We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Scammer using my ebay acount - from this IP address - how??
Comments
-
JRE updates have automatically uninstalled previous versions as of Version 6 Update 10; versions prior to that still have to be removed manually. On a related note, Adobe Reader is also out of date.Reluctant_spender wrote: »Click the Remove or Change/Remove button.0 -
-TangleFoot- wrote: »JRE updates have automatically uninstalled previous versions as of Version 6 Update 10; versions prior to that still have to be removed manually. On a related note, Adobe Reader is also out of date.
Correct but it does not remove installations previous to this0 -
I mistook the 1.5.0 for a 1.6.0! :doh:Reluctant_spender wrote: »Correct but it does not remove installations previous to this0 -
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
thanks - here you go - altered my name for anonimity!
ComboFix 10-02-12.01 - Joe Bloggs 13/02/2010 23:32:39.3.1 - x86
Running from: c:\documents and settings\Joe Bloggs\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 23:00 . 2010-02-13 23:00
d
w- c:\program files\TrendMicro
2010-02-13 22:36 . 2010-02-13 22:36
d
w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-11 00:12 . 2010-02-11 00:12
d
w- C:\6754fe70022683c9486a113b7422b110
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 23:50 . 2007-05-04 10:34 2661408 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-13 23:50 . 2009-09-18 09:51
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-13 23:49 . 2007-05-20 20:08
d
w- c:\documents and settings\Joe Bloggs\Application Data\StarOffice8
2010-02-13 23:48 . 2007-05-04 10:34 198888736 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-13 23:45 . 2007-05-04 10:34 251552 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-13 23:45 . 2007-05-04 10:34 2665712 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-13 23:43 . 2007-01-14 22:02
d
w- c:\documents and settings\Joe Bloggs\Application Data\Skype
2010-02-13 23:00 . 2010-02-13 23:00 388096 ----a-r- c:\documents and settings\Joe Bloggs\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-13 12:28 . 2009-04-16 18:22
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 12:27 . 2010-02-13 12:27 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-13 07:05 . 2007-05-04 10:34
d
w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-04 15:53 . 2009-03-09 21:42
d
w- c:\documents and settings\Joe Bloggs\Application Data\NwDocx
2010-01-07 16:07 . 2009-04-16 18:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-04-16 18:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-09-18 20:22 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-09-18 20:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2005-07-13 16:41 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2006-09-18 20:21 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2006-09-18 20:22 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-09-18 20:22 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-09-18 20:22 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-09-18 20:22 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-09-18 20:22 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2006-09-18 20:21 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-24 10:44 . 2009-09-17 23:00 1474 ----a-w- c:\documents and settings\Joe Bloggs\Application Data\SAS7_000.DAT
2009-11-21 15:51 . 2006-09-18 20:21 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-08-07 14:00 . 2008-08-07 12:52 17950304 ----a-w- c:\program files\gimp-2.4.6-i686-setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\Msmsgs.exe" [2005-08-31 1658592]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 577536]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 544768]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-11-01 163840]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"Nuance.ctfmngr"="c:\program files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe" [2008-07-27 46440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Joe Bloggs\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking10\Program\natspeak.exe [2008-7-27 2807144]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-8-18 1183744]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-7-10 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0 for Windows Workstations\\avp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\OUeTMAFileHandler\\OUeTMAFileHandler.exe"=
"c:\\Program Files\\U212MediaKit\\MediaKit.exe"=
"c:\\Program Files\\YouTube Downloader\\YouTubeDownloader.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-02-02 24344]
.
Contents of the 'Scheduled Tasks' folder
2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2010-02-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-20 16:10]
.
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://uk.yahoo.com/fsc/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Joe Bloggs\Application Data\Mozilla\Firefox\Profiles\k1i73t72.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJPI150_17.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 23:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes
c:\windows\system32\PerfStringBackup.TMP
scan completed successfully
hidden files: 2
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(1708)
c:\windows\system32\WININET.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\scrchpg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\sm56hlpr.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sun\StarOffice 8\program\soffice.exe
c:\program files\Sun\StarOffice 8\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2010-02-13 23:58:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-13 23:58
ComboFix2.txt 2009-04-19 17:58
ComboFix3.txt 2009-04-19 16:57
Pre-Run: 32,721,727,488 bytes free
Post-Run: 38,358,331,392 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E44686C8FB75152BB15C89C1AEA8F8A70 -
JustPassingBy wrote: »He now knows a strong password is the only thing necessary to secure a wireless router. If he already knew this and had done it he knows he can rule out his router as an access point from outside his network. Others reading the thread who were unaware of the issues involved will be able to make up their minds from the contrasting views and some research of their own.
I am a she - but thanks, I dont think my password is the problem here...0 -
Cant see anything in the log
Looks like somone cracked your ebay password:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.2K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.2K Work, Benefits & Business
- 603.8K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards