logmein123 scam... help?

CptAardvaark

There's a thread on the scam on this site, under the subject heading "Fake tech support virus phone scam from logmein123.com". I'd post the link but it won't let me seeing as I'm a new member (which is actually an awesome forum rule, btw).

Here's my startup text:


Yes HKCU:Run swg C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Yes HKCU:Run Google Update "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Yes HKCU:Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Yes HKCU:Run Advanced SystemCare 4 "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe"
No HKCU:Run msnmsgr "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
No HKCU:Run RegistryMechanic C:\Program Files\Registry Mechanic\RegMech.exe /H
Yes HKLM:Run Preload C:\Windows\RUNXMLPL.exe
Yes HKLM:Run SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run AzMixerSel C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Yes HKLM:Run IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Yes HKLM:Run MSPY2002 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
Yes HKLM:Run PHIME2002ASync C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Yes HKLM:Run PHIME2002A C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Yes HKLM:Run ZPdtWzdVitaKey MC3000 "C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" show
Yes HKLM:Run ePower_DMC C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Yes HKLM:Run LManager C:\PROGRA~1\LAUNCH~1\LManager.exe
Yes HKLM:Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run Adobe ARM "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run RTHDCPL RTHDCPL.EXE
Yes HKLM:Run Alcmtr ALCMTR.EXE
Yes HKLM:Run RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
Yes HKLM:Run Acer ePresentation HPD "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
Yes HKLM:Run Boot "C:\Acer\Empowering Technology\ePower\Boot.exe"
Yes HKLM:Run eRecoveryService "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
Yes HKLM:Run StartCCC "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Yes HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run Google Updater "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
Yes HKLM:Run SearchSettings "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
Yes Startup Common Acer Empowering Technology.lnk C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Yes Startup Common Adobe Gamma Loader.lnk C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Yes Startup Common Device Detector 3.lnk C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
Yes Startup Common Secunia PSI Tray.lnk C:\Program Files\Secunia\PSI\psi_tray.exe
Yes Startup User OpenOffice.org 3.3.lnk C:\Program Files\OpenOffice.org 3\program\quickstart.exe
No Startup User OpenOffice.org 3.0.lnk C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
No Startup User Secunia PSI.lnk C:\PROGRA~1\Secunia\PSI\psi.exe

----

Here's my "install" text:

ACD Product-Security-Vulnerability Update ACD Systems 18/11/2008 2.11 MB 1.0.0
ACDSee for PENTAX 3.0 ACD Systems Ltd. 02/11/2008 57.3 MB 9.0.34
Acer Bio-Protection fingerprint solution 3.0.1.1 12/10/2011
Acer Crystal Eye webcam Sonix 05/06/2008 5.7.29.500-1.0
Acer Crystal Eye webcam SUYIN 05/06/2008 1.0.11
Acer eLock Management Acer Inc. 05/06/2008 2.1.4003
Acer Empowering Technology Acer 05/06/2008 2.03.4000
Acer ePower Management Acer Inc 05/06/2008 2.00.4001
Acer ePresentation Management Acer Inc. 05/06/2008 2.00.4000
Acer eSettings Management Acer 05/06/2008 2.03.4003
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 12/10/2011 10.3.183.10
Adobe Photoshop Elements 2.0 Adobe Systems, Inc. 14/10/2011 2.0
Adobe Reader 9.4.6 Adobe Systems Incorporated 07/10/2011 148.4 MB 9.4.6
Advanced SystemCare 4 IObit 14/10/2011 4.1.0
ATI - Software Uninstall Utility 12/10/2011 6.14.10.1022
ATI Catalyst Control Center 2.009.0113.2221
ATI Display Driver 14/10/2011 8.573-090113a-074230C-ATI
BitComet 1.27 CometNetwork 14/10/2011 1.27
CCleaner Piriform 15/10/2011 3.11
Celtx (2.9.1) Greyfirst 14/10/2011 2.9.1 (en-US)
CyberLink MediaShow CyberLink Corp. 02/08/2009 4.0.2224
FLAC 1.2.1b (remove only) Xiph.org 12/10/2011 1.2.1b
Game Booster IObit 14/10/2011 2.4.1.0
Google Chrome Google Inc. 08/12/2009 14.0.835.202
Google Updater Google Inc. 15/10/2011 2.4.2432.1652
High Definition Audio Driver Package - KB888111 Microsoft Corporation 12/10/2011 20040219.000000
IObit Malware Fighter IObit 14/10/2011 1.0
IObit Toolbar v4.7 Spigot, Inc. 14/10/2011 8.03 MB 4.7
Java(TM) 6 Update 26 Oracle 26/02/2011 96.9 MB 6.0.260
Launch Manager 12/10/2011
LucasArts' Grim Fandango 14/10/2011
Microsoft .NET Framework 1.1 12/10/2011
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 12/10/2011 184.4 MB 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 02/07/2010 209 MB 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 06/10/2010
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 14/10/2011 4.0.30319
Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Corporation 12/10/2011
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 13/06/2008 1
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 13/06/2008
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 31/07/2009 0.11 MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15/06/2011 5.28 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13/04/2011 10.2 MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 01/02/2011 10.2 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16/06/2011 10.2 MB 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US) Mozilla 15/10/2011 7.0.1
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 19/07/2008 2.62 MB 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12/11/2008 2.67 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24/11/2009 2.77 MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 18/07/2008 1.23 MB 4.20.9818.0
MSXML 6.0 Parser (KB933579) Microsoft Corporation 05/06/2008 1.31 MB 6.10.1200.0
Norton Internet Security Symantec Corporation 19/01/2011 18.6.0.29
Norton Security Scan Symantec Corporation 17/01/2011 3.0.1.8
NTI Backup NOW! 4.7 NewTech Infosystems 28/06/2007 4
NTI CD & DVD-Maker NewTech Infosystems 28/06/2007 7
NTI Shadow NewTech Infosystems 05/06/2008 3.1.5.0
O2Micro Flash Memory Card Reader Driver Installer(x86) O2Micro 05/06/2008 2.01 MB 3.09
Olympus Digital Wave Player 14/10/2011
OpenLibraries 12/10/2011
OpenOffice.org 3.3 OpenOffice.org 01/02/2011 392 MB 3.3.9567
PowerDVD CyberLink Corporation 14/10/2011 7.0.2802.f
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28/06/2007 5.10.0.5423
Secunia PSI (2.0.0.1003) 14/10/2011
Skype Toolbars Skype Technologies S.A. 13/01/2011 5.35 MB 5.0.4137
Skype™ 5.5 Skype Technologies S.A. 05/10/2011 17.0 MB 5.5.119
Smart Defrag 2 IObit 14/10/2011 2.2
Synaptics Pointing Device Driver Synaptics 12/10/2011 8.2.9.0
VLC media player 1.1.11 VideoLAN 14/10/2011 1.1.11
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Advanced Micro Devices 14/01/2011 05/27/2006 1.3.2.0
Windows Internet Explorer 7 Microsoft Corporation 16/12/2010 20070813.185237
Windows Management Framework Core Microsoft Corporation 16/12/2010
Windows Media Format 11 runtime 15/10/2011
Windows Media Player 11 15/10/2011
Windows XP Service Pack 3 Microsoft Corporation 19/08/2008 20080414.031525
WinRAR archiver 14/10/2011

