Yahoo Account keeps getting Hijacked. Pls Help!TQ

Discussion in 'Malware Help (A Specialist Will Reply)' started by b0b79, Jul 2, 2006.

  1. b0b79

    b0b79 Private E-2

    hi,

    my yahoo messenger kept showing a message, saying that i was disconnected
    as have been signed on another computer.

    initially was able to regain access to account by using yahoo password retrieval facility, however now am not able to access it, as it seems personal details have been changed and not able to reset password anymore.

    have requested yahoo to reset password already, am awaiting reply from them. however would like to ensure that this does not occur again, as it is an inconvenience. am unsure what to look out for, had posted hijackthis logs, ewido and spybot logs previously in the forum and had gotten a clean bill of health. is there a possibility of there being a key logger or trojan or even a root kit installed without my knowledge of?

    have my doubts of it being a keylogger though, as none of other accounts and passwords have been compromised as of yet. only yahoo account has been affected so far.

    would appreciate any help or guidance anyone can provide as to how i can get to the bottom of this problem.

    thank you very much for your time and assistance in advance,

    jason c.
     
    b0b79, Jul 2, 2006
    #1
  2. b0b79

    b0b79 Private E-2

    additional background information:

    have ran F-Secure's Blacklight Beta, but it did not report any problems.
    have also ran Sysinternals RootKit Revealer Version 1.7, the log file looks to be in order, but would appreciate a second opinion.

    was previously affected by SpywareQuake, which was removed using Smitfraud and Ewido.

    thank you

    jason c.
     
    b0b79, Jul 2, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, Jul 3, 2006
    #3
  4. b0b79

    b0b79 Private E-2

    Logfile of HijackThis v1.99.1
    Scan saved at 5:02:01 PM, on 7/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Drivers\trcboot.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    C:\Program Files\IBM Ayudame\ayudame.exe
    C:\Program Files\IBM Ayudame\ayudame.exe
    C:\Program Files\C4ebreg\c4ebreg.exe
    c:\sdwork\issimsvc.exe
    C:\WINDOWS\system32\mnmsrvc.exe
    C:\notes\ntmulti.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\WRTService.exe
    C:\WINDOWS\system32\Drivers\ldlcserv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\IBM\Personal Communications\tpam.exe
    C:\Program Files\C4ebreg\isamtray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CheckPoint\Integrity Client\iclient.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
    C:\WINDOWS\system32\TpScrLk.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\IBM\Bluetooth Software\BTTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM\Sametime Connect 7.5\sametime\sametime.exe
    C:\Program Files\IBM\Sametime Connect 7.5\sametime\jre\bin\j9w.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\notes\NLNOTES.EXE
    C:\notes\ntaskldr.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\WINDOWS\DOWNLO~1\SIEBEL~1.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.au.ibm.com/my1.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = w3-501.ibm.com;w3-113.ibm.com;w3-602.ibm.com;w3-603.ibm.com;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
    O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"
    O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
    O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" /source=HKLM
    O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = ?
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/siebelhtml.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/SiebExtMailClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {E9077188-6DCA-42A2-8FA3-BE7BED5A95B2} (Siebel Option Pack for IE 7.5.3) - https://w3-602.ibm.com/transform/crm/asia_pacific/my/callcenter/16199/applets/SiebelOptionPack.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = my.ibm.com
    O17 - HKLM\Software\..\Telephony: DomainName = my.ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15FB3143-7387-4578-9EE8-5F463B8ADFF7}: Domain = my.ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{15FB3143-7387-4578-9EE8-5F463B8ADFF7}: NameServer = 202.188.0.133,202.188.1.5,203.120.90.40
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2139E8B7-1719-46FF-80A5-073C3F051BF5}: Domain = my.ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{44B0CB7D-218F-46BC-A474-EF4A0F14F24B}: Domain = my.ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6519596C-F63A-49F1-88FC-3D2A6152AF22}: NameServer = 202.188.0.133,202.188.1.5
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = my.ibm.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = my.ibm.com,au.ibm.com,ibm.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = my.ibm.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = my.ibm.com,au.ibm.com,ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = my.ibm.com,au.ibm.com,ibm.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
    O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
    O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: IBM Ayudame (IBMFORTH) - Unknown owner - C:\Program Files\IBM Ayudame\ayudame.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
    O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
    O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
     
    b0b79, Jul 4, 2006
    #4
  5. b0b79

    b0b79 Private E-2

    BitDefender Scan Log
     

    Attached Files:

    b0b79, Jul 4, 2006
    #5
  6. b0b79

    b0b79 Private E-2

    Incident Status Location

    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Administrator\Cookies\my100185@bravenet[2].txt
     
    b0b79, Jul 4, 2006
    #6
  7. b0b79

    b0b79 Private E-2

    Thanks again for your prompt reply.

    Attached above are the requested logs. Please do let me know if anything else is required which can help to get to the bottom of this.

    Thank you for your time and assistance,

    jason c.
     
    b0b79, Jul 4, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please remember to always attach logs to messages and not post them inline like you did with HijackThis. Also you should have attach the full Panda log but if it only found that one cookie, we don't need it. Also you did not empty your Symantec Quarantine folder as requested in step 0 of the READ ME. You can see this from your Bitdefender log.

    I don't see any malware issues in your logs. The only item I do not recognize (but that does not mean it is malware) is the below:


    C:\WINDOWS\DOWNLO~1\SIEBEL~1.EXE

    Do you know what it is and why it is running? Right now I would have to say your problems with Yahoo are not malware related. Perhaps you should delete that Yahoo account and start a new one.
     
    Last edited: Jul 4, 2006
    chaslang, Jul 4, 2006
    #8
  9. b0b79

    b0b79 Private E-2

    hi,

    thank you for your analysis of all the logs. apologies for any inconvenience caused as a result of me pasting the hijackthis log instead of attaching the file.

    since you mentioned it is not likely to be malware related, will continue to monitor the account and see what happens in the meantime, will consider getting a new account if situation continues to occur, however would rather not, since have been using this account for quite a lengthy time already.

    thank you once again for your time and assistance for the above. really appreciate it a lot.

    kind regards,

    jason c.
     
    b0b79, Jul 4, 2006
    #9
  10. b0b79

    b0b79 Private E-2

    sorry forgot to mention, that entry can probably be ignored as it refers to the Siebel CRM system which is used at work. doubt it is malware of any kind as far as i know. thanks

    jason c.
     
    b0b79, Jul 4, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jul 5, 2006
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds