Cant access www.safer-networking.com

[saultodd]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Cambridge at 11:46:01.93 on 13/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1547 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Cambridge\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BrowserChoice] "c:\windows\system32\browserchoice.exe" /run
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\cambri~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pbttbc.bt
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: Antiwpa - antiwpa.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-10 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-10 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-10 60936]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-10 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-10 20824]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-12-18 255488]

=============== Created Last 30 ================

2010-05-10 17:56:11 0 d-----w- c:\windows\system32\NtmsData
2010-05-10 17:51:01 0 d-----w- c:\docume~1\cambri~1\applic~1\Avira
2010-05-10 16:34:24 0 d-----w- c:\program files\SpywareBlaster
2010-05-10 16:25:31 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-10 16:25:30 0 d-----w- c:\program files\Avira
2010-05-10 16:25:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-05-10 16:22:25 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-10 16:22:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-10 16:21:03 0 d-----w- c:\docume~1\cambri~1\applic~1\Malwarebytes
2010-05-10 16:20:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 16:20:55 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 16:20:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 16:20:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-10 15:35:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-10 15:28:56 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-05-10 15:25:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-10 15:25:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 15:09:33 0 d-----w- c:\windows\system32\XPSViewer
2010-05-10 15:08:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-10 15:08:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-10 15:08:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-10 15:08:58 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-10 15:08:58 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-10 15:08:57 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-10 15:08:57 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-10 15:08:57 0 d-----w- C:\7c1deb81f2f17d7dced98ba44d
2010-05-10 15:04:34 0 d-----w- c:\program files\Windows Media Connect 2
2010-05-10 15:02:20 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-10 14:36:20 0 d-----w- c:\windows\ie8updates
2010-05-10 14:33:26 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-10 14:33:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-10 14:33:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-10 14:30:28 0 d-sh--w- c:\documents and settings\cambridge\IECompatCache
2010-05-10 14:27:58 0 d-sh--w- c:\documents and settings\cambridge\PrivacIE
2010-05-10 14:18:33 0 d-sh--w- c:\documents and settings\cambridge\IETldCache
2010-05-10 14:13:29 0 dc-h--w- c:\windows\ie8
2010-05-10 13:52:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Avg8
2010-05-10 13:48:56 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-05-10 13:48:56 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-05-10 13:48:41 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-05-10 13:48:41 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-05-05 13:31:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-05 13:29:57 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-05 13:29:56 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-05 13:26:01 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-05-05 13:26:00 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-05-05 13:26:00 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-05-05 13:25:59 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-05-05 13:25:59 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-05-05 13:25:59 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-05-05 13:25:57 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-05-05 13:25:57 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-05-05 13:24:53 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-05-05 13:24:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-05 13:24:11 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-05-05 13:21:59 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-05-05 13:11:56 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-05-05 13:11:55 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-05 13:11:55 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-05-05 13:03:16 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-05 13:03:15 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-05 13:03:15 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-05 13:02:34 256640 ----a-w- c:\windows\system32\PROUnstl.exe
2010-05-05 13:02:34 1904 ------w- c:\windows\system32\SetupBD.din
2010-05-05 12:50:22 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-05-05 12:50:22 5504 ----a-w- c:\windows\system32\drivers\intelide.sys

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 11:46:28.54 ===============

 

[saultodd]

Microsoft.Windows.RedirectedHosts & Fraud.WindowsProtectionSuite

Spybot has detected Microsoft.Windows.RedirectedHosts & Fraud.WindowsProtectionSuite and it cant remove it because host files denies access,

 

[ken545]

Hi,

Looks like you may have an illegal copy of windows on this system
http://www.bleepingcomputer.com/startups/antiwpa.dll-21379.html

 

[ken545]

Topic closed due to lack of response along with the fact that windows may be illegal