Windows Support Forum

virtumonde ( i don't think it's gone) I get "DEP" popups closing windows explorer

Q: virtumonde ( i don't think it's gone) I get "DEP" popups closing windows explorer

For the past few weeks I have been having issues with my computer For example I get DEP popups saying for your computers protections Data Execution prevention has closed don't virtumonde think get "DEP" it's windows explorer ( closing popups gone) i I the following program - Windows Explorer It will sometimes say Internet Explorer which i never use I love using Firefox or chrome I got Prevx a few months back virtumonde ( i don't think it's gone) I get "DEP" popups closing windows explorer it seemed to work well fixed a few issues way back when but now it seems to not find stuff I see when it scans at the bottom it still shows virtumonde which I thought I got removed with Seek and Destroy a week or so ago I ve ran Prevx Seek and Destroy MalwareBytes Anti-malware and even housecall trendmicro com currently they don t find anything save for a single quot doubleclick quot thing in the malware search I m at a loss Can anyone help or am I being silly thinking DEP shouldn t be popping up If I m not on anything Thanks for any help or insight Savvy DDS Ver - - - NTFSx Run by Savvy at on Thu Internet Explorer BrowserJavaVersion Running Processes Pseudo HJT Report uSearch Page uSearch Bar uInternet Settings ProxyOverride lt local gt BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO ContributeBHO Class c dc - - a a- d-c c - c program files adobe Adobe Contribute CS contributeieplugin dll BHO Adobe PDF Link Helper df c-e ad- -a -fa c ebdc - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO SafeOnline BHO d - c- bd-b - e d ef - c windows system PxSecure dll BHO Windows Live ID Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Adobe PDF Conversion Toolbar Helper ae cd -e - f- - ee - c program files adobe acrobat acrobat AcroIEFavClient dll BHO Skype Plug-In ae - e c- ed - f b-f f a - c program files skype toolbars internet explorer skypeieplugin dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO Google Gears Helper e fefe -fbf - ae-ba - ca e fb - c program files google google gears internet explorer gears dll TB Adobe PDF -d c - - fa - e eaac - c program files adobe acrobat acrobat AcroIEFavClient dll TB Contribute Toolbar bdde -e a - -b e- b b fc - c program files adobe Adobe Contribute CS contributeieplugin dll TB EF BD -C FB- D - F- D F - No File EB Adobe PDF ec be- - c -a -beb d a b - c program files adobe acrobat acrobat AcroIEFavClient dll EB - a - b-a - c a a - No File uRun ctfmon exe c windows system ctfmon exe uRun Google Update quot c documents and settings savvy local settings application data google update GoogleUpdate exe quot c uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun MSMSGS quot c program files messenger msmsgs exe quot background mRun Acrobat Assistant quot c program files adobe acrobat acrobat Acrotray exe quot mRun Launch LgDeviceAgent quot c program files logitech gamepanel software LgDevAgt exe quot mRun Launch LGDCore quot c program files logitech gamepanel software g-series software LGDCore exe quot SHOWHIDE mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun LXCGCATS rundll c windows system spool drivers w x LXCGtime dll RunDLLEntry mRun StartCCC quot c program files ati technologies ati ace core-static CLIStart exe quot MSRun mRun Callcentric mRun SunJavaUpdateSched quot c program files common files java java update jusched exe quot mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime StartupFolder c documents and settings savvy start menu programs startup CurseClientStartup ccip StartupFolder c docume alluse startm programs startup logitech setpoint lnk - c program files logitech setpoint SetPoint exe StartupFolder c docume alluse startm programs startup netgea lnk - c program files netgear wg t wlancfg exe IE Append to existing PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert link target to Adobe PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert link target to existing PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert selected links to Adobe PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIECaptureSelLinks html IE Convert selected links to existing PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppendSelLinks html IE Convert selection to Adobe PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE Convert selection to existing PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIEAppend html IE Convert to Adobe PDF - c program files adobe acrobat acrobat AcroIEFavClient dll AcroIECapture html IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE EA C -E FF- B- -AEC B E - EA C -E FF- B- -AEC B E - c program files skype toolbars internet explorer skypeieplugin dll DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF FFBE D- C C- - BD- DC B C - hxxp fpdownload macromedia com get flashplayer current ultrashim cab DPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab DPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cab Handler skype-ie-addon-data - -D - E -B - B B A - c program files skype toolbars internet explorer skypeieplugin dll Handler skype com - FFC B - B - DFF- - C DD F D - c progra common skype Skype COM dll Notify AtiExtEvent - Ati evxx dll Notify LBTWlgn - c program files common files logitech bluetooth LBTWlgn dll SSODL WPDShServiceObj - AAA BA- A C- B - D - D DB - c windows system WPDShServiceObj dll SSODL nezegegig - f feb - - d - b -b e f db - c windows system hihatofo dll STS mujuzedij f feb - - d - b -b e f db - c windows system hihatofo dll LSA Notification Packages scecli pinugevu dll Hosts www spywareinfo com FIREFOX FF - ProfilePath - c docume savvy applic mozilla firefox profiles ip sf m default FF - prefs js browser search defaulturl - hxxp www bing com search FORM BABTDF amp PC BBLN amp q FF - prefs js browser startup homepage - hxxp en-US start mozilla com firefox client firefox-a amp rls org mozilla en-US official FF - component c documents and settings savvy application data mozilla firefox profiles ip sf m default extensions b ec e- a- b -b cb- b components FFExternalAlert dll FF - component c documents and settings savvy application data mozilla firefox profiles ip sf m default extensions b ec e- a- b -b cb- b components RadioWMPCore dll FF - component c program files google google gears firefox lib ff gears dll FF - component c program files mozilla firefox extensions ab ce - - b - a - c bd components SkypeFfComponent dll FF - plugin c documents and settings savvy application data facebook npfbplugin dll FF - plugin c documents and settings savvy application data mozilla firefox profiles ip sf m default extensions support ancestry com plugins npImgCtl dll FF - plugin c documents and settings savvy application data mozilla plugins npgoogletalk dll FF - plugin c documents and settings savvy application data mozilla plugins npgtpo dautoplugin dll FF - plugin c documents and settings savvy local settings application data google update npGoogleOneClick dll FF - plugin c program files common files doubletwist NPPodcast dll FF - plugin c program files common files motive npMotive dll FF - plugin c program files divx divx plus web player npdivx dll FF - plugin c program files download manager npfpdlm dll FF - plugin c program files google google earth plugin npgeplugin dll FF - plugin c program files google update npGoogleOneClick dll FF - plugin c program files java jre bin new plugin npdeployJava dll FF - plugin c program files mozilla firefox plugins npdnu dll FF - plugin c program files mozilla firefox plugins npdnupdater dll FF - plugin c program files mozilla firefox plugins NPStreamPlug dll FF - plugin c program files pando networks media booster npPandoWebPlugin dll FF - plugin c program files unity webplayer loader npUnity D dll FF - plugin c program files viewpoint viewpoint media player npViewpoint dll FF - HiddenExtension Microsoft NET Framework Assistant a -c - ed- e - b - c windows microsoft net framework v windows presentation foundation dotnetassistantextension FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA FF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA FF - Extension Default ce c - e - -a - ce fd - c program files mozilla firefox extensions ce c - e - -a - ce fd FF - Extension Skype extension AB CE - - b - A - C BD - c program files mozilla firefox extensions AB CE - - b - A - C BD FF - Extension Java Console CAFEEFAC- - - -ABCDEFFEDCBA - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA FF - Extension Java Console CAFEEFAC- - - -ABCDEFFEDCBA - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA FF - Extension Ancestry com Advanced Image Viewer support ancestry com - c docume savvy applic mozilla firefox profiles ip sf m default extensions support ancestry com FF - Extension Microsoft NET Framework Assistant a -c - ed- e - b - c docume savvy applic mozilla firefox profiles ip sf m default extensions a -c - ed- e - b FF - Extension Zynga Toolbar b ec e- a- b -b cb- b - c docume savvy applic mozilla firefox profiles ip sf m default extensions b ec e- a- b -b cb- b FF - Extension Java Quick Starter jqs sun com - c program files java jre lib deploy jqs ff FF - Extension Microsoft NET Framework Assistant a -c - ed- e - b - c windows microsoft net framework v windows presentation foundation DotNetAssistantExtension FF - Extension Google Gears a d c-beef- f - - d b - c program files google google gears Firefox ---- FIREFOX POLICIES ---- FF - user js network protocol-handler warn-external dnupdate - false user pref network protocol-handler warn-external dnupdate false SERVICES DRIVERS Created Last - - -------- d-----w- C VundoFix Backups - - -------- d-----w- c documents and settings savvy Shared - - -------- d-----w- C ConverterOutput - - ----a-w- c windows system libmplayer dll - - ----a-w- c windows system TomsMoComp ff dll - - ----a-w- c windows system libavcodec dll - - ----a-w- c windows system ffdshow ax - - ----a-w- c windows system ac filter ax - - ----a-w- c windows system libmpeg ff dll - - -------- d-----w- c program files Cucusoft - - ----a-w- c program files mozilla firefox plugins nppdf dll - - ----a-w- c windows system drivers tmcomm sys - - ----a-w- c windows system deployJava dll - - ----a-w- c program files mozilla firefox plugins npdeployJava dll - - -------- d-----w- c program files Callcentric Find M - - ----a-w- c windows system mfc u dll - - ----a-w- c windows system mfc dll - - ----a-w- c windows system mfc dll - - ----a-w- c windows system mfc u dll - - ----a-w- c windows system javacpl cpl - - ----a-w- c windows system wininet dll - - ----a-w- c windows system licmgr dll - - ------w- c windows system inetcpl cpl - - ----a-w- c windows system QuickTimeVR qtx - - ----a-w- c windows system QuickTime qts - - ----a-w- c windows system RTSndMgr CPL - - ----a-w- c windows SOUNDMAN EXE - - ----a-w- c windows vncutil exe - - ----a-w- c windows SkyTel exe - - ----a-w- c windows RTLCPL EXE - - ----a-w- c windows RtlUpd exe - - ----a-w- c windows system RtkCoInstXP dll - - ----a-w- c windows RTHDCPL EXE - - ----a-w- c windows RtkAudioService exe - - ----a-w- c windows MicCal exe - - ----a-w- c windows ALCMTR EXE - - ----a-w- c windows system ALSNDMGR CPL - - ----a-w- c windows ALCWZRD EXE - - -csh--r- c windows system flvDX dll - - -csh--r- c windows system msfDX dll - - -csh--r- c windows system nbDX dll FINISH

Relevancy 100%
Preferred Solution: virtumonde ( i don't think it's gone) I get "DEP" popups closing windows explorer

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: virtumonde ( i don't think it's gone) I get "DEP" popups closing windows explorer

Welcome to BC Please download MBRCheck.exe to your desktop.Be sure to disable your security programs.Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).A window will open on your desktop.if an unknown bootcode is found you will have further options available to you, at this time press N the press Enter twice.If nothing unusual is found just press EnterA .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.In your next reply, please include the log from MBRChecker. Thanks

http://www.bleepingcomputer.com/forums/t/364447/virtumonde-i-dont-think-its-gone-i-get-dep-popups-closing-windows-explorer/
Relevancy 70.52%

