Need Help

[IAmCyanide]

Ok, so, i logged on to RS about 5 days ago, because i was having a break, about 2 days ago i was hacked -somehow, and lost about 60mil, i saved some of my money because of my bank pin, however i changed my pass on RS, came on the next day and it told me i was trying to remove my pin, (wasnt me) so i just answered it correctly so it would cancle, i change my password again. i log in just now and it tells me that i am trying to cancle my bank pin again and i notice im wearing nothing =/ (i was killing abyssal demons to try and get some money back).

 

I seriously need help, i was just going to start again but i have had my account for about 6-7 years. i really dont know what to do, i have checked my comp about 3 times for viruses and other programmes and found nothing, the only thing i can think of doing is to come back home from college later and see what the IP address comes up as.

 

 

on a side note, does anyone know how to extend the period of time it takes to delete a pin, just for safety :P

Thanks,

 

Liquid.

 

 

(i have not been on any shady websites or anything lately, the only things i have been doing over the last few days on my comp is Skype and RS)

[The Observer]

Someone could know your recovery questions. Try and change those ASAP.

 

Also you can extend the period of time it takes to cancel your PIN by talking to a banker. You can extend it to 7 days.

[Nomrombom]

Either someone knows your recovery questions or you have a keylogger. Change them for the former, and for the latter, download avast (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?tag=contentMain;contentBody;1d) Malwarebytes (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;1) and Microsoft Security Essentials (http://download.cnet.com/Microsoft-Security-Essentials/3000-2239_4-10969260.html?tag=mncol;1). If you have all three of these, you should be very well protected from all but the most advanced kinds of viruses (which are very rare to get).

[konzserwas]

Recovery questions won't let you find out the password, only set a new one. So if you logged in with your old password, it's not a problem with recoveries. My vote goes for a keyloger. Change your password using a different computer (preferably one that isn't connected to your computer with LAN or something) and run every scan you can think of.

[The Observer]

If you want, you can also post a HiJackThis log.

[IAmCyanide]

Thnaks for all the replies guys, i am going to log onto RS in a min to check the latest IP.

 

I have got Avast and MBAM installed on this computer, i have ran a scan on Avast with high high heuristics and an MBAM scan and both returned negative for any infection (appart from BMAB which came up with an invalid file - i have forgotten the name-, i checked the website and it is a FP and they are working on it)

 

i have changed my recoveries, and password again.. :P

 

My friend thinks that its probably someone i know from college, however the people i play RS with from my college only started recently and my first account name isnt on display as my last known name, the pass is also different to my College ID aswell.

 

Thanks for the replies.

Liquid.

 

(as for hijackthis) i had it on my comp a while ago but got rid of it, would you reccomend re-installing as i am unsure if it is a keylogger.

[IAmCyanide]

bump

[The Observer]

Feel free to re-install it and run it. Post the log here.

[IAmCyanide]

happened again.

 

got the IP this time

118.250.1.102

 

am reinstalling hijack now, i will put up the log when it is done

[IAmCyanide]

ip info

 

General IP Information

Hostname: 118.250.1.102

ISP: CHINANET Hunan province network

Organization: CHINANET Hunan province network

Proxy: None detected

Type: Broadband

Assignment: Static IP

Blacklist:

 

Geolocation Information

Country: China

State/Region: Hunan

City: Changsha

Latitude: 28.1792

Longitude: 113.1136

[IAmCyanide]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:01:01, on 24/06/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss[Caution: Executable File]

C:\WINDOWS\system32\winlogon[Caution: Executable File]

C:\WINDOWS\system32\services[Caution: Executable File]

C:\WINDOWS\system32\lsass[Caution: Executable File]

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Alwil Software\Avast5\AvastSvc[Caution: Executable File]

C:\WINDOWS\Explorer[Caution: Executable File]

C:\WINDOWS\RTHDCPL[Caution: Executable File]

C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv[Caution: Executable File]

C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: Executable File]

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon[Caution: Executable File]

C:\Program Files\Virgin Broadband Wireless\Wireless Manager[Caution: Executable File]

C:\PROGRA~1\ALWILS~1\Avast5\avastUI[Caution: Executable File]

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

C:\Program Files\Common Files\Java\Java Update\jusched[Caution: Executable File]

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui[Caution: Executable File]

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

C:\Program Files\Virgin Broadband Wireless\ndis_events[Caution: Executable File]

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

C:\Program Files\IObit\Advanced SystemCare 4\ASCService[Caution: Executable File]

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService[Caution: Executable File]

C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Java\jre6\bin\jqs[Caution: Executable File]

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ[Caution: Executable File]

C:\WINDOWS\System32\svchost[Caution: Executable File]

C:\Program Files\Microsoft Application Virtualization Client\sftvsa[Caution: Executable File]

C:\WINDOWS\system32\svchost[Caution: Executable File]

C:\Program Files\Microsoft Application Virtualization Client\sftlist[Caution: Executable File]

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC[Caution: Executable File]

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

C:\Program Files\Java\jre6\bin\java[Caution: Executable File]

C:\WINDOWS\system32\msiexec[Caution: Executable File]

