\nod32restoretemdono.reg


Next, return to OTMoveIt2 and right click in the "Paste List of Files/Patterns to Search For and Move" window.
Important: Paste only into the bottom input panel (under the yellow bar). The top panel will not help you. Then just right click and choose Paste.
Now, click the red MoveIt button and wait several minutes. When it's finished, look in the large right hand panel that says Results. You should see that at least the principal infector files were deleted and whichever applicable registry changes were made. (They may not all apply in your case). Close OTMoveIt2 when it has finished.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot your computer to finish the move process. If you're asked to reboot, simply choose Yes.
Now, double click and open OTMoveIt2 again. Click the green Clean Up! button at the top. (Note: It will need to access the Internet to download a small script file, so please allow your firewall to do so).
When it finishes, it will have deleted all of its quarantines, as well as, the OTMoveIt2 program and all the folders it created. Then just reboot your computer to finish up.


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

Tags
card , credit , info , stolen

« Please help | Malware Problem - I think »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 01:41 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
MPAA
Funny session with MPAA at the 2006 SXSW show.

Remortgages
Remortgage information and advice from the people at Money Expert.

Mobile Phones
Mobile Phones from Three store, the phone people.