Added information posted in a duplicate topic OBI think my HELP VIRUS?? POPUPS, KEEPS CLOSING EXPLORER OUT! I have something here my internet explor keeps bringing up pop ups like vadogames and urgent news and when I access certain pdf files etc it closes it all out attached is HJT report Will someone please help me here End of added information OBLogfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows vVX exeC Program Files x Hewlett-Packard HP Advisor HPAdvisor exeC Program Files x HELP VIRUS?? POPUPS, EXPLORER KEEPS CLOSING OUT! Common Files LightScribe LightScribeControlPanel exeC Program Files x DAEMON Tools Lite daemon exeC Program Files HELP VIRUS?? POPUPS, EXPLORER KEEPS CLOSING OUT! x Windows Live Messenger msnmsgr exeC Program Files x Spybot - Search amp Destroy TeaTimer exeC Program Files x HP Digital Imaging bin hpqtra exeC hp support hpsysdrv exeC Program Files x HP HP Software Update hpwuSchd exeC Program Files x Adobe Acrobat Acrobat acrotray exeC Program Files x Java jre bin jusched exec Program Files x Common Files Symantec Shared ccSvcHst exeC Program Files x OpenOffice org program soffice exeC Program Files x OpenOffice org program soffice binC Program Files x HP Digital Imaging bin hpqSTE exeC hp kbd kbd exeC Program Files x Windows Live Contacts wlcomm exeC PROGRA Bandoo BndCore exeC Program Files x Yahoo Messenger ymsgr tray exeC Program Files x Internet Explorer iexplore exeC Program Files x Internet Explorer iexplore exeC Program Files x Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a ion amp pf cndtR - HKCU Software Microsoft Internet Explorer Main Start Page http www comcast net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TYPE a ion amp pf cndtR - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a ion amp pf cndtR - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htmR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook AGSearchHook Class - BC E FA- EF- - C- A C A - C Program Files x AGI common agcutils dllO - Hosts localhostO - BHO amp Yahoo Toolbar Helper - D -C F - efb- B - ECA - C Program Files x Yahoo Companion Installs cpn yt dllO - BHO ContributeBHO Class - C DC - - A A- D-C C - C Program Files x Adobe Adobe Contribute CS contributeieplugin dllO - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files x Common Files Adobe Acrobat ActiveX AcroIEHelperShim dllO - BHO Automated Content Enhancer - D E DD- - b-B CB- FFF B A - C Program Files x Automated Content Enhancer ACEIEAddOn dllO - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files x Skype Toolbars Internet Explorer SkypeIEPlugin dllO - BHO Customized Platform Advancer - C C F- - a -BDB - C B B - C Program Files x Customized Platform Advancer CPAIEAddOn dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C Program Files x Spybot - Search amp Destroy SDHelper dllO - BHO no name - C C A-E - b - D - CECB - no file O - BHO no name - A DE- - - A E-AE E B B F - no file O - BHO Symantec Intrusion Prevention - D EC - AAE- -AEEE-F F C - C PROGRA COMMON SYMANT IDS IPSBHO dllO - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files x Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dllO - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microso... Read more

A:HELP VIRUS?? POPUPS, EXPLORER KEEPS CLOSING OUT!

oh gosh now no keyboard and im using lap top to get to here. no replies yet??

http://www.bleepingcomputer.com/forums/t/278320/help-virus-popups-explorer-keeps-closing-out/
Relevancy 66.65%

Lets start off then My computer has been Slowed Computer, Explorer Issues, Closing. Programs Spontaneously Internet Popups, experiencing problems lately It runs random advertisement popups runs MUCH slower programs close without notice i have not Slowed Computer, Internet Explorer Issues, Popups, Programs Spontaneously Closing. been able to run many programs Internet explorer cant load a page and closes all the time showing this notice Weirdly without the rest of the stuff the notice usually shows This icon appears in my tray and when you right click and click close nothing happens the green and red circles with the exclamation mark This appears when you click it New Folders appeared in the PROGRAM FILES folder called OuterInfo Kimmkofn rgpmlybi Zuxttrbm without me installing anything I cant run the HijackThis Installer i click OK as soon as it loads then it comes up with an error quot Out of memory quot I also tried to install Spybot Search and Destroy but it would be about minute into installation and it would just disappear This happens with many programs Please help with this matter Verion

A:Slowed Computer, Internet Explorer Issues, Popups, Programs Spontaneously Closing.

Hello and welcome to Bleeping Computer Verion.Let's go to Control Panel> Add/Remove ProgramsLook for any of these and uninstall them...ClickSpringCowabanga by OINipwindows / ipwinsMediaTicketsMediaTickets by OINOINOuter Info NetworkPurityScanPurityScan by OINSnowball Wars by OINTizzleTalkTizzleTalk by OINYazzle by OINYazzle ActiveX By OINYazzle Cowabanga by OINYazzle Kobe :filtered:! By OINYazzle Picster by OINYazzle Sudoku by OINYazzle Snowballwars by OINYazzle Kobe Balls! by OINZolero Translatoror anything similar with OIN, Outer Info Network or Yazzle in them.and any other programs you didn't install or don't recognize.Then IF they're not listed run the Outerinfo UninstallerImportant! Reboot when done.Open My Computer or Windows Explorer, navigate to C:\Program Files and delete any of the named program folders listed above that you find (if they still exist).Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.

http://www.bleepingcomputer.com/forums/t/122582/slowed-computer-internet-explorer-issues-popups-programs-spontaneously-closing/
Relevancy 62.35%

I was in the middle of posting a thread and the window just closed on me So if I need to include anything else please let me know I appreciate any help Basically I've been having problems with Pop Up ads and windows closing all of the sudden Also my desktop disappears leaving only the wall paper The only way to get out of there is by me pressing ctrl alt del to restart the computer I have the panda scan and the deckard scan included thank you so much Incident Status Location Adware adware commad Not disinfected c windows system atmtd dll Spyware spyware searchcentrix Not disinfected Windows Registry Adware adware outerinfo Not disinfected Windows Registry Spyware spyware virtumonde Not disinfected Windows Registry Spyware Cookie YieldManager Not disinfected C Documents and Settings RIchard Cookies richard ad yieldmanager txt Spyware Cookie PointRoll Not disinfected C Documents and Settings RIchard Cookies richard ads pointroll txt Spyware Cookie AdvancedCleaner Not disinfected with Problem PopUps closing windows and C Documents and Settings RIchard Cookies richard advancedcleaner txt Spyware Problem with PopUps and windows closing Cookie AdvancedCleaner Not disinfected C Documents and Settings RIchard Cookies richard advancedcleaner txt Spyware Cookie Advertising Not disinfected C Documents and Settings RIchard Cookies richard advertising txt Spyware Cookie Apmebf Not disinfected C Documents and Settings RIchard Cookies richard apmebf txt Spyware Cookie Atlas DMT Not disinfected C Documents and Settings RIchard Cookies richard atdmt txt Spyware Cookie Atwola Not disinfected C Documents and Settings RIchard Cookies richard atwola txt Spyware Cookie Atwola Not disinfected C Documents and Settings RIchard Cookies richard atwola txt Spyware Cookie Problem with PopUps and windows closing Bluestreak Not disinfected C Documents and Settings RIchard Cookies richard bluestreak txt Spyware Cookie Serving-sys Not disinfected C Documents and Settings RIchard Cookies richard bs serving-sys txt Spyware Cookie Zedo Not disinfected C Documents and Settings RIchard Cookies richard c zedo txt Spyware Cookie Casalemedia Not disinfected C Documents and Settings RIchard Cookies richard casalemedia txt Spyware Cookie Hitslink Not disinfected C Documents and Settings RIchard Cookies richard counter hitslink txt Spyware Cookie did-it Not disinfected C Documents and Settings RIchard Cookies richard did-it txt Spyware Cookie Doubleclick Not disinfected C Documents and Settings RIchard Cookies richard doubleclick txt Spyware Cookie Enhance Not disinfected C Documents and Settings RIchard Cookies richard enhance txt Spyware Cookie FastClick Not disinfected C Documents and Settings RIchard Cookies richard fastclick txt Spyware Cookie GoClick Not disinfected C Documents and Settings RIchard Cookies richard goclick txt Spyware Cookie Linksynergy Not disinfected C Documents and Settings RIchard Cookies richard linksynergy txt Spyware Cookie Mediaplex Not disinfected C Documents and Settings RIchard Cookies richard mediaplex txt Spyware Cookie Overture Not disinfected C Documents and Settings RIchard Cookies richard perf overture txt Spyware Cookie QuestionMarket Not disinfected C Documents and Settings RIchard Cookies richard questionmarket txt Spyware Cookie RealMedia Not disinfected C Documents and Settings RIchard Cookies richard realmedia txt Spyware Cookie Serving-sys Not disinfected C Documents and Settings RIchard Cookies richard serving-sys txt Spyware Cookie Statcounter Not disinfected C Documents and Settings RIchard Cookies richard statcounter txt Spyware Cookie Target Not disinfected C Documents and Settings RIchard Cookies richard target txt Spyware Cookie Traffic Marketplace Not disinfected C Documents and Settings RIchard Cookies richard trafficmp txt Spyware Cookie Tribalfusion Not disinfected C Documents and Settings RIchard Cookies richard tribalfusion txt Spyware Cookie Zedo Not disinfected C Documents and Settings RIchard Cookies richard ... Read more

A:Problem with PopUps and windows closing

For some reason its saying that my upload fails when trying to attach the extra.txt from deckard. What should I do?

thank you so much for your help.

http://www.techsupportforum.com/forums/f100/problem-with-popups-and-windows-closing-216361.html
Relevancy 61.49%

I get popups whenever I view pretty much any website go to google com and search for anti virus and I get popups for McAfee sometimes when I close closing Windows ME downwhen shutting popups these popups my computer shuts down for apparently no reason Run NAV and Adaware removed everything it found but still no joy Heres my Hijack This log Logfile of HijackThis v Scan saved at on Platform Windows ME Win x MSIE Internet Explorer v SP Running processes C WINDOWS SYSTEM KERNEL DLL C WINDOWS SYSTEM MSGSRV EXE C WINDOWS SYSTEM MPREXE EXE C WINDOWS SYSTEM MSTASK EXE C WINDOWS SYSTEM STIMON EXE C PROGRAM FILES COMMON FILES SYMANTEC SHARED CCEVTMGR EXE C PROGRAM FILES COMMON FILES SYMANTEC SHARED CCSETMGR EXE C PROGRAM FILES NORTON ANTIVIRUS ADVTOOLS NPROTECT EXE C PROGRAM FILES COMMON FILES AOL ACS Windows ME shutting downwhen closing popups AOLACSD EXE C WINDOWS SYSTEM mmtask tsk C WINDOWS EXPLORER EXE C WINDOWS SYSTEM RESTORE STMGR EXE C WINDOWS TASKMON EXE C WINDOWS SYSTEM SYSTRAY EXE C WINDOWS SYSTEM WMIEXE EXE C WINDOWS PCTVOICE EXE Windows ME shutting downwhen closing popups C WINDOWS LOADQM EXE C PROGRAM FILES COMMON FILES SYMANTEC SHARED CCPD-LC SYMLCSVC EXE C PROGRAM FILES COMMON FILES SYMANTEC SHARED Windows ME shutting downwhen closing popups CCAPP EXE C PROGRAM FILES COMMON FILES NOKIA NCLTOOLS NCLTRAY EXE C PROGRAM FILES NOKIA NOKIA PC SUITE DATALAYER EXE C KMAESTRO KMAESTRO EXE C PROGRAM FILES COMMON FILES NOKIA SERVICES SERVICELAYER EXE C WINDOWS RUNDLL EXE D PROGRAM FILES RAMPAGE RAMPAGEH EXE C PROGRAM FILES COMMON FILES AOL ACS AOLDIAL EXE C PROGRAM FILES MSN MESSENGER MSNMSGR EXE C PROGRAM FILES ZONE LABS ZONEALARM ZONEALARM EXE C PROGRAM FILES UNITED DEVICES UD EXE C PROGRAM FILES UNITED DEVICES UD EXE C PROGRAM FILES UNITED DEVICES UD DIR UD LIGFIT RELEASE EXE C WINDOWS SYSTEM PSTORES EXE C PROGRAM FILES INTERNET EXPLORER IEXPLORE EXE C WINDOWS SYSTEM DDHELP EXE C PROGRAM FILES INTERNET EXPLORER IEXPLORE EXE C TORRENTS HIJACKTHIS EXE R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton AntiVirus NavShExt dll O - BHO no name - E F-C D - D -B D- B D BE B - C PROGRAM FILES ADOBE ACROBAT READER ACTIVEX ACROIEHELPER DLL O - BHO no name - FA A-C A - - C - AE AB - C WINDOWS SYSTEM SWIN DLL O - BHO no name - - F D- C- E - A C E C - C WINDOWS NEM DLL file missing O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS SYSTEM MSDXM OCX O - HKLM Run ScanRegistry C WINDOWS scanregw exe autorun O - HKLM Run TaskMonitor C WINDOWS taskmon exe O - HKLM Run PCHealth C WINDOWS PCHealth Support PCHSchd exe -s O - HKLM Run SystemTray SysTray Exe O - HKLM Run LoadPowerProfile Rundll exe powrprof dll LoadCurrentPwrScheme O - HKLM Run SiSAudio C WINDOWS system MP S exe O - HKLM Run PCTVOICE pctvoice exe O - HKLM Run DisableEHCI C WINDOWS NoUSB EXE O - HKLM Run LoadQM loadqm exe O - HKLM Run OmgStartup C Program Files Common Files Sony Shared OpenMG OmgStartup exe O - HKLM Run Symantec Core LC C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe start O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run NAV CfgWiz C Program Files Common Files Symantec Shared CfgWiz exe GUID NAV CMDLINE quot REBOOT quot O - HKLM Run Advanced Tools Check C PROGRA NORTON ADVTOOLS ADVCHK EXE O - HKLM Run NPROTECT C PROGRA NORTON ADVTOOLS NPROTECT EXE O - HKLM Run QuickTime Task quot C WINDOWS SYSTEM QTTASK EXE quot -atboottime O - HKLM Run Nokia Tray Application C Program Files Common Files Nokia NCLTools NclTray exe O - HKLM Run DataLayer C Program Files Nokia Nokia PC Suite DataLayer exe O - HKLM Run APILIBR C WINDOWS SYSTEM APILIBR exe O - HKLM Run P C C WINDOWS SYSTEM P C exe O - HKLM Run KeyMaestro C KMAESTRO KMaestro exe O - HKLM Run Cmaudio RunDll cmicnfg cpl CMICtrlWnd O - HKLM Run RAMpage quot D Program Files RA... Read more

Relevancy 60.2%

Hey, I am having problems with my other computer suddenly closing both Internet Explorer and Windows Explorer applications, such as Control Panel, My Computer, etc...(Windows XP Home Edition)
When i click on either one, lets say the my computer icon, a pop up of the my computer folder thing flashes for a split second then disappears, the computer freezes for about a second, shows only the desktop, then a few seconds later the icons start appearing on my desktop and my start taskbar comes back. The screen is back to normal with no lag, but the my computer pop up is no longer there. The same thing happens with internet explorer, but it just happens alot quicker.
Does anyone know what could possibly be the problem of this, and maybe how to fix it? Thank You in advance.
 