C:\Program Files\Trend Micro\HiJackThis\HiJackThis[Caution: Executable File]

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070826

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL[Caution: Executable File]

O4 - HKLM\..\Run: [Alcmtr] ALCMTR[Caution: Executable File]

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM[Caution: Executable File] -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch[Caution: Executable File]" -start

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv[Caution: Executable File]"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: Executable File]

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon[Caution: Executable File]

O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager[Caution: Executable File]" startup

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI[Caution: Executable File] /nogui

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier[Caution: Executable File]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched[Caution: Executable File]"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl[Caution: Executable File]"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM[Caution: Executable File]"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui[Caution: Executable File]" /starttray

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt[Caution: Executable File]" /startup

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion[Caution: Executable File]" /systray /nologon

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer[Caution: Executable File]

O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray[Caution: Executable File]

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\user\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient[Caution: Executable File]" -inv:bootrun

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1[Caution: Executable File] -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nationalexpress.com/coach/index.cfm?utm_source=google&utm_medium=cpc&utm_term=coach&utm_campaign=Generics"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9[Caution: Executable File]

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag[Caution: Executable File]

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) -

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} (Java Plug-in 1.6.0_22) -

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll

O20 - Winlogon Notify: !SASWinLogon - Invalid registry found

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService[Caution: Executable File]

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService[Caution: Executable File]

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc[Caution: Executable File]

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File]

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc[Caution: Executable File]

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT[Caution: Executable File]

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs[Caution: Executable File]

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice[Caution: Executable File]

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ[Caution: Executable File]

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9[Caution: Executable File]

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9[Caution: Executable File]

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd[Caution: Executable File]

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr[Caution: Executable File]

 

--

End of file - 13066 bytes

 

 

 

 

 

 

i think this is it, i never used it when it was on my comp thats why i got rid of it. any replies would be helpful as i have no idea how to use hijackthis.

[Nomrombom]

If the IP is in China you definitely have/had a virus of some kind.

[jasignhagj]

Only thing I could get from that is you should stop using Internet Explorer. I'm not very good at looking through them though.

[IAmCyanide]

If the IP is in China you definitely have/had a virus of some kind.

 

hm, what do you suggest i do. i am out of ideas tbh.

 

__

Only thing I could get from that is you should stop using Internet Explorer. I'm not very good at looking through them though.

 

__

 

Would that really make a difference?????

[Nomrombom]

Not for your current problem, but absolutely in the future. IE is outdated and highly unsecure. Use Firefox or Chrome.

[IAmCyanide]

Not for your current problem, but absolutely in the future. IE is outdated and highly unsecure. Use Firefox or Chrome.

 

I guess i'll download Chrome now then :P

[The Observer]

Yeah, it'd be in your best interest to use another browser.

[IAmCyanide]

Yeah, it'd be in your best interest to use another browser.

 

Yup, i am using Chrome now, the only reason i got rid of it before was after installing my computer would not shut down at all.

[AresArtemis]

There are alot of programs wich can scan your pc for rogues, virus, keyloggers etc. but most of these can also damage your pc when not used correctly. You should seek 'professional' advice on how to use these at an online pc forum, but the only one I know is dutch (nationaalcomputerforum.nl). You could try and ask for a solution, but i'm not sure if they can help you.

 

Software i'm talking about: MBAM, HijackThis, Security Check (online scan), LOPSD, Secunia PSI (online scan), Rkill (rogue removal), MBRCheck, TDSSKiller, ESET (online scan).

 

Remember, be careful when using these and some of them may not even be relevant depending on what the problem is.

[IAmCyanide]

There are alot of programs wich can scan your pc for rogues, virus, keyloggers etc. but most of these can also damage your pc when not used correctly. You should seek 'professional' advice on how to use these at an online pc forum, but the only one I know is dutch (nationaalcomputerforum.nl). You could try and ask for a solution, but i'm not sure if they can help you.

 

Software i'm talking about: MBAM, HijackThis, Security Check (online scan), LOPSD, Secunia PSI (online scan), Rkill (rogue removal), MBRCheck, TDSSKiller, ESET (online scan).

 

Remember, be careful when using these and some of them may not even be relevant depending on what the problem is.

 

Thanks for the reply,

There must be something on my computer, this has been the 4th time its happened, and each time has been with a different password.

 

quick question, will using my laptop stop the problem? or is it useless because it will still the IP as i think whatever is happening must only be on this computer and not my whole wireless internet.

 

Apparently, Jagex is looking into the problem at the moment.

[AresArtemis]

There are alot of programs wich can scan your pc for rogues, virus, keyloggers etc. but most of these can also damage your pc when not used correctly. You should seek 'professional' advice on how to use these at an online pc forum, but the only one I know is dutch (nationaalcomputerforum.nl). You could try and ask for a solution, but i'm not sure if they can help you.

 

Software i'm talking about: MBAM, HijackThis, Security Check (online scan), LOPSD, Secunia PSI (online scan), Rkill (rogue removal), MBRCheck, TDSSKiller, ESET (online scan).

 

Remember, be careful when using these and some of them may not even be relevant depending on what the problem is.

