Logfile of HijackThis v1.99.0 - DurangoJazz : MAC-NET Secures IT

MAC-NET

How to

Do more with Firefox^NEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack

Home » Spyware Protection » Hijacked Browser Analysis »

Logfile of HijackThis v1.99.0 - DurangoJazz

Hi,

Be careful with "the City that don't sleep" - Once upon a time tag line for Citibank.

"Citi Virtual Account Numbers" entry look suspicious. If you do not have any software provided directly by Citibank, you should remove all entries with "Citi Virtual Account Numbers", "CitiVAN.exe" and "CitiVAN".

Scan saved at 11:22:21 AM, on 3 / 10 / 2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C: \ WINNT \ System32 \ smss.exe
C: \ WINNT \ system32 \ csrss.exe
C: \ WINNT \ system32 \ winlogon.exe
C: \ WINNT \ system32 \ services.exe
C: \ WINNT \ system32 \ lsass.exe
C: \ WINNT \ system32 \ svchost.exe
C: \ WINNT \ system32 \ spoolsv.exe
C: \ WINNT \ System32 \ snmp.exe
C: \ WINNT \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINNT \ System32 \ WBEM \ WinMgmt.exe
C: \ WINNT \ system32 \ svchost.exe
C: \ WINNT \ System32 \ svchost.exe
C: \ WINNT \ Explorer.EXE
C: \ Program Files \ Common Files \ Microsoft Shared \ Works Shared \ WkUFind.exe
C: \ PROGRA~1 \ CA \ ETRUST~1 \ ETRUST~1 \ VetTray.exe
C: \ PROGRA~1 \ CA \ ETRUST~1 \ ETRUST~2 \ ca.exe
C: \ program files \ regprot.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeper.exe
C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ Program Files \ Trojan Guarder Gold Version \ Trojan Guarder.exe
C: \ Program Files \ Microsoft Office \ Office \ 1033 \ msohelp.exe
C: \ WINNT \ System32 \ svchost.exe
C: \ Documents and Settings \ DMAHOME \ All-n-1-Fldr-D \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 5.0 \ Reader \ ActiveX \ AcroIEHelper.ocx
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C: \ WINNT \ system32 \ BhoCitUS.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINNT \ system32 \ msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C: \ Program Files \ Canon \ Easy-WebPrint \ Toolband.dll
O4 - HKLM \ .. \ Run: [Synchronization Manager] mobsync.exe / logon
O4 - HKLM \ .. \ Run: [Microsoft Works Update Detection] C: \ Program Files \ Common Files \ Microsoft Shared \ Works Shared \ WkUFind.exe
O4 - HKLM \ .. \ Run: [VetTray] C: \ PROGRA~1 \ CA \ ETRUST~1 \ ETRUST~1 \ VetTray.exe
O4 - HKLM \ .. \ Run: [Zone Labs Client] C: \ PROGRA~1 \ CA \ ETRUST~1 \ ETRUST~2 \ ca.exe
O4 - HKLM \ .. \ Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM \ .. \ Run: [CitiVAN] C: \ Program Files \ Citi Virtual Account Numbers \ CitiVAN.exe / dontopenmycards
O4 - HKLM \ .. \ Run: [RegProt] c: \ program files \ regprot.exe / start
O4 - HKLM \ .. \ Run: [ViewMgr] C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
O4 - HKCU \ .. \ Run: [SpySweeper] "C: \ Program Files \ Webroot \ Spy Sweeper \ SpySweeper.exe" / 0
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C: \ Program Files \ Trojan Guarder Gold Version \ Trojan Guarder.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res: / / C: \ Program Files \ Canon \ Easy-WebPrint \ Resource.dll / RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res: / / C: \ Program Files \ Canon \ Easy-WebPrint \ Resource.dll / RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res: / / C: \ Program Files \ Canon \ Easy-WebPrint \ Resource.dll / RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res: / / C: \ Program Files \ Canon \ Easy-WebPrint \ Resource.dll / RC_Print.html
O8 - Extra context menu item: Encarta &Definition - website: encarta.msn.com / encnet / features / dictionary / quickDictionary.htm
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C: \ Program Files \ Citi Virtual Account Numbers \ CitiVAN.exe
O12 - Plugin for .spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O16 - DPF: ppctlcab - website: ppupdates.ca.com / downloads / scanner / ppctlcab.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https: / / components.viewpoint.com / MTSInstallers / MetaStream3.cab?url=website: viewpoint.com / cgi-bin / installer.v4 / vet_install_popup.pl?2&4&04.00.08.43&unknown&unknown&website: space.com / php / multimedia / zoomviewer / index.php?display_img=v838_stellar_outburst
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - website: ppupdates.ca.com / downloads / scanner / axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - website: security.symantec.com / sscv6 / SharedContent / common / bin / cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - website: a840.g.akamai.net / 7 / 840 / 537 / 2004061001 / housecall.trendmicro.com / housecall / xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - website: www3.ca.com / securityadvisor / virusinfo / webscancab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - website: messenger.zone.msn.com / binary / MessengerStatsClient.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https: / / rtc3.webresponse.one.microsoft.com / Media / VisitorChat / TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - website: messenger.msn.com / download / MsnMessengerSetupDownloader.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - website: photos.msn.com / resources / neutral / controls / DigWebX2.cab?10,0,910,0
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C: \ WINNT \ System32 \ dmadmin.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C: \ WINNT \ system32 \ ZoneLabs \ vsmon.exe

Post your comment (21)

Mail this page