A:Windows Explorer + Internet Explorer Closing Immediately...

Did you do an anti-virus scan on your PC seems like a virus problem.
 

https://forums.techguy.org/threads/windows-explorer-internet-explorer-closing-immediately.296843/
Relevancy 58.91%

Lets see so far my computer is very slow I tried using windows system restore twice both times it said unable to restore sometimes when I am bringing any page up on internet explorer a popup will come "systm" popups Infected Explorer Windows and random popups internet and up either one from the internet or one that is either from my system or disguised to be my system before I also was hgetting some kind of terminaton eroor every minutes say something about terminationg a program all i remember is the code which was x exactly DDS Ver - - - NTFSx Run by Gregg at on Tue Internet Explorer AV CA Anti-Virus On-access scanning enabled Updated FW CA Personal Firewall enabled Running Processes Pseudo HJT Report uSearchMigratedDefaultURL hxxp www google com search q searchTerms amp rls com Infected Windows Explorer and random "systm" popups and internet popups microsoft language referrer source amp ie inputEncoding amp oe outputEncoding amp sourceid ie amp rlz I ACEW uWindow Title Microsoft Internet Explorer mDefault Page URL hxxp homepage emachines com rdr aspx b ACEW amp l amp s amp o xph amp d amp m le mWindow Title Microsoft Internet Explorer uInternet Settings ProxyOverride local uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dll BHO RoboForm d a - d - d - - e a - c program files siber systems ai roboform roboform dll BHO fa d - cd- e e-b - fad bda - c documents and settings gregg application data winrar atpisa dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO b e e - - edf- eae- ce a f - c windows system potedeju dll BHO CA Toolbar Helper fbf b- - -be d-c b ca - c program files ca ca internet security suite ca website inspector toolbar CallingIDIE dll TB CA Toolbar -e af- ac -a dc-c c bb d - c program files ca ca internet security suite ca website inspector toolbar CallingIDIE dll TB Ask Toolbar d e-fd b- e -b - d b f - c program files askbardis bar bin askBar dll TB Yahoo Toolbar ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dll TB amp RoboForm d a - d - d - - e a - c program files siber systems ai roboform roboform dll uRun Power GoExpress NA uRun ctfmon exe c windows system ctfmon exe uRun H PC Connection Agent quot c program files microsoft activesync wcescomm exe quot uRun RoboForm quot c program files siber systems ai roboform RoboTaskBarIcon exe quot uRunOnce Shockwave Updater c windows system adobe shockw SWHELP EXE -Update - - quot Mozilla Windows U Windows NT en-US rv Gecko Firefox NET CLR quot - quot http www shockwave com contentPlay shockwave jsp id inklink amp dwin amp memberStatus SignedInStandard amp brand quot mRun RemoteControl quot c program files cyberlink powerdvd PDVDServ exe quot mRun LanguageShortcut quot c program files cyberlink powerdvd language Language exe quot mRun NvMediaCenter RUNDLL EXE c windows system NvMcTray dll NvTaskbarInit mRun WIFISoftAP quot c program files wireless pci-express network adapter WIFISoftAP exe quot -nogui mRun cctray quot c program files ca ca internet security suite cctray cctray exe quot mRun microssofts scvhosts exe mRun RTHDCPL RTHDCPL EXE mRun SoundMan SOUNDMAN EXE mRun AlcWzrd ALCWZRD EXE mRun Alcmtr ALCMTR EXE mRun Anti Trojan Elite c program files anti trojan elite TJEnder exe NO mRun CPM bd f Rundll exe quot c windows system benitonu dll quot a mRun pitedehega Rundll exe quot c windows system zugodiju dll quot s mRun MSConfig c windows pchealth helpctr binaries MSConfig exe auto StartupFolder c docume gregg startm programs startup adobeg lnk - c program files common files adobe calibration Adobe Gamma Loader exe StartupFolder c docume gregg startm programs startup onenot lnk - c program files microsoft office office ONENOTEM EXE StartupFolder c docume alluse startm programs startup bigfix lnk - c program files bigfix bigfix exe StartupFolder c docume alluse startm programs startup blueto l... Read more

A:Infected Windows Explorer and random "systm" popups and internet popups

Bump.... aparently the virus i have is Vundo r at least one of them is=============Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Orange Blossom ~ forum moderator

http://www.bleepingcomputer.com/forums/t/221417/infected-windows-explorer-and-random-systm-popups-and-internet-popups/
Relevancy 58.48%

Hello I have (Virtumonde?) popups Update and IE disabled Windows a recurring problem where Windows Automatic Updates keeps getting disabled presumably by malware Additionally last night I seem to have been infected with Virtumonde according to SpyBot S amp D I was out of town for the holidays with my computer powered down After boot-up I was browsing the internet with Firefox when the popups began I have not recently installed any new software or visited any suspicious webpages When running Gmer the following error box appeared Windows - Drive Not Ready quot Exception Processing Message c a Parameters b bf c b bf IE popups (Virtumonde?) and disabled Windows Update c b bf c quot I had options to Try Again Cancel or Continue Try Again reproduced the same error message so I Continued and completed the log Here's my DDS txt DDS Version - NTFSx Run by at on Mon Microsoft Windows XP Professional GMT - Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS system Ati evxx exe svchost exe svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system RunDll exe C WINDOWS vVX exe C Program Files Trend Micro Internet Security pccguide exe C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C WINDOWS system spoolsv exe C WINDOWS system ctfmon exe C Program Files Messenger msmsgs exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system lkcitdl exe C WINDOWS system lkads exe C WINDOWS system lktsrv exe C Program Files Microsoft LifeCam MSCamS exe C Program Files National Instruments MAX nimxs exe C Program Files National Instruments Shared Security nidmsrv exe C WINDOWS system nisvcloc exe C Program Files National Instruments Shared Tagger tagsrv exe C PROGRA TRENDM INTERN PcCtlCom exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files Alcohol Soft Alcohol StarWind StarWindServiceAE exe C WINDOWS system svchost exe -k imgsvc C PROGRA TRENDM INTERN Tmntsrv exe C PROGRA TRENDM INTERN TmPfw exe C PROGRA TRENDM INTERN tmproxy exe C Program Files Viewpoint Common ViewpointService exe C Program Files ATI Technologies ATI ACE Core-Static ccc exe C Program Files iPod bin iPodService exe C PROGRA TRENDM INTERN PcScnSrv exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Mozilla Firefox firefox exe C Documents and Settings Desktop gmer exe C WINDOWS system notepad exe C Documents and Settings Desktop dds com Pseudo HJT Report uStart Page hxxp www google com uInternet Settings ProxyOverride local BHO - F - D - - D F - c program files spybot - search amp destroy SDHelper dll BHO BB-D F - C-B EB-D DAF D D - c program files java jre bin ssv dll BHO D - C - ABF- ECC- C - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO A E F- BD- ED-B F- E C BD - c windows system gebXQihe dll BHO C B F-A D - D E-A - A C C FAB - c windows system pmnoMGxw dll BHO DBC -A - b-BC - C C C A - c program files java jre bin jp ssv dll uRun Aim quot c program files aim aim exe quot d locale en-US ee aol imApp HIDEBL uRun ctfmon exe c windows system ctfmon exe uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun AdobeUpdater c program files common files adobe updater AdobeUpdater exe uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe mRun C Sound RunDll c cpl CMICtrlWnd mRun LifeCam quot c program files microsoft lifecam LifeExp exe quot mRun VX c windows vVX exe mRun AsusStartupHelp c program files asus aasp AsRunHelp exe mRun pccguide exe quot c program files... Read more

A:IE popups (Virtumonde?) and disabled Windows Update

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

http://www.techsupportforum.com/forums/f100/ie-popups-virtumonde-and-disabled-windows-update-319035.html
Relevancy 57.62%

When I try to open a media file (video-audio) it comes up with the message, windows explorer must close then gives me an option to send an error report i have ran, adaware se, spybot, bugdoctor and mcafee.

A:Windows Explorer Keeps Closing

When I try to open a media file (video-audio) it comes up with the message, windows explorer must close then gives me an option to send an error report i have ran, adaware se, spybot, bugdoctor and mcafee. What operating system are you using?If it is XP or XP Pro, go to system restore and pick a restore date from before you began experiencing this problem.

http://www.bleepingcomputer.com/forums/t/21628/windows-explorer-keeps-closing/
Relevancy 57.62%

Hello - Last Tuesday I got a quot Windows Security quot virus and I thought I removed it by using the steps from bleepingcomputer com The real issue began on Monday when I received a quot Generic Host Win quot error I am not sure if the two are related After this my computer starting behaving very strangely I sometimes have trouble opening new internet explorer windows and when I finally do get one open it can sometimes Windows Explorer not is closing refuse to Windows Explorer is not closing close Yesterday I received a blue screen error and the message that quot your computer has recovered from a serious error quot The only changes I made to my computer after eliminating the virus was downloading the update for AVG Free Antivirus program Since I have tried to restore my computer to an earlier time and I have run scans with quot Malware Bytes quot a number of times The first time the program found about issues that I promptly cleaned off my system Since I have run the program a few times but no issues were returned Is there something I need to do to Malware Bytes to detect whatever is messing with my computer I thought restoring and running the scans fixed the error but later that day I received another Win error The strange thing is my computer seems to behaving normally today I am wondering if anyone can offer some advice as to what to do next here Thank you in advance for your assistance Mike

A:Windows Explorer is not closing

I mentioned that the error has not popped up today; but I just got another one!
Screen shots of the error are attached.
Again, thanks for your help.

Mike

http://www.bleepingcomputer.com/forums/t/364619/windows-explorer-is-not-closing/
Relevancy 57.62%