 

Thanks for the reply,

There must be something on my computer, this has been the 4th time its happened, and each time has been with a different password.

 

quick question, will using my laptop stop the problem? or is it useless because it will still the IP as i think whatever is happening must only be on this computer and not my whole wireless internet.

 

Apparently, Jagex is looking into the problem at the moment.

I'm not a computer expert, but my guess is that using a different pc/laptop on the same (wireless) network will stop your problems. You probably have an infected file with a keylogger or something like that on the pc you are currently using.

 

edit: also, this is your HijackThis log using DDRMMR's Hijack This colourcoding, maybe it helps, maybe not

edit2: removed your log because i found this site, wich is probably more usefull: http://hjt.networktechs.com/parse.php

Copy&Paste your log in there and it'll show you what's wrong and what's not. A quick look showed me you have a few files you should delete (don't know how though :unsure:)

[IAmCyanide]

There are alot of programs wich can scan your pc for rogues, virus, keyloggers etc. but most of these can also damage your pc when not used correctly. You should seek 'professional' advice on how to use these at an online pc forum, but the only one I know is dutch (nationaalcomputerforum.nl). You could try and ask for a solution, but i'm not sure if they can help you.

 

Software i'm talking about: MBAM, HijackThis, Security Check (online scan), LOPSD, Secunia PSI (online scan), Rkill (rogue removal), MBRCheck, TDSSKiller, ESET (online scan).

 

Remember, be careful when using these and some of them may not even be relevant depending on what the problem is.

 

Thanks for the reply,

There must be something on my computer, this has been the 4th time its happened, and each time has been with a different password.

 

quick question, will using my laptop stop the problem? or is it useless because it will still the IP as i think whatever is happening must only be on this computer and not my whole wireless internet.

 

Apparently, Jagex is looking into the problem at the moment.

I'm not a computer expert, but my guess is that using a different pc/laptop on the same (wireless) network will stop your problems. You probably have an infected file with a keylogger or something like that on the pc you are currently using.

 

edit: also, this is your HijackThis log using DDRMMR's Hijack This colourcoding, maybe it helps, maybe not

edit2: removed your log because i found this site, wich is probably more usefull: http://hjt.networktechs.com/parse.php

Copy&Paste your log in there and it'll show you what's wrong and what's not. A quick look showed me you have a few files you should delete (don't know how though :unsure:)

 

 

Thanks for all the help,

i was thinking of just starting to use my laptop to play but my laptop is coming up to be about 5 years old now, and i cant buy a new one atm because im forking out 200 pounds for a new Drum kit,

 

also, i appreciate the link for the website, however Avast isnt so happy XD keeps severing the connection but to a Trojan it keeps finding.

[AresArtemis]

There are alot of programs wich can scan your pc for rogues, virus, keyloggers etc. but most of these can also damage your pc when not used correctly. You should seek 'professional' advice on how to use these at an online pc forum, but the only one I know is dutch (nationaalcomputerforum.nl). You could try and ask for a solution, but i'm not sure if they can help you.

 

Software i'm talking about: MBAM, HijackThis, Security Check (online scan), LOPSD, Secunia PSI (online scan), Rkill (rogue removal), MBRCheck, TDSSKiller, ESET (online scan).

 

Remember, be careful when using these and some of them may not even be relevant depending on what the problem is.

 

Thanks for the reply,

There must be something on my computer, this has been the 4th time its happened, and each time has been with a different password.

 

quick question, will using my laptop stop the problem? or is it useless because it will still the IP as i think whatever is happening must only be on this computer and not my whole wireless internet.

 

Apparently, Jagex is looking into the problem at the moment.

I'm not a computer expert, but my guess is that using a different pc/laptop on the same (wireless) network will stop your problems. You probably have an infected file with a keylogger or something like that on the pc you are currently using.

 

edit: also, this is your HijackThis log using DDRMMR's Hijack This colourcoding, maybe it helps, maybe not

edit2: removed your log because i found this site, wich is probably more usefull: http://hjt.networktechs.com/parse.php

Copy&Paste your log in there and it'll show you what's wrong and what's not. A quick look showed me you have a few files you should delete (don't know how though :unsure:)

 

 

Thanks for all the help,

i was thinking of just starting to use my laptop to play but my laptop is coming up to be about 5 years old now, and i cant buy a new one atm because im forking out 200 pounds for a new Drum kit,

 

also, i appreciate the link for the website, however Avast isnt so happy XD keeps severing the connection but to a Trojan it keeps finding.

Avast is blocking the website? :shock: I can guarantee you there is absolutly nothing wrong with that site. But while using a laptop may solve your runescape problems, it will certainly not solve what is going on on your pc, so try to find some help for that (maybe http://forums.overclockers.co.uk/ ??).

[Julezss]

Wow I hope you solve the problem. People should really stop stealing from other players accounts and work to earn their money and items.

[IAmCyanide]

Wow I hope you solve the problem. People should really stop stealing from other players accounts and work to earn their money and items.

 

Yep, it is very annoying.

 

Just managed to remove 230 "Adware.Tracking Cookies" from my computer, could possibly solve the problem.

 

will have to wait and see till a few days because he always logs in when im asleep.