"SafeWeb.Com: 204.244.184.143 has been added, but Internet lookup reports 216.131.94.163" and
"SafeWeb.Com: 204.244.184.143 has been added, but Internet lookup reports 81.52.248.177"
I hit the remove button and it seemed to clean it off for about 5 seconds and then it returns.
Here is what I have done so far: went into the Hosts file in Windows\sys32\drivers\etc and added the # in front of the 2 SafeWeb.Com lines. Those two line recreate themselves down below almost instantly. Then added 127.0.0.1 to the lines to point them back at my machine. Same result.
I should mention that I found both these suggestions on line - no way I'm computer smart enough to know that on my own.
Ran HiJack this and tried clean it off that way. Same result. Ran Ad Aware, Bit Defender, a-squared, and TrojanHunter all with the same result. No way to make it stop coming back.
I recently set up a new computer so I've been adding a lot of software to the HD lately but nothing that should include SafeWeb that I am aware of. Anyway, the alert message implies those commands are not linking to the legit web address anyway.
Can't figure where this is coming from or how to get rid of it. Below is my HJT log. Any help is greatly appreciated. I will be unhooking my internet connection for most of the day while I am at work. Not sure if someone has managed to get into my machine but want to be safe. Will be checking back later today.
Thanks for any help.
Tim
HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 6:13:00 AM, on 6/9/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files (x86)\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files (x86)\Softwin\BitDefender9\bdmcon.exe
C:\Program Files (x86)\Softwin\BitDefender9\bdoesrv.exe
c:\program files (x86)\softwin\bitdefender9\bdswitch.exe
C:\WINDOWS\system32\SYSWB6.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\softwin\bitdefender9\bdnagent.exe
C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SysWOW64\Winkb6.exe
C:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files (x86)\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files (x86)\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files (x86)\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files (x86)\Softwin\BitDefender9\vsserv.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\My Documents\Tim\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
F2 - REG:system.ini: UserInit=userinit
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 http://WWW.SafeWeb.com
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files (x86)\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files (x86)\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files (x86)\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWOW64\NeroCheck.exe
O4 - HKLM\..\Run: [SYSWB6] SYSWB6
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files (x86)\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8767173140
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files (x86)\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files (x86)\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files (x86)\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files (x86)\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)