hi my windows explorer since like days ago keeps Keeps Explorer Closing Windows Down shutting down and there's this error message like error runtime not responding Dr something postmortem debugger encounters problem in debugging Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS Windows Explorer Keeps Closing Down System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC Program Files Common Files Microsoft Shared Ink KeyboardSurrogate exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC WINDOWS system spoolsv exeC PROGRA COMMON AOL ACS AOLacsd exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Grisoft AVG Anti-Spyware guard exeC Program Files TOSHIBA ConfigFree CFSvcs exeC WINDOWS system DVDRAMSV exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Eset nod krn exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files Analog Devices SoundMAX SMAgent exeC WINDOWS system svchost exec TOSHIBA IVP swupdate swupdtmr exeC WINDOWS system ThpSrv exeC Program Files TOSHIBA TME Tmesbs exeC Program Files TOSHIBA TME Tmesrv exeC Program Files Intel Wireless Bin ZcfgSvc exeC WINDOWS SYSTEM WISPTIS EXEC WINDOWS System tabbtnu exeC WINDOWS system ctfmon exeC PROGRA Intel Wireless Bin XConfig exeC Program Files Common Files Microsoft Shared Ink TCServer exeC WINDOWS system dla tfswctrl exeC WINDOWS system igfxtray exeC Program Files Common Files Microsoft Shared Ink TabTip exeC WINDOWS system hkcmd exeC Program Files Analog Devices Windows Explorer Keeps Closing Down SoundMAX SMax PNP exeC WINDOWS system THotkey exeC Program Files Toshiba CrossMenu CrossMenu exeC Program Files Apoint K Apoint exeC Program Files ltmoh Ltmoh exeC WINDOWS AGRSMMSG exeC WINDOWS system TPSMain exeC WINDOWS system TPSODDCtl exeC Program Files TOSHIBA ConfigFree NDSTray exeC Program Files TOSHIBA Acceleration Utilities TAcelMgr TAcelMgr exeC Program Files TOSHIBA Acceleration Utilities Shaker TSkrMain exeC WINDOWS system thpsrv exeC WINDOWS system TFNF exeC Program Files Apoint K Apntex exeC WINDOWS system TPSBattM exeC Program Files TOSHIBA TOSHIBA Rotation Utility TRot exeC Program Files TOSHIBA TOSHIBA Zooming Utility SmoothView exeC Program Files TOSHIBA TouchED TouchED ExeC Program Files TOSHIBA TOSHIBA Controls TFncKy exeC Program Files Toshiba Tvs TvsTray exeC Program Files TOSHIBA TAudEffect TAudEff exeC Program Files TOSHIBA TME TMETEMNU EXEC Program Files TOSHIBA TME TMERzCtl EXEC Program Files TOSHIBA TME TMESBS EXEC TOSHIBA IVP ISM pinger exeC Program Files Intel Wireless Bin ifrmewrk exeC Program Files TOSHIBA ConfigFree CFSServ exeC WINDOWS vsnpstd exeC Windows Explorer Keeps Closing Down Program Files Windows Defender MSASCui exeC Program Files iTunes iTunesHelper exeC Program Files Eset nod kui exeC Program Files Grisoft AVG Anti-Spyware avgas exeC Program Files Java jre bin jusched exeC Program Files Windows Live Family Safety fssui exeC Program Files TOSHIBA TOSCDSPD toscdspd exeC Program Files Windows Live Messenger MsnMsgr ExeC Program Files Common Files Ahead Lib NMBgMonitor exeC Program Files Common Files Ahead Lib NMIndexStoreSvr exeC Program Files iPod bin iPodService exeC PROGRA Yahoo MESSEN ymsgr tray exeC Program Files Skype Phone Skype exeC Program Files Intuwave Shared mRouterRuntime mRouterConfig exeC Program Files SUPERAntiSpyware SUPERAntiSpyware exeC Program Files Adobe Adobe Acrobat Distillr acrotray exeC Program Files Intuwave Shared mRouterRuntime mRouterRuntime exeC Program Files Kodak Kodak EasyShare software bin EasyShare exeC WINDOWS system RAMASST exeC Program Files WinZip WZQKPICK EXEC Program Files V-Gear BEE VBService ex... Read more

A:Windows Explorer Keeps Closing Down

i don't know whether this help, but this comes from the event viewer,,,

Faulting application explorer.exe, version 6.0.2900.3156, faulting module shell32.dll, version 6.0.2900.3241, fault address 0x001e4e81.

http://www.bleepingcomputer.com/forums/t/119806/windows-explorer-keeps-closing-down/
Relevancy 57.62%

Hello I hope someone can help me with this as I just cannot seem to find an answer .Whenever I access windows explorer it shuts down after a few seconds I get "exception integer division by zero. (OxC0000994) occurred in the application at location 0x0bd0dbdd . the last set of digits changes as I also had (0x0597dbdd) .I am running windows XP with service pack 2
Well that's it any ideas would be greatly appreciated .
Thank you ,
Eric
 

A:Windows explorer keeps closing

Is your PC fully patched using windows update?

If you have and codec packages installed, uninstall them as a test. See if the problem stops.
http://www.daniweb.com/forums/thread63720.html
 

https://forums.techguy.org/threads/windows-explorer-keeps-closing.809034/
Relevancy 57.62%

Can someone help please We have a problem with keeps explorer Windows closing one user profile on this PC which belongs to a friend If hidden files are marked as being shown and he opens My Music and selects a music track either the explorer window closes completely or freezes If however we mark the hidden files option as Windows explorer keeps closing not to show the problem does not occur and the music file will play fine Other user profiles on this PC do not show the same characteristics I don t know if this is in the correct forum I suspect not but I have also attached Windows explorer keeps closing a HJT and Start log for someone to look at to see if we need to do anything there Thanx in advance Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Windows explorer keeps closing system spoolsv exe C PROGRA Grisoft AVGFRE avgamsvr exe C PROGRA Grisoft AVGFRE avgupsvc exe C Program Files Belkin Bluetooth Software bin btwdins exe C WINDOWS System nvsvc exe C PROGRA Dantz RETROS retrorun exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C WINDOWS Explorer EXE C WINDOWS system CTHELPER EXE C Program Files Adaptec Easy CD Creator DirectCD DirectCD exe C WINDOWS system carpserv exe C PROGRA Maxtor OneTouch Utils OneTouch exe C Program Files Common Files Real Update OB realsched exe C PROGRA Grisoft AVGFRE avgcc exe C WINDOWS system rundll exe C Program Files Common Files PCSuite DataLayer DataLayer exe C Program Files Nokia Nokia PC Suite LaunchApplication exe C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files iTunes iTunesHelper exe C WINDOWS system RUNDLL EXE C program files BigFix BigFix exe C program files Belkin Bluetooth Software BTTray exe C program files Logitech SetPoint KEM exe C program files Common Files Microsoft Shared Works Shared wkcalrem exe C program files WinTV Ir exe C Program Files iPod bin iPodService exe C Program Files Logitech SetPoint KHALMNPR EXE C PROGRA COMMON PCSuite Services SERVIC EXE C program files Internet Explorer IEXPLORE EXE C program files Internet Explorer IEXPLORE EXE C Internet Download HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www stockbrokers co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www tesco net R - HKCU Software Microsoft Internet Explorer Main Start Page bak http www stockbrokers co uk R - HKCU Software Microsoft Internet Explorer Main Window Title PlusNet Internet Explorer R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO MSN Search Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files MSN Toolbar Suite TB en-gb msntb dll O - BHO no name - FDD B - D - ffb- - B AD ACC - C Program Files Microsoft Money System mnyviewer dll O - Toolbar MSN Search Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files MSN Toolbar Suite TB en-gb msntb dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartup O - HKLM Run nwiz nwiz exe install O - HKLM Run WINDVDPatch CTHELPER EXE O - HKLM Run Jet Detection quot C Program Files Creative SBAudigy PROGRAM ADGJDet exe quot O - HKLM Run CTStartup C Program Files Creative Splash Screen CTEaxSpl EXE run O - HKLM Run WorksFUD C Program Files Microsoft Works wkfud exe O - HKLM Run MoneyStartUp quot C Program Files Microsoft Money System Activation exe quot O - HKLM Run AdaptecDirectCD C Program Files Adaptec Easy CD Creator DirectCD DirectCD exe O - HKLM Run CARPService carpserv exe O - HKLM Run NeroCheck C WINDOWS system NeroC... Read more

A:Windows explorer keeps closing

Anyone any ideas on this please?
 

https://forums.techguy.org/threads/windows-explorer-keeps-closing.453703/
Relevancy 57.62%

Hi
I have recently had a lot of pc problems with processes using 100% cpu and runtime errors. I took my pc to my local repair shop and it ended up that they completely wiped my pc and reinstalled windows xp home.
I use the mozy online backup service so thankfully most of my files are safe and I have restored them.

Everytime I try to go into "my pictures" where I store all my photographs, I get the error message "To help protect your computer, windows have closed this program. Name: Windows explorer"

Is there anything I can do to prevent this happening?

Thanks

Ian
 

A:Windows explorer closing down.

I hope this helps you .... http://www.helpwithwindows.com/techfiles/explorer-crashes.html
 

https://forums.techguy.org/threads/windows-explorer-closing-down.885692/
Relevancy 57.62%

Hi everyone A few days ago I encountered an odd problem Whenever I tried to right-click on an avi Explorer keeps Windows closing file in My Videos in Windows Explorer I would get one of the following problems All the open Windows Explorer windows Windows Explorer keeps closing would just close the taskbar would disappear and then after a few seconds the taskbar would re-appear Although I m not very tech-savvy I think this is what happens when you terminate explorer exe and it sort of automatically restarts itself I d get an error message saying quot Windows Explorer has encountered a problem and needs to close We are sorry for the inconvenience quot and similar to above all the Windows Explorer windows close the taskbar disappears and then re-appears as if nothing happened At the time I didn t think of taking a screenshot of this one but after right-clicking on an avi file and trying to open it in VLC player my default is Windows Media Player so I right-clicked - gt Open With - gt VLC Media Player the Windows Explorer window froze VLC froze while loading the file the taskbar froze but I was able to access other windows such as Windows Media Player and MS Word through alt tab After - minutes a message appeared about Data Execution Prevention and that explorer exe had been shut down in order to prevent data loss Some additional information - I have done virus and malware scans using Norton Malware Bytes and SuperAntiSpyware - my computer is clean - I m using SP I m reluctant to upgrade to SP because I was told that SP may conflict with Symantec products and wreck havoc - I recently upgraded DivX and downloaded the DivX Plus Codec Pack - For some reason I m unable to do System Restores - whenever it re-boots after attempting to restore it says that the restore has failed and that no changes have been made Any idea what the problem could be or steps I can take to better isolate diagnose the problem

A:Windows Explorer keeps closing

Make sure Norton is updated, and then run the SP3 Updater. I have never heard that Norton caused issues with SP3 upgrades. Can you point to a source that stated as such?

http://www.bleepingcomputer.com/forums/t/310608/windows-explorer-keeps-closing/
Relevancy 57.62%

Hi.

My problem is that when I leave my computer on and go away for a while that it goes to the welcome screen (not the problem). After I log back on windows explorer usually closes down. So the taskbar and all my icons are gone. It also happens during games sometimes.

Can someone help?

Also, My firefox keeps clearing my bookmarks and personal settings.Is there a way to fix that?

Thanks,
Kaku
 

A:Windows Explorer Keeps Closing

For your Firefox problem, try the following.
Start> Mozilla Firefox> Mozilla Firefox(Safe Mode). This starts Firefox without
any extensions and the default theme. If this solves the problem, then it is an
extension or theme effecting Firefox. If that doesn't help, create a new profile.
Your profile may have become corrupt.
 

https://forums.techguy.org/threads/windows-explorer-keeps-closing.515972/
Relevancy 57.62%

Hello everyone sorry to just beg for help on my first post but I keep getting a pop-up saying that Windows Explorer has encountered an error and needs to close It then reopens but then closing Windows Explorer keeps I get the same message again although it hasn't done it for a minute or too I ran HijackThis but I'm useless with anything technical so I'm hoping some very Windows Explorer keeps closing kind person can work out what on earth I've done to my computer This was the logfile Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System Windows Explorer keeps closing smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Intel Wireless Bin EvtEng exe C Program Files Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C PROGRA Grisoft AVG avgamsvr exe C PROGRA Grisoft AVG avgupsvc exe C PROGRA Grisoft AVG avgemc exe C Program Files Bonjour mDNSResponder exe C Program Files WIDCOMM Bluetooth Software bin btwdins exe C WINDOWS system IFXSPMGT exe C WINDOWS system IFXTCS exe C Program Files ProtectTools Embedded Security Software PSDsrvc EXE C Program Files Intel Wireless Bin RegSrvc exe C Program Files Hewlett-Packard Shared hpqwmiex exe C Program Files HPQ IAM bin asghost exe C Program Files ProtectTools Embedded Security Software PSDrt exe C PROGRA MOZILL FIREFOX EXE C WINDOWS system AccelerometerSt exe C Program Files hpq HP Wireless Assistant HP Wireless Assistant exe C Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Analog Devices SoundMAX Smax exe C Program Files Hewlett-Packard HP ProtectTools Security Manager PTHOSTTR EXE C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Intel Wireless Bin ifrmewrk exe C Program Files Nokia Nokia Software Launcher NSLauncher exe C Program Files Adobe Reader Reader Reader sl exe C Program Files Java jre bin jusched exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Analog Devices Core smax pnp exe C Program Files iTunes iTunesHelper exe C WINDOWS service exe C WINDOWS system ctfmon exe C Program Files Ares Ares exe C Program Files Nokia Nokia PC Suite PcSync exe C Program Files Veoh Networks Veoh VeohClient exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Mozilla Firefox firefox exe C Program Files WIDCOMM Bluetooth Software BTTray exe C PROGRA COMMON Nokia MPAPI MPAPI s exe C Program Files Common Files PCSuite Services ServiceLayer exe C PROGRA WIDCOMM BLUETO BTSTAC EXE C Program Files iPod bin iPodService exe C PROGRA HPQ Shared HPQTOA EXE C Program Files Common Files PCSuite Services NclBTHandler exe C PROGRA Grisoft AVG avgw exe C WINDOWS explorer exe C WINDOWS system svchost exe C Program Files HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO BitComet ClickCapture - F E - A- B A-BCAF- B BFDFEA - C Program Files BitComet tools BitCometBHO dll O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A ... Read more

A:Windows Explorer keeps closing

Hi ecmcd, welcome to TSF..

