Results 1 to 3 of 3
  1. #1
    Member
    Join Date
    Jul 2006
    Posts
    1
    Points
    0

    Default "error safe pop ups. posted hijackthis log.

    I've been using various different spyware removers such as xoftspy and crap cleaner to get rid of errorsafe but sometimes when i visit sites i manage to have a pop up that is winsafe or whatever and or error safe and i'm just wondering what else I can do. here's my hijack this log:


    Logfile of HijackThis v1.99.1
    Scan saved at 5:30:58 AM, on 7/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\support.com\bin\tgcmd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=s...A&UT=companion
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\jkkll.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: jkkll - C:\WINDOWS\SYSTEM32\jkkll.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



    i'd appreciate any input and all thank you!

  2. #2
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    doubleclick the ccsetup.exe file and install the program...

    At the Cclean setup screen &Install opitions Uncheck the Add Ccleaner Yahoo ! Tool bar unless you want it

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your passward when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    Next

    Download and install the trial version of Ewido Anti-Spyware here……

    www.ewido.net/en/download

    The program should launch automatically after installation. If not then double-click the desktop icon.

    Deactivate the Resident Shield
    > Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
    > To do this, click "Change State" to the right of the Resident Shield option in the main window.
    > You will clearly see the status change to Inactive if you have done this correctly.

    Update Ewido's Definitions
    > Ewido automatically updates the spyware definitions if you are connected to the net during installation.
    > As a precaution, click the "Update" icon from the main menu.
    > Then click the "Start Update" button.
    > When you receive the "Update successful" prompt, close Ewido.

    -->>Note: If you have any problems with the updater you can update Ewido manually here:

    http://download.ewido.net/ewido-signatures-current.exe


    Reboot into Safe Mode.

    Scanning with Ewido
    > Open Ewido Anti-Spyware and click the "Scanner" icon from the main menu.
    > Click "Complete System Scan" to start scanning.
    > When scanning completes, click "Recommended action" beneath the results window and select Quarantine.
    > Then click the "Apply all actions" button to quarantine everything detected.
    > Then click Save report > Save report as and save the Report-Scan.txt to your desktop.

    Next please read and follow all the directions here:

    http://www.help2go.com/article217.html

    Please save the Pandasoft log

    Post the results of the Report-Scan.txt in your next post here and a new HJT log.

    BG

  3. #3
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    1. You also have an out-of-date version of java

    2. & what looks like a vundo trojan...

    --
    You are running an out-of-date version of java

    You can go here and install the latest version of Java.

    http://java.com/en/download/index.jsp

    Then go to add/remove programs and uninstall any earlier versions ...

    Running an out-of-date version of java is an infection risk.

    steam

    --

    Also Vundo is known to exploit computers which do not have the latest java version installed

    --
    Please download VundoFix.exe to your desktop.
    1. Double-click VundoFix.exe to run it.
    2. Put a check next to Run VundoFix as a task.
    3. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
    4. When VundoFix re-opens - Click the "Scan for Vundo" button.
    5. Once it's done scanning, click the "Remove Vundo" button.
    6. You will receive a prompt asking if you want to remove the files, click "YES".
    7. Once you click yes, your desktop will go blank as it starts removing Vundo.
    8. When completed, VundoFix will prompt that it will shutdown your computer; click "OK".
    9. Turn your computer back on.
    10. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -