PDA

View Full Version : Help - Widows Explorer keeps opening on its own,



LAFrare
2013-10-16, 19:30
Widows Explorer keeps opening on its own, wants to go to a harmful site, Avast blocks it.

I hope I am following your protocol correctly.

I could not find a "windows Native zip utility". so i used what i had.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.40.2
Run by Administrator at 8:41:13 on 2013-10-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.253 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Architect\HelperService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files\PDF Architect\ConversionService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = localhost:21320
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mpreas] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\mpreas.dll",Next
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [uigfi] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\uigfi.dll",MergeFromSeq2
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher free\MailWasher.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://75.142.151.123/VatDec.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1367951858937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251315788984
DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} - hxxps://secured.lsi-lps.com/messenger/download/TWDownload.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://75.142.151.123:81/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{1FD74629-970E-45AA-B2FE-E9B28B9CFBBC} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-14 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-14 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-12 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-12 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-12 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-14 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-12 46808]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2012-8-2 154624]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\administrator\local settings\application data\crossloop\CrossLoopService.exe [2012-5-21 569072]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\pdf architect\HelperService.exe [2013-4-8 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\program files\pdf architect\ConversionService.exe [2013-4-8 799280]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-5-30 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-5-30 1033688]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2012-3-6 286992]
R3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [2005-12-16 408064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-5-30 171928]
S3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\a302.sys [2009-8-26 11319]
S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2010-8-2 24424]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-15 40776]
S3 PSVolAcc;PSVolAcc; [x]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-17 13024]
S3 tvnserver;TightVNC Server;c:\documents and settings\administrator\local settings\application data\crossloop\tvnserver.exe [2012-5-21 814080]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-10-05 19:30:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-10-05 19:30:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-09-25 21:07:00 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-25 21:06:58 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-25 21:06:58 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 21:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-08-03 06:17:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-03 06:17:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-31 22:11:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll
.
============= FINISH: 8:42:53.29 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-16 08:25:44
-----------------------------
08:25:44.094 OS Version: Windows 5.1.2600 Service Pack 3
08:25:44.094 Number of processors: 1 586 0x605
08:25:44.094 ComputerName: MET67 UserName:
08:25:46.047 Initialize success
08:25:47.875 AVAST engine defs: 13101600
08:26:21.563 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
08:26:21.563 Disk 0 Vendor: WDC_WD5000AAKX-00U6AA0 15.01H15 Size: 476940MB BusType: 3
08:26:21.734 Disk 0 MBR read successfully
08:26:21.734 Disk 0 MBR scan
08:26:21.844 Disk 0 Windows XP default MBR code
08:26:21.844 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
08:26:21.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 396479 MB offset 80325
08:26:21.875 Disk 0 Partition - 00 0F Extended LBA 80419 MB offset 812069685
08:26:21.891 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 80419 MB offset 812069748
08:26:21.906 Disk 0 scanning sectors +976768065
08:26:21.969 Disk 0 scanning C:\WINDOWS\system32\drivers
08:26:43.516 Service scanning
08:27:13.109 Modules scanning
08:27:23.953 Disk 0 trace - called modules:
08:27:23.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:27:23.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871a5ab8]
08:27:23.984 3 CLASSPNP.SYS[f7692fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x871e1030]
08:27:25.219 AVAST engine scan C:\WINDOWS
08:27:37.641 AVAST engine scan C:\WINDOWS\system32
08:31:53.078 AVAST engine scan C:\WINDOWS\system32\drivers
08:32:42.625 AVAST engine scan C:\Documents and Settings\Administrator
08:34:51.094 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\AAmalware logs\MBR.dat"
08:34:51.109 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\AAmalware logs\aswMBR.txt"