I've had a look at your log and you have some serious issues which need dealing with...however, this section of the forum is not the correct place to seek help.

Please read through this thread as it details the '5 Step Process' which we would like you to take so that we can be in a better position to assist you. Follow the instructions as best you can. If you have any problems with any of the steps, note down some details on the problem and go to the next step. On completion, you should have some log files which we would like you to attach to a new thread and post here, be sure to add as much information as possible regarding the problems you're having and any issues you may encounter when following the '5 Step Process'

http://www.techsupportforum.com/forums/f10/windows-explorer-keeps-closing-261404.html
Relevancy 56.76%

Hello All!
For some reason today my computer likes to close the internet browsers on it's own. I use IE- the version used in 2004. When i've been playing games, doing research, anything the windows close- all of them. And then a window opens to say i've chosen to end the unresponsive program and asking me to send an error report. I never chose to close the program, it happens on its own. Do I have too many things running at once or any other ideas? Thank you much :0)
 

A:Self-Closing Internet Explorer Windows

Hi let us have some Pc specs.
Make..model..hard drive size..free space..Installed Ram etc.
Installed Anti-virus and Spyware programs??
Check Task Manager to see what processes are running.
http://support.microsoft.com/kb/323527
 

https://forums.techguy.org/threads/self-closing-internet-explorer-windows.715090/
Relevancy 56.76%

I have a problem with Windows Explorer Every time I try to use Start Search as soon as i have tyed in one or two letters a window Closing Windows and Restarting Explorer pops us saying that explorer must close I have an option to search for a solution online which I do and then explorer closes and restarts The same thing happens when I try and access Administrative Tools from the Control Panel I have scoured the Microsoft website for help but found nothing Other than this the laptop is clean - no viruses etc I have tried to install Service Pack but it fails to install repeatedly NOt sure if the problems are connected Can anyone help please The laptop is a Gateway and has not had another problems at Windows Explorer Closing and Restarting all This is the what the error produces as detail Problem signature Problem Event Name APPCRASH Application Name explorer exe Application Version Application Timestamp deda Fault Module Name kernel dll Fault Module Version Fault Module Timestamp bd Exception Code c Exception Offset d da OS Version Locale ID Additional Information d aa Additional Information d c e bb aac af Additional Information d aa Additional Information d c e bb aac af

A:Windows Explorer Closing and Restarting

Hi -

The appcrash you listed had a 0xc0000005 exception - a memory access violation. The problem here is more than likely old and new drivers clashing - then you crash.

Your Windows Explorer executable file has a timestamp of 4907deda = Tue Oct 28 23:56:10 2008 and the MS kernel driver t/s is 4549bd80 = Thu Nov 02 05:42:24 2006.

The problem here is that your system is not updated with Vista SP1.

The installation of SP1 must be the top priority. Have you ever tried to install it? Has it shown in Windows Updates?

Regards. . .

jcgriff2

.

http://www.techsupportforum.com/forums/f217/windows-explorer-closing-and-restarting-341576.html
Relevancy 56.76%

Has anyone encountered a situation where an MPEG file will abruptly close a Windows Explorer window. The file will do this both over my network or while trying to access it from a CD on one of my computers. The PC that has the file on it has no problem with keeping it up on a Windows Explorer Window, or running it with a media program. Both computers are running the same version of Windows XP Professional. As soon as the folder is accessed over the network, Windows Explorer closes on the computer. The same situation occurs when the MPEG file is accessed by CD. The file has been scanned for viruses with multiple checkers, and seems fine. The MPEG file also plays fine in a portable DVD player. Any help would be appreciated, thanks in advance!
 

A:Windows Explorer abruptly closing

Welcome to TSG....

The MPEG file if it has a corruption in it it might play ok in a player but it might crash in a Windows environment. Have you tried this file on another computer that is either on the network and also off the network?

Can you open the MPEG file with an editor program to check to see if it is a good file? Try copying it from the CD-R or DVD to the hard drive to a special directory you have set up. If it does not copy then the file is no good.
 

https://forums.techguy.org/threads/windows-explorer-abruptly-closing.515789/
Relevancy 56.76%

Hey guys. I have this really big problem that has been bugging me for about a year. I'm sure I have no viruses, spyware , adware and I even checked no malware. I'm having the same problem as this person http://forums.techguy.org/malware-removal-hijackthis-logs/722359-solved-explorer-exe-crashes-everytime.html I've followed some of the things stated in that topic but I still can't manage to fix the crashing when opening my computer, recycle bin. And other things :S Please Help me.
 

https://forums.techguy.org/threads/explorer-exe-crashes-when-closing-windows.770355/
Relevancy 56.76%

Hi This one Closing Auto Windows Explorer will make ya brain fry My problem is this and it can happen at anytime I click to launch any program and it pops up and then autyomaticlly shuts its the same for anything lets say i have dreamweaver open and IE windows if the problemhits me I wont be able to open any other window what Explorer Windows Auto Closing so ever Explorer Windows Auto Closing the only way to get a new program or window open is to shut one of the window or programs that i already have open I have already friend up in the desktop memory dump but this didnt help This is a brand new laptop from dell with gigs ram I have run a hijackthis for you to see Logfile of HijackThis v Scan saved at on Platform Unknown Windows WinNT MSIE Internet Explorer v Running processes C Windows system taskeng exe C Windows system Dwm exe C Windows Explorer EXE C Program Files Windows Defender MSASCui exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C Windows sttray exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C Program Files Common Files Symantec Shared ccApp exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Windows Sidebar sidebar exe C Program Files Skype Phone Skype exe C Program Files Spark Spark exe C Program Files MSN Messenger msnmsgr exe C Program Files WIDCOMM Bluetooth Software BTTray exe C Program Files WinZip WZQKPICK EXE C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe C Program Files Windows Sidebar sidebar exe c Program Files WIDCOMM Bluetooth Software BtStackServer exe C Program Files Skype Plugin Manager skypePM exe C Program Files Hijackthis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www gravytrain-ltd com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer provided by Dell R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - c Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files BAE BAE dll O - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - C Program Files Common Files Symantec Shared coShared Browser UIBHO dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run Windows De... Read more

A:Explorer Windows Auto Closing

It's a bit tedious as a troubleshooting method, but often the only effective way to sort such things out.

Try "clean booting":

Run msconfig and select the "Services" tab. Check "Hide Microsoft Services" and then disable the rest. Also uncheck "load startup group" on the general page.

See this link for detailed information:
http://support.microsoft.com/kb/929135

Now restart and test the issue at hand

If no problems, run msconfig and recheck half the disabled items on the Services tab. Test again. If the problem recurs, UNcheck half the items you just checked to narrow down the culprit.

If the problem didn't occur, check the other half, so all the Services are enabled -- proceed to do this on the startup tab as well.

Get the idea? You want to isolate the problem to a specific startup if possible.

Note: if you already have items unchecked under msconfig > startups and are in “selective” startup mode – you should note what these are before beginning. They will need to be de-selected again.
 

https://forums.techguy.org/threads/explorer-windows-auto-closing.586706/
Relevancy 56.76%

I have scanned amp saved hundreds of family photos and am trying to reorder them so I don t have duplicates etc etc Windows Explorer closing random When doing this I get the quot Windows Explorer has enountered a problem amp has to close quot I click quot ok quot and it closes and then comes back with the normal home screen all icons present amp correct If I try to do the same file reordering it does it again so I can t finish what I started I understand that the most likely cause is a shell extension somewhere causing this to happen I have the shellxview programme which comes Windows Explorer random closing up with over shell extensions It was also suggested to disable some of them amp see if that solves the problem Can I disable ALL of Windows Explorer random closing them amp enable them one by one or will that just stop my computer working Which ones are more likely to cause this problem I also get Explorer closing when I go into a folder with avi s in it Is this related do you think Any help amp idiots guide will help greatly thanks Ian nbsp

https://forums.techguy.org/threads/windows-explorer-random-closing.1026254/
Relevancy 56.76%

Based on the following log can anybody help Ive run spybot AVG Explorer Keeps Closing And Windows Help! Restarting! Anti-virus AVG Anti Spyware and cleaned all the things that came up I checked event viewer and this is what i comes up with Event Type InformationEvent Source WinlogonEvent Category NoneEvent ID Date Time User Windows Explorer Keeps Closing And Restarting! Help! N AComputer TAVAROESN Description The shell stopped unexpectedly and Explorer exe was restarted For more information see Help and Support Center at http go microsoft com fwlink events asp HERE IS MY HIJACK THIS LOG Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Windows Explorer Keeps Closing And Restarting! Help! Program Files Grisoft AVG Anti-Spyware guard exeC PROGRA Grisoft AVG avgamsvr exeC PROGRA Grisoft AVG avgupsvc exeC PROGRA Grisoft AVG avgemc exeC Program Files Kontiki KService exeC Program Files NavNT rtvscan exeC Program Files Analog Devices SoundMAX SMAgent exeC Program Files O bin sprtsvc exeC Program Files Common Files Lenovo tvt reg monitor svc exeC Program Files Common Files Lenovo Scheduler tvtsched exeC PROGRA Xpoint xpadmin xpadmin exeC PROGRA Xpoint agent Xpagent exeC PROGRA Xpoint EEClient xpclient exec program files lenovo system update suservice exeC WINDOWS system cmd exeC PROGRA Xpoint SAS jre bin javaw exeC WINDOWS System svchost exeC Program Files Grisoft AVG avgcc exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Mozilla Firefox firefox exeC Program Files WinRAR WinRAR exeC WINDOWS system mmc exeC WINDOWS system taskmgr exeC Program Files Internet Explorer iexplore exeC WINDOWS system wuauclt exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL www npanet co ukR - HKCU Software Microsoft Internet Connection Wizard ShellNext http www npanet co uk O - HKLM Run IgfxTray C WINDOWS System igfxtray exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run Smapp C Program Files Analog Devices SoundMAX SMTray exeO - HKLM Run Rapid Restore C Program Files Xpoint PE Skin rrpcsb exeO - HKLM Run vptray C Program Files NavNT vptray exeO - HKLM Run PRONoMgr exe C Program Files Intel NCS PROSet PRONoMgr exeO - HKLM Run O quot C Program Files O bin sprtcmd exe quot P O O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUPO - HKLM Run AVG Anti-Spyware quot C Program Files Grisoft AVG Anti-Spyware avgas exe quot minimizedO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run ISUSPM Startup C PROGRA COMMON INSTAL UPDATE ISUSPM exe -startupO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run Persistence C WINDOWS System igfxpers exeO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run PRD C Program Files Pointstone System Cleaner SystemCleaner exe AfterRebootO - HKLM RunOnce SpybotDeletingC cmd c del quot C Program Files RegistryFix logs - - - - txt quot O - HKLM RunOnce SpybotDeletingA command c del quot C Program Files RegistryFix RegistryFixBackup zip quot O - HKLM RunOnce SpybotDeletingC cmd c del quot C Program Files RegistryFix RegistryFixBackup zip quot O - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'LOCAL SERVICE' O - HKUS S- - - Run AVG Run C PROGRA Grisoft AVG avgw exe RUNONCE User 'NETWORK SERVICE' O - HKUS S- - - Run CTFMON EXE C WINDOWS System CTFMON EXE User 'SYST... Read more

A:Windows Explorer Keeps Closing And Restarting! Help!

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Regards,

Rosty.

http://www.bleepingcomputer.com/forums/t/136481/windows-explorer-keeps-closing-and-restarting-help/
Relevancy 56.76%

(05/19/15)
     why do i keep seeing same error box telling me that Internet Explorer is shutting down & how can problem be fixed?><>?<><?

http://www.bleepingcomputer.com/forums/t/576717/windows-81-64-internet-explorer-keeps-closing/
Relevancy 56.33%

Evening everybody Got a small head-scratcher here I dual-boot Well I can't really say 'dual-boot' what would be the expression for nine OS's on the same machine Seven would be what septa-boot Eight octa-boot Nine well never mind I run Windows XP Professional and eight 'Puppies' I've had the copy of XP Pro for several years and I've lost track of the number of times I've re-installed it when everything starts slowing down Can't be bothered with doing all the investigation and repair guff I know the symptoms by now so it's quicker for me to re-install especially since I did a 'slipstreamed' SP disc quite some time ago I re-install - times a year the last occasion was back in March FYI I also run the 'Deskman' Powertoy multiple desktops for those of you who might not be aware of what it does I've got so used to virtual desktops in Linux it got so I was lost without them every time I booted into XP This time round everything has been behaving itself when around a fortnight ago I started getting a hiccup with Windows Explorer Every time I go into it it's all good I do what I need to do upon exiting however the system is now freezing up for a short time perhaps seconds or so followed by this message - 'Windows Explorer has encountered a problem and needs to close to protect your computer Windows computer'... protect your down to Explorer 'closing We Windows Explorer 'closing down to protect your computer'... are sorry for the inconvenience ' This disappears upon OK'ing it but the system remains frozen for perhaps another minutes then I get the same 'encountered a problem' message about the Dr Watson Post-mortem debugger Is this a regular problem I recall coming across this a long while ago when I was running a copy of XP Home back in it was constantly doing it Since switching to XP Pro a year or so later I've not had the problem until now I wonder if it's time to re-burn my slipstreamed XP SP disc It has had a Windows Explorer 'closing down to protect your computer'... fair bit of use Any information or suggestions will be much appreciated BTW What exactly does the Dr Watson Post-mortem debugger do write to the error logs Mike

A:Windows Explorer 'closing down to protect your computer'...