----

Any suggestions? Also, as much as I hate to admit it, I really know jack when it comes to serious computer stuff, so how should I go about reinstalling / formatting my computer?

TakeThis

Disable all of the Startup items using CCleaner.

Uninstall:

Advanced SystemCare 4 IObit 14/10/2011 4.1.0
Game Booster IObit 14/10/2011 2.4.1.0
IObit Malware Fighter IObit 14/10/2011 1.0
IObit Toolbar v4.7 Spigot, Inc. 14/10/2011 8.03 MB 4.7
Launch Manager 12/10/2011 (I am concerned about this one. Did you recently update the ACER launch Manager?)
LucasArts' Grim Fandango 14/10/2011
Norton Security Scan Symantec Corporation 17/01/2011 3.0.1.8
Smart Defrag 2 IObit 14/10/2011 2.2


After you have re-booted, you can choose to enable only those programs that you wish to start up with Windows.

When complete, run the ESET Online Scanner

How much RAM do you have installed?

CptAardvaark

Okay, wow thank you!! I've disabled all the startups and good lord did my computer boot up fast! I hardly even noticed it happening! I've uninstalled all those items, is everything else safe? I'm running the ESET online scanner now. I have no clue about my RAM. How is that relevant? Also, where do I go to figure out how much RAM I have installed?

TakeThis

Using the keyboard, press and hold the Flying Windows key and then press the Pause Break key.

CptAardvaark

Okay, it says 768MB of RAM.

TakeThis

How was the scan? No problems found?

Would like to see a HijackThisHijackThis report

You can try a couple of RootKit scanners before you put your feet up.

TDSSKiller

GMER

cit_k

texranger wrote: »

if they do track it, this will be done through the IP.

if i were you, i would contact your ISP and explain to them and ask them to change your IP for your broadband, they may also be able to track activity on the IP so they will know if you are being compromised.

Not really safe advice imo.

As no one seems to have any idea what on earth they did on the compuer, they could have installed anything, interefered with software at any level, or gained access to any number of private emails or passwords etc.

Even if you change IP, if software on that computer has compromised it, the software could easily still contact the attackers to let them still have control.

Unless you can be sure the machine is clean from any rogue code, then a IP change alone will not be a safe method of protection in all cases.

Even wiping and reformatting, may not be enough, if they managed to get access to passwords etc, all logins and security that were stored on the computer in any form should be changed.

texranger

cit_k wrote: »

Not really safe advice imo.

As no one seems to have any idea what on earth they did on the compuer, they could have installed anything, interefered with software at any level, or gained access to any number of private emails or passwords etc.

Even if you change IP, if software on that computer has compromised it, the software could easily still contact the attackers to let them still have control.

Unless you can be sure the machine is clean from any rogue code, then a IP change alone will not be a safe method of protection in all cases.

Even wiping and reformatting, may not be enough, if they managed to get access to passwords etc, all logins and security that were stored on the computer in any form should be changed.

why not, if they track by IP this is the first thing to change. yes you woulds have your computer checked for compromising software etc..

so say you make sure and confirm that your computer is now clean and all of a sudden they get back into your computer then 9/10 is because they have your IP. but if you have your IP changed how would they use the IP to access your computer as you have changed this.

so asking your ISP to change your IP is a good security measure

TakeThis

You can read about it here

pcombo

texranger wrote: »

why not, if they track by IP this is the first thing to change. yes you woulds have your computer checked for compromising software etc..

so say you make sure and confirm that your computer is now clean and all of a sudden they get back into your computer then 9/10 is because they have your IP. but if you have your IP changed how would they use the IP to access your computer as you have changed this.

so asking your ISP to change your IP is a good security measure

Can easily install a keylogger, that emails everything to the hacker.

http://www.prorat.net/main.php?language=english

Something like that.