do you have any virus protection on there?, if not get AVG or something as good or better then it.

also you might want to run..

Adaware
Spybot
Spysweeper
Pest Patrol

on there just to make shure everything is gone..
yes run as many as you can / can get, cuz one doesn't always get all the spyware

A little more info. I checked the DMZ on my router, and yep, as much of a moron I am, I had it enabled to the IP address of my computer. I have now disabled it. I also checked my modem log and found that there were these incoming requests.
Source IP Destination Port Number
72.14.205.83 1966
70.84.40.148 43200
57.9.41.208 80

I also checked my bandwidth monitor and my computer has uploaded 80 MB of data today, and downloaded a total of 23MB. I just started using the computer tonight, so it looks like they took some data whoever they were.

I have Norton/symantec antivirus and I use adaware and spybot. None of them showed anything as being wrong when I ran virus/spyware, etc scans. wierd.

I did a reverse search on those IP addresses. One was google, one was to a site www.theplanet.com that I've never been to before, and another was for a home computer located in SWITZERLAND.

Thats why I like sygate (which was recently bought out)

I believe zone alarm still exists but have not used it lately.

Software firewalls allow applications you use to go out to the outside world. and it is a one a time type thing...you need to use mozilla to get out to the net and send and receive packets at port 80..no problem...set it once and forget.

It has NOTHING TO DO with the site, just the inbound and outbound ports.

Either way this type of attack would have been prevented if proper security was in place on the box.

sounds like you got Hacked..

Yup Zone Alarm is still out there, and its still one of the best...
http://www.zonelabs.com/store/content/home.jsp

the one thing i dont like about software firewalls is sometimes they dont let you know when they block something, Like TurboTax, iv run it to that problem lots of times..

http://home.eunet.no/~pnordahl/ntpasswd/cd050303.zip

go here and get this bin image, burn to cd, boot computer, and change admin password. One trick, don't change to "blank" password. It usually doesn't work then. Set an actual password and you'll have no problems

Never personally but thats how I got my last job...(previous guy as an idiot, lots of confidential customer information was stolen off the multiple workstations due to a gaping hole in the way the network was set up.....there was a hw firewall on the network protecting the servers but the workstatins were wide open)


You are correct when it comes to turbotax becuase some users (who should not be on a PC) will click NO during the intial turbotax install/launch when the zone/sygate/norton dialog box comes up and from then on it will block the program without ever letting the user know it is being blocked unless you look in the firewall software to unblock it...but they should not be using turbotax and going to H&R block

i ment for Custom88,

but yeah thats what stupid people do they block it and forget, but im not aloud to uninstall or change a person firewall setting they have to do it on there own...

i also hate that AOL 9.0 security edition, i blocks everything turbotax trys to do....
i wish AOL would blow up...

AOL

Ok this may sound dumb, but did YOU lock it when you left? If not someone just got on there. Firewalls are no help if you leave it open.

definately didn't lock it myself because I don't even know how to do that from the welcome screen. lol. You can lock it by using ctrl alt del if you don't use fast user switching, but if you DO use it, I'm not exactly sure how you lock a workstation. I have zone alarm installed now too. Hopefully this doesn't happen again, I have no idea what information they got off of here.. My documents folder is 80MB though.