Windows XP explorer is more buggy then later versions of Windows OS explorer it does crash more often run Sfc /scannow command to repair any damage Windows system files. Also damage media file can cause this issue when Windows try to render the thumbnail for the damage media file Windows Explorer may froze or close disable viewing thumbnails to see problem will get resolves if it does then you will need to find out which media file is damage.
Open Control Panel. (Classic View)
Click on the System icon.
Click on the advanced system settings link.
Under Performance, click on the Settings button.
In the Visual Effects tab, uncheck "Show thumbnails instead of icons."
When the thumbnail view is enabled in Windows Explorer, it will generate thumbnails for your video files. If something goes wrong during this process, then Explorer may crash. Causes of failures can be corrupt media  files or buggy codec. Remove third party codec packs. Automatically diagnose and fix Internet Explorer or Windows applications when it freezes or stops responding caused by codecs when playing video files. Download Microsoft Fix it utility.
Buggy program extension can also make Windows Explorer crash or froze uninstall programs you installed before this issue started.

http://www.bleepingcomputer.com/forums/t/616444/windows-explorer-closing-down-to-protect-your-computer/
Relevancy 56.33%

Upon closing IE i get an error: C:\DOCUM~1\Lindee\Locals~1\Temp\eeaf_appcompat.txt

It is driving me crazy as it pops up all the time, I say to debug it, but it doesn't help. How can I fix it? Thanks.
 

A:Error closing Internet Explorer windows

possibly
http://www.microsoft.com/windowsxp/expertzone/chats/transcripts/04december16.mspx
have a read through this its interesting
 

https://forums.techguy.org/threads/error-closing-internet-explorer-windows.522274/
Relevancy 56.33%

Hey people again, this time the problem lies with my PC at home! Whenever I'm using Windows Explorer and just going through my Hard Drive, after a few mins i get the "windows explorer has encountered a problem" message and it closes the explorer window, the whole screen goes blue for a second and then the desktop comes back and the systray looks as if it's loading the icons again in the bottom right! I installed ZoneAlarm a couple of weeks ago and I don't know whether that's causing a problem/conflict but I've had to uninstall MSN because it just keeps logging out and logging in!

HELP!!

A:Windows Explorer Closing Error - Constantly

Set a restore point and back up any important data (you do this already right ). The we can try using the system file checker (ie sfc command). This will require your Windows CD and afterwards you will need to reinstall all your microsoft updates.

To do this simply go to the Run box on the Start Menu and type in:

sfc /scannow

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

As I said, make sure you back up and set a restore point.

Let me know how you go.

http://www.techsupportforum.com/forums/f10/windows-explorer-closing-error-constantly-143844.html
Relevancy 56.33%

Recently my McAfee anti virus software detected and deleted some trojans Since then i have run and re-run the most recent versions McAfee Ad-aware and Spybot to make sure the problem was gone None of these detected any problems but my windows explorer continues to crash unexpectedly and internet pages load extremely slow or closing explorer internet Windows and slow not at all I am running windows vista bit and here is my HiJack file thanks in advance for any help or advice you can give me Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot Windows explorer closing and slow internet mode Normal Running processes C Windows system Dwm exe Windows explorer closing and slow internet C Program Files DELL MediaDirect PCMService exe C Windows OEM Mon exe C Windows Windows explorer closing and slow internet System rundll exe C Windows System rundll exe C Program Files McAfee MSK mskagent exe C Program Files Dell Photo AIO Printer dlcxmon exe C Windows System rundll exe C Program Files Windows Mail WinMail exe C Program Files McAfee MPS mpsevh exe c PROGRA mcafee com agent mcagent exe C Windows system taskeng exe C Program Files Synaptics SynTP SynTPEnh exe C Windows ehome ehtray exe C Windows System rundll exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Common Files Nero Lib NMBgMonitor exe C Program Files AIM aim exe C Program Files DELL QuickSet quickset exe C Windows ehome ehmsas exe C Program Files Common Files Nero Lib NMIndexStoreSvr exe C Program Files Protector Suite QL psqltray exe C Program Files AIM aolsoftware exe C PROGRA MOZILL FIREFOX EXE C Windows system rundll exe C Windows system rundll exe C Windows Explorer EXE C Program Files uTorrent uTorrent exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer provided by Dell R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO testCPV - B - - A -AD -CBF A EFAF - no file O - BHO CDNSCacheObj Object - AE- - E F- F - F CC - C Windows Trntfiltr dll O - BHO no name - FECA - AD - E -A AD- B D FB DB - C Users Erik AppData Local Temp hgddc dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - c PROGRA mcafee VIRUSS scriptcl dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO Browser Address Error Redirector - CA C - B - E-A -A C DB F - C Program Files BAE BAE dll O - HKLM Run SigmatelSysTrayApp ProgramFiles SigmaTel C-Major Audio WDM sttray exe O - HKLM Run PCMService quot C Program Files Dell MediaDirect PCMService exe quot O - HKLM Run OEM Mon exe C Windows OEM Mon exe O ... Read more

A:Windows explorer closing and slow internet

"Bump!"
 

https://forums.techguy.org/threads/windows-explorer-closing-and-slow-internet.701346/
Relevancy 56.33%

Every time I navigate to my external HD, I get a DEP message followed by a program error message, then it just closes. I already tried turning off DEP, but I still get the error message and the same thing happens. I have tried the drive on another computer and it works fine. I've also done a virus scan and I had no viruses.

http://www.techsupportforum.com/forums/f10/windows-explorer-keeps-closing-itself-when-i-go-to-my-external-drive-226585.html
Relevancy 56.33%

Just in the last week or so, when I click on a linked page off of a page, it will open the link for 5 seconds, then POOF! it closes and I am back to the original page.

This is happening on almost every site I go to. I'm thinking it might be a setting under Internet Options | Tools, but can't figure it out.

I've done massive searching for something similar, but can't find anything.

Any ideas? I don't have Macromedia Flash installed, and possibly some of those "other little programs" that like to load themselves....could it be something like that?

I can provide links if needed, but I don't have this log file everyone seems to be using.

I'm running XP PRO SP2....and I run AdAware SE, AVG and Microsoft AntiSpyware.....

Thanks from a new poster!
Pam
 

https://forums.techguy.org/threads/internet-explorer-6-0-is-closing-my-linked-windows.352737/
Relevancy 56.33%

when i click on windows internet explorer it opens for less than a second an then closes straight away this happens when i use dial up or broadband im not to closing windows immediatly internet explorer sure whats goin on think i might have a virus im using a laptop now get on the net because oviously i cannot access the internet my hjack this log is below v help windows internet explorer closing immediatly would be greatly appreaciated im a bit of a novice in case you havent already guessed Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINDOWS System CTsvcCDA exe C WINDOWS System nvsvc exe C WINDOWS System svchost exe C WINDOWS SYSTEM ZoneLabs vsmon exe C Program Files QTbar QTBAR EXE C WINDOWS System MsPMSPSv exe C Program Files ZoneAlarm zonealarm exe C Program Files Messenger Blocker MessengerBlocker exe C WINDOWS explorer exe C Documents and Settings Connie Desktop My Media HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www hotmail com O - HKLM Run diagent quot C Program Files Creative SBLive Diagnostics diagent exe quot startup O - HKLM Run UpdReg C WINDOWS UpdReg EXE O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run ccRegVfy quot C Program Files Common Files Symantec Shared ccRegVfy exe quot O - HKLM Run AdaptecDirectCD quot C Program Files Roxio Easy CD Creator DirectCD DirectCD exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run TkBellExe C Program Files Common Files Real Update OB evntsvc exe -osboot O - HKLM Run CloneCDElbyCDFL quot C Program Files CloneCD ElbyCheck exe quot L ElbyCDFL O - HKLM Run CloneCDTray quot C Program Files CloneCD CloneCDTray exe quot O - HKLM Run LVCOMS C Program Files Common Files Logitech QCDriver LVCOMS EXE O - HKLM Run LogitechGalleryRepair C Program Files Logitech ImageStudio ISStart exe O - HKLM Run LogitechImageStudioTray C Program Files Logitech ImageStudio LogiTray exe O - HKLM Run updater C Program Files Common files updater wupdater exe O - HKLM Run elux c windows elux exe O - HKLM Run BCMSMMSG BCMSMMSG exe O - HKCU Run Apivision com QTbar C Program Files QTbar QTBAR EXE O - HKCU Run MsnMsgr quot C Program Files MSN Messenger MsnMsgr Exe quot background O - HKCU Run Eyeball Chat quot C Program Files Eyeball Eyeball Chat EyeballChat exe quot -min O - HKCU Run msmc C WINDOWS system msmc exe O - HKCU Run DealHelperDown quot C Documents and Settings Connie Local Settings Temp ms tmp quot O - HKCU Run RTEGPRS quot C Program Files Common Files RTE RTEGPRS exe quot tray O - Startup Messenger Blocker Real-time Protector lnk C Program Files Messenger Blocker MessengerBlocker exe O - Startup PalNetaware lnk C Paltalk pnetaware exe O - Global Startup GetRight - Tray Icon lnk C Program Files GetRight getright exe O - Global Startup LimeWire lnk C Program Files LimeWire LimeWire LimeWire exe O - Global Startup Logitech Desktop Messenger lnk C Program Files Logitech Desktop Messenger Program LDMConf exe O - Global Startup Microsoft Office lnk C Program Files Microsoft Office Office OSA EXE O - Global Startup Quicken Startup lnk C QUICKENW QWDLLS EXE O - Global Startup ZoneAlarm lnk C Program Files ZoneAlarm zonealarm exe O - Extra context menu item Download with GetRight - C Program Files GetRight GRdownload htm O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra context menu item Open with GetRight Browser - C Program Files GetRight GRbrowse htm O - Extra button Messenger HKLM O - Extra Tools menuitem Windows Messenger HKLM O - DPF D DB D - EC - A -BD - E E BB - http ak imgfarm... Read more

A:windows internet explorer closing immediatly

I'm not a hijack log expert, but I'd like to know if you're running a pop-up blocker? Possibly known as EMS FreeSurfer?
 

https://forums.techguy.org/threads/windows-internet-explorer-closing-immediatly.299512/
Relevancy 56.33%

The error message saysInternet explorer has stopped workingA problem has caused internet explorer to close and so on.I just got this computer yesterday. There wasn't a problem with internet explorer until I installed firefox, then I unstalled it. I'm sure firefox isn't the problem. I installed other software as well. What should I do?p.s. I scanned the computer using ad aware, and a-squared and avast antivirus!

A:Internet Explorer Keeps Closing In Windows Vista!

Internet Explorer will stop working almost all the time cause a conflict with a Plugin or Active X...Go to "MSconfig".Click on Start > Type in "Start Search" MSconfig" (no quotes) and hit Enter...Go to the Startup tab and look for "OmniPage" and uncheck it...Go to internet options...Start > Control panel > Left side of window click on classic view > Internet options.In "General" tab, and look for browsing history and click on "delete..." Delete all...Go to "Programs" tab and click on "Manage Add-ons". Add-ons are active-x controls that change the way Internet Explorer is used. These can be toolbars, plug-ins, and other code that can interfere with the operation of IE. Select any suspicious add-on names from the name list and select disable to prevent the add-on code from opening when IE is opened.Finally go click the "Advanced" tab. Remove the checkmark from "Enable third-party browser extensions (requires restart)", editAlso unchek "Enable memory protection to help mitigate online attacks".Restart and the error should not come back.These errors are probably caused by browser extensions that were added through spyware or adware.Maybe a look in here, and posting your log will help if this didn't.Hope it helps Mav

http://www.bleepingcomputer.com/forums/t/105717/internet-explorer-keeps-closing-in-windows-vista/
Relevancy 56.33%

Hi all my Windows Explorer keeps closing automatically after few seconds I open it I tried to repair my Windows installation but the situation remained the same Any help please This is my HiJackThis log file Logfile of Trend Micro HijackThis v BETA Scan saved at on Platform Windows XP SP WinNT Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C WINDOWS system inetsrv inetinfo exe C Program Files NVIDIA Corporation NetworkAccessManager Apache Group Apache bin apache exe C Program Files MySQL MySQL Server bin mysqld-nt exe C Program Files NVIDIA Corporation NetworkAccessManager closing Explorer few Windows seconds automatically after keeps bin nSvcLog exe C WINDOWS system nvsvc exe C WINDOWS system PSIService exe C Program Files Cyberlink Shared files RichVideo exe C Program Files Microsoft SQL Server Shared sqlwriter exe C Program Files UPHClean uphclean exe C Program Files NVIDIA Corporation NetworkAccessManager bin nSvcIp exe C Program Files Analog Devices Core smax pnp exe C Program Files Analog Devices SoundMAX Smax exe C Program Files VDOTool TBPanel exe C Program Files PowerDVD PDVDServ exe C Program Files Common Windows Explorer keeps closing automatically after few seconds Files Real Update OB realsched exe C WINDOWS System spool DRIVERS W X fppdis a exe C WINDOWS system LVCOMSX EXE C Program Files Logitech Video LogiTray exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files Java jre bin jusched exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Paint Shop Pro Photo X CorelIOMonitor exe C Program Files Common Files Corel Corel PhotoDownloader Corel Photo Downloader exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Logitech Video FxSvr exe C WINDOWS system ctfmon exe C PROGRA MESSEN Msmsgs exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Windows Live Messenger usnsvc exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Documents and Settings Chris Desktop HiJackThis v exe C WINDOWS system rundll exe C WINDOWS explorer exe C WINDOWS system NOTEPAD EXE R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - A E - F - C - - AAA DE - C WINDOWS system opnkLddb dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dll O - BHO no name - F B B B-C - E-A FF-AC A DE AC - C WINDOWS system ddcYqrOG dll O - Toolbar a... Read more

A:Windows Explorer keeps closing automatically after few seconds

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {A34E3369-4F92-40C1-9320-027559AAA6DE} - C:\WINDOWS\system32\opnkLddb.dll
O2 - BHO: (no name) - {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} - C:\WINDOWS\system32\ddcYqrOG.dll
O4 - HKLM\..\Run: [Messenger Sharing USN Journal Reader Service] tyadjy.exe
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKLM\..\RunServices: [Messenger Sharing USN Journal Reader Service] tyadjy.exe
O4 - HKCU\..\Run: [Messenger Sharing USN Journal Reader Service] tyadjy.exe
O20 - Winlogon Notify: ddcYqrOG - C:\WINDOWS\SYSTEM32\ddcYqrOG.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\opnkLddb.dll
C:\WINDOWS\system32\ddcYqrOG.dll
tyadjy.exe

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebyt...are_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingcomputer.com/comb...o-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

http://www.techsupportforum.com/forums/f284/windows-explorer-keeps-closing-automatically-after-few-seconds-261593.html
Relevancy 56.33%

I'm running win7 Ultimate on my Asus 32 bit netbook. I keep getting a pop-up box telling me Windows Explorer is closing and must restart. When I look at the details, I get the following---
Problem signature:
Problem Event Name: BEX
Application Name: Explorer.EXE
Application Version: 6.1.7601.17567
Application Timestamp: 4d6727a7
Fault Module Name: audiodev.dll_unloaded
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4ce7b722
Exception Offset: 6d00eb75
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

If I interpret this correctly, I think there is a problem with the AUDIODEV.DLL but I have no idea how to fix this. Please tell me if I'm on the right track and how I might proceed. Thanks

A:Windows Explorer repeatedly closing and restarting

audiodev.dll is an unwanted file that is known to cause problems. Though it's a microsoft stuff, I still suggest you to scan for malware.

Perform a full system scan using: Malwarebytes : Free anti-malware download and some other good anti virus software as well.

If this doesn't solve the problem, follow this guide: Troubleshoot Application Conflicts by Performing a Clean Startup

http://www.sevenforums.com/performance-maintenance/286410-windows-explorer-repeatedly-closing-restarting.html
Relevancy 56.33%

Every time I got to an explorer window that contains video files it says quot Windows Explorer with out Explorer keeps closing multimedia Windows files has encountered a problem and needs to close quot yada yada yada I can get it to go away by changing the view from quot Filmstrip quot or quot Thumbnails quot to quot Details quot but every time I try to open a video file it comes up with an error message so I'm assuming there is a problem with Video codecs or the Preview feature or something DivX Player works although the error message still is on-screen Media Player Classic won't work When Windows Explorer craps out the error message is this AppName Windows Explorer keeps closing out with multimedia files explorer exe AppVer ModName unknown ModVer Offset The following files will be included in this error report C DOCUME David LOCALS Temp e appcompat txt When Media Player Classic craps out the message is AppName mplayerc exe AppVer ModName unknown ModVer Offset The following will be included in this error report C DOCUME David LOCALS Temp a appcompat txt And sometimes DrWatson Postmortem Debugger will crap out with this EventType BEX P drwtsn exe P P b d a P dbghelp dll P P a P d P c P The following files will be included in this error report C DOCUME David LOCALS Temp WER d dir drwtsn exe mdmp C DOCUME David LOCALS Temp WER d dir appcompat txt What I've done so far I've run Virus and Malware scans with MalwareBytes Anti-Malware CyberDefender and AVG Anti-Virus and nothing has seemed to help I've deleted and re-added the shimgvw dll and that has not worked Tried to delete the quot Default quot setting in quot HKEY CLASSES ROOT SystemFileAssociations avi shellex PropertyHandler quot in RegEdit but I couldn't delete it Any help would be great because this is getting really annoying Thank you so much for your time Jrossmo

A:Windows Explorer keeps closing out with multimedia files

try uninstall and reinstall codec again. it might help.

http://www.techsupportforum.com/forums/f10/windows-explorer-keeps-closing-out-with-multimedia-files-284337.html
Relevancy 55.9%

I have several protective programs running..
like "Adware, Fix It 5,SpywareStopper"
but I haven't found any viruses...

When I run SpyBot, it comes up with about 23-25 entries AND I stall when I get to create a restore point. After a lon---g period of time the (not responding)
goes on.

Another problem is that WinRAR opens but closes unexpectedly...

Are these problems possibly related or do I have different issues???

Thanks for any help!
 

A:Creating a Restore Point & Windows XP Explorer Windows closing

http://forums.techguy.org/t110854.html Follow this link to Rollin Rog Security Tools It is hard to tell from your report exactly what spy ware programs you are running . Scroll down the page to Parasitic , Download Ad-Aware SE , Spy Bot Search and Destroy , Spy Ware Blaster . Setup and update according to the tutourials. Go to Panda Active Scan or other online virus scanner and run a scan . If you do not have an anti virus program aboard go to Grisoft AVG and download the personal free edition . Use these programs only for now and shut down any other spyware / malware programs you mayhave running . After using the programs from Rollin Rog Security Tools come back and let us know how things are now running .
 

https://forums.techguy.org/threads/creating-a-restore-point-windows-xp-explorer-windows-closing.272967/
Relevancy 55.9%

Hi all Basically the problem is in the title After using Windows Photo Gallery to look at photos when I close it it hangs Not Responding and if I try to interact closing when Gallery Photo hangs Windows explorer with the window I get a system message that Windows Explorer has stopped working I can leave that message unanswered and continue using Windows for a Windows explorer hangs when closing Photo Gallery while but the Windows explorer hangs when closing Photo Gallery system will eventually lock without any BSODs restarts or anything If I instead choose to close Windows Explorer it removes the taskbar and I am left with the desktop but without tools to start programs or restart shut down And if I ignore the prompt to close explorer or wait for it to respond and try to shut down it will show me the quot logging off quot screen forever without actually shutting down and only hard power off restart can help with Vista prompting me for a normal start or safe mode at next power up I tried avoiding using PG and using Live Photo Gallery instead I was editing some photos in Gimp and when saving a file Gimp hung with the same overall effect So I am not sure if the problem is in PG or somewhere else I ran sfc scannow or whatever that scan command is and it didn't find anything I'm not sure if the problems started right after a particular software install but I did update Kaspersky Internet Security to version the day before PG crashed for the first time that I can remember On two occasions the Problems and solutions lists Explorer problems which occurred within minutes from each other like this Description A problem caused this program to stop interacting with Windows Problem signature Problem Event Name AppHangB Application Name Explorer EXE Application Version Application Timestamp e da Hang Signature Hang Type OS Version Locale ID Additional Hang Signature da c fc aca a ba c c f Additional Hang Signature d Additional Hang Signature b f c ba a d eef f d Additional Hang Signature Additional Hang Signature da c fc aca a ba c c f Additional Hang Signature d Additional Hang Signature b f c ba a d eef f d Extra information about the problem Bucket ID Description A problem caused this program to stop interacting with Windows Problem signature Problem Event Name AppTermFailureEvent OS Version Locale ID Files that help describe the problem some files may no longer be available Explorer EXE atk kdmp Explorer EXE mu dmp Explorer EXE xml Version txt I believe the problem is reproducible and now I'm afraid of starting the photo gallery This is really frustrating as I need to sort several thousand photos from vacation and can't do it Otherwise the computer runs fine and does not exhibit any other major problems Reinstalling windows is the last option as this is the PC I use for work so I am trying to find a fix Thanks in advance Vit System specs Windows Vista Home Premium CPU Intel Q GB RAM GPU Nvidia GTe MB

A:Windows explorer hangs when closing Photo Gallery

Update:
Same now happened in the Windows Live Gallery: I was previewing photos and rotating some of them, so first it refused to rotate a couple suggesting they were opened by another program (they weren't) and then as I moved to another image, it showed "Saving..." and just hung there. Closing didn't help (and no messages that it was not responding). I used Task Manager to kill the process - the Live Gallery disappeared from the desktop but remained in the Task Manager processes. I was able to open another instance of Live Gallery and do some operations before it hung again. After killing it with Task Manager again, I had two processes in the Task Manager and none on the desktop. I closed all programs and tried logging off but it didn't log me off, the mouse was moving though. After restart, it turns out some programs didn't actually close (Firefox offered to recover a crashed session).

No error messages in Event viewer

I'll run checkdisk later as it is taking ages, but would appreciate suggestions. Thanks
Vit

http://www.vistax64.com/general-discussion/282930-windows-explorer-hangs-when-closing-photo-gallery.html
Relevancy 55.9%

The window in question is the Windows Explorer one. Everytime I click close, I get a message telling me that Windows Explorer stopped working or something. Anyway, it restarts on its own. This happens every time that I click close on a Windows Explorer windows. I have a feeling it's the new Windows Update that just finished installing. I've attached the Update History copy below.
Code:
Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB941833)

Installation date: &#8206;22/&#8206;05/&#8206;2008 12:07 AM

Installation status: Successful

Update type: Recommended

This update resolves reliability and application compatibility issues in Microsoft XML Core Services 4.0 Service Pack 2. By installing this update, you can achieve better reliability and application compatibility. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.

More information:
http://go.microsoft.com/fwlink/?LinkId=100281

Help and Support:
http://support.microsoft.com

 

Relevancy 55.9%

Greetings everyone There is a quite strange problem with my World of Warcraft that didn't occured before a certain windows reinstallation The problem is Explorer Warcraft World keeps its Windows and in of closing folder that my WoW keeps closing randomly without any error message and its folder does the same I tried out lots of things which worked temporarily but somehow this problem persists further and further I checked my computer with several antiviruses and antispywares with no succes they found nothing When this problem began WoW closed as if i had shut it down in Task Manager The game didn't save the changes i made while i was playing I first shut all windows services and it seemed to be working after a week the problem appeared again I said to World of Warcraft and its folder in Windows Explorer keeps closing myself that it must be a process killer so i renamed the Wow exe file to asd exe and World of Warcraft and its folder in Windows Explorer keeps closing the problem seemed World of Warcraft and its folder in Windows Explorer keeps closing to have been solved i didn't have any problem with WoW for two weeks but the problem occured again with a new thing Not only does WoW close itself but every single folder named quot World of Warcraft quot and i noticed that if there are other words beside quot World of Warcraft quot let's suppose quot World of Warcraft Trial quot the folder won't close And it happens to Windows Explorer not IE only If i open the quot World of Warcraft quot folder with Total Commander TCMD won't close And now WoW saves the changes when it closes as if i used alt f to close it I don't think it is a hardware related issue My memory cards are okay i checked them with memtest and no problems were found it can't be a videocard issue because other games don't close it can't be a motherboard issue because other programs should close if it was the case Maybe a HDD issue but i don't think a damaged hardware causes problem to only one program i bet it is an infection because i found some interesting processes in my system for example quot netchk exe quot when i launched it this program said the following quot Unable to kill process Wow exe quot This process is installed alongside the game quot Falcon quot i never heard of this game but what the hell was this nethck exe looking for in my system if a never installed this game So my process killer theory was right for a time because this thing didn't manage to close WoW because WoW was renamed to quot asd exe quot at that time i found also the process quot PSKILL EXE quot which is also a process killer Anyway i've created a video about these problems Here is the link http sizostore extra hu - - AVI and here is a Hijack This log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system ZoneLabs vsmon exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Lavasoft Ad-Aware AAWService exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files Lavasoft Ad-Aware AAWTray exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS system ctfmon exe C Program Files Windows Live Messenger msnmsgr exe C WINDOWS system spoolsv exe C Program Files Java jre bin jqs exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files Windows Live Contacts wlcomm exe C WINDOWS system wuauclt exe C Program Files Mozilla Firefox firefox exe C WINDOWS System svchost exe C Program Files Trend Micro HijackThis HijackThis exe O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO Windows Live Sign-in ... Read more

A:World of Warcraft and its folder in Windows Explorer keeps closing

I also noticed that when WoW closes itself a process named "wscript.exe" appears. after WoW is closed, it vanishes. not always does it appear, but at most of the cases it does

http://www.techsupportforum.com/forums/f100/world-of-warcraft-and-its-folder-in-windows-explorer-keeps-closing-386987.html
Relevancy 55.9%

no matter what I configure in Autoplay ...
- whenever I say "safely remove mass storage" (in my case it's a SD Card) the explorer window is closed
- it only stays open when I select another drive before "safe removal"
- it also stays open when I just pull the SD Card (unsafe remove)

the drive itself is a combined mass storage reader built into the Desktop PC and ist drive letters are always shown in the explorer

Is there a regkey to tell Windows to just let it open ?

A:inhibt windows explorer from closing when SD card removed

In its infinite wisdom Windows assumes the user is finished using File Explorer [renamed from Windows Explorer in Win7] and to save resources closes that window. It really doesn't bother me as I usually have two or more instances of File Explorer running anyway [for access to External USB HDDs].

http://www.eightforums.com/general-support/51062-inhibt-windows-explorer-closing-when-sd-card-removed.html
Relevancy 55.9%

Hi all I'm desperately looking for some help with regards to a Windows Explorer problem As in Windows files any open down closing in I whenever Document My Explorer the title Windows Explorer closes down all the time when opening pictures music or anything in My Docs I have restored to factory settings from the partition on the HDD and fully updated The recovery failed twice and updates failed twice and seemed to take hours too but finally I got there Then came the moment of truth opened My Pictures and bang closed again The first time it failed recovery it gave an error message about certain programs applications couldn't be Windows Explorer closing down whenever I open any files in My Document placed into memory as there is a I O failure or error I should of written it down in hindsight It was all a painfully slow procedure that took all day yesterday and some of this morning too The only thing I can think of is that maybe the HHD is starting to fail or maybe RAM issues although it is seeing the RAM that is installed Gb I would really appreciate some help here thanks for reading Martin

A:Windows Explorer closing down whenever I open any files in My Document

Hi all,

I thought I would follow up with my findings and solution to my Windows Explorer nightmare as I am quite pleased with myself for persevering and fixing it. It was right under my nose all along but it was just knowing how to go about it.

Basically, "Event Viewer" gave me all the information I needed. In the event tree I clicked on "Windows" then "Applications" which gave a list of apps with either a blue info icon to the left of the information, an exclamation mark in red for error or a yellow exclamation mark for warning. There were plenty of red error icons which I hoped would be logs of Windows Explorer closing down, and sure enough they were. On following the "Failing Application Path" c:\program files\ASUSWSShellExt64.dll I found the highlighted shell extension, Which is basically Asus Web Storage. I promptly uninstalled the program and have had no crashes whatsoever, yee haaaaa!

Hope this helps someone else someday as it almost blew my brains out

Martin.

http://www.sevenforums.com/software/366552-windows-explorer-closing-down-whenever-i-open-any-files-my-document.html
Relevancy 55.9%

Actually i don't know i am using Windows Professional SP2.
Nowadays whenever i open a folder in windows explorer, automatically windows explorer error comes, closing.
Can't able to open the drive directory[not in C drive] contains videos,movies,photos,...
Please help me how to solve this problem,
i am a beginner just bought a new PC experiencing this problem first time.
 

https://forums.techguy.org/threads/whenever-i-open-a-folder-windows-explorer-crashes-and-closing.892236/
Relevancy 55.9%

First my desktop changed to having color behind the text of my shortcuts then it whent white and said active desktop problem I think I have fixed Solved: Freezes and explorer System windows Help: Pop closing. Ups, this Second when I Solved: Help: Pop Ups, System Freezes and explorer windows closing. am exploring through my computer the windows will disappear as will all my desktop accept the screen graphic then it all reappears accept the explorer window This happen more often if I have two windows open Third when browsing I am getting a lot of pop ups Mainly from virus detection sites something tells me they won t help much Here is my log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS SYSTEM winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C Program Files Panda Security Panda Antivirus Firewall pavsrv exe C Program Files Panda Security Panda Antivirus Firewall AVENGINE Solved: Help: Pop Ups, System Freezes and explorer windows closing. EXE C WINDOWS system svchost Solved: Help: Pop Ups, System Freezes and explorer windows closing. exe C Program Files Panda Security Panda Antivirus Firewall TPSrv exe C WINDOWS system brss a exe C WINDOWS system spoolsv exe C WINDOWS system Brmfrmps exe C WINDOWS system cisvc exe C WINDOWS system CTsvcCDA exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE G PROGRA MOVIEL MOVIEL MOVIEL EXE C WINDOWS system nvsvc exe C Program Files Panda Security Panda Antivirus Firewall PsCtrls exe C Program Files Panda Security Panda Antivirus Firewall PavFnSvr exe C Program Files Common Files Panda Software PavShld pavprsrv exe c program files panda security panda antivirus firewall firewall PSHOST EXE C Program Files Panda Security Panda Antivirus Firewall PsImSvc exe C WINDOWS system svchost exe C Program Files Panda Security Panda Antivirus Firewall ApvxdWin exe C Program Files Panda Security Panda Antivirus Firewall WebProxy exe C Program Files DIGStream digstream exe C Program Files ESPNRunTime DIGServices exe C Program Files Common Files Real Update OB realsched exe G Program Files Movielink MovielinkManager Movielink User exe C Program Files Creative VoiceCenter AndreaVC exe C Program Files ScanSoft PaperPort pptd nt exe C Program Files Brother ControlCenter brctrcen exe C PROGRA MUSICM MUSICM mimboot exe C PROGRA MUSICM MUSICM mm tray exe C Program Files Microsoft IntelliPoint point exe C Program Files iRiver HSeries iHPDetect exe C PROGRA MUSICM MUSICM MMDiag exe C Program Files Adobe Adobe Acrobat Distillr acrotray exe C Program Files Brother Brmfcmon BrMfcWnd exe C Program Files MUSICMATCH Musicmatch Jukebox mim exe C Program Files Panda Security Panda Antivirus Firewall psimreal exe C WINDOWS SYSTEM cidaemon exe C WINDOWS SYSTEM cidaemon exe C Program Files Internet Explorer iexplore exe C Program Files Microsoft Office OFFICE OUTLOOK EXE C WINDOWS system ctfmon exe C Program Files Microsoft Office OFFICE WINWORD EXE C WINDOWS system WISPTIS EXE C WINDOWS explorer exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www espn go com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Adobe Acrobat Acrobat AcroIEFavClient dll O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKLM Run ... Read more

A:Solved: Help: Pop Ups, System Freezes and explorer windows closing.

https://forums.techguy.org/threads/solved-help-pop-ups-system-freezes-and-explorer-windows-closing.623650/
Relevancy 55.9%

I have autoplay completely disabled.
I realize that Windows Explorer (WE) will open if a new dvd, usb drive, etc is connected/inserted.

But 'I open' all of the WE windows I use but "Win7 64 will close that WE window if the thing is removed, even when it did NOT create/open it" !!

Anyone know how to disable this 'automatic' CLOSING of WE by Win 7??

Thanks for any help!! , this is a pain (and infinitely stupid on Win7's part) !!

A:How to stop Windows Explorer closing for removable Disks!

Unfortunately there is no feature built into windows 7 that can stop this from happening, there could be a 3rd party application somewhere. I personally think there was a-lot of stupidity on Microsoft side when they built windows explorer

Also Welcome to 7 Forums!!

http://www.sevenforums.com/general-discussion/148620-how-stop-windows-explorer-closing-removable-disks.html
Relevancy 55.47%

On Friday I began getting random pop-ups while surfing the web Doing a scan with Spybot it came up with two culprits Virtumonde and Virtumonde dll I tried cleaning it but they reappear Can you help Attached is the log file from HiJackThis Thanks --------------------------------------- Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows Virtumonde.dll Random Virtumonde, - Popups XP SP WinNT MSIE Internet Explorer Random Popups - Virtumonde, Virtumonde.dll v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System Random Popups - Virtumonde, Virtumonde.dll svchost exe C Applications Ad-Aware aawservice exe C WINDOWS system spoolsv exe C WINDOWS system DWRCS EXE C WINDOWS System GEARSec exe C Applications Common Framework FrameworkService exe C Applications McAfee VirusScan Mcshield exe C Applications McAfee VirusScan VsTskMgr exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Applications Ghost Agent PQV iSvc exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system DWRCST exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C Applications Common Framework UdaterUI exe C Applications Ghost Agent GhostTray exe C Applications Common Framework McTray exe C Program Files Java jre bin jusched exe C WINDOWS system ctfmon exe C Applications MSOffice OFFICE WINWORD EXE C Applications MSOffice OFFICE OUTLOOK EXE C Applications Mozilla Firefox firefox exe C Applications HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C APPLIC SPYBOT SDHelper dll O - BHO no name - AEFF A- BB - A- B-E B - no file O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO no name - EE - D - FF-B C- D F - C WINDOWS system qoMcdDWn dll file missing O - HKLM Run ATIPTA C Program Files ATI Technologies ATI Control Panel atiptaxx exe O - HKLM Run SetRefresh C Program Files Compaq SetRefresh SetRefresh exe O - HKLM Run Adobe Reader Speed Launcher quot C Applications Adobe Acrobat Reader Reader Reader sl exe quot O - HKLM Run ShStatEXE quot C Applications McAfee VirusScan SHSTAT EXE quot STANDALONE O - HKLM Run McAfeeUpdaterUI quot C Applications Common Framework UdaterUI exe quot StartedFromRunKey O - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exe O - HKLM Run Norton Ghost C Applications Ghost Agent GhostTray exe O - HKLM Run EPSON Stylus C Series C WINDOWS System spool DRIVERS W X E S I R EXE P quot EPSON Stylus C Series quot O quot USB quot M quot Stylus C quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Startup Adobe Gamma lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Startup Yahoo Widgets lnk C Program Files Yahoo Widgets YahooWidgets exe O - Extra context menu item E amp xport to Microsoft Excel - res C APPLIC MSOFFI Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra button Research - B - CC- C -B BE- C C A - C APPLIC MSOFFI OFFICE REFIEBAR DLL O - Extra button no name - DFB A - F - C -A - CAB FD A - C APPLIC SPYBOT SDHelper dll O - Extra 'Tools' menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C APPLIC SPYBOT SDHel... Read more

A:Random Popups - Virtumonde, Virtumonde.dll

I read on another website on Friday that if Virtumonde is not removed completely when you restart your computer it 're-establishes' itself. Not sure if it is true or not so I restarted my computer and ran HiJackThis again.

Here is the log file.

-------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:05 AM, on 05/06/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Applications\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Applications\Common Framework\FrameworkService.exe
C:\Applications\McAfee VirusScan 8.5\Mcshield.exe
C:\Applications\McAfee VirusScan 8.5\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Applications\Ghost 9.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Applications\Common Framework\UdaterUI.exe
C:\Applications\Ghost 9.0\Agent\GhostTray.exe
C:\Applications\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Applications\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\SPYBOT~1.5\SDHelper.dll
O2 - BHO: (no name) - {5AEFF21A-5BB5-417A-893B-E7B242591481} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {EE147371-7D07-40FF-B18C-7928D92F3528} - C:\WINDOWS\system32\qoMcdDWn.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Applications\Adobe Acrobat Reader 8.1.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Applications\McAfee VirusScan 8.5\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Applications\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Applications\Ghost 9.0\Agent\GhostTray.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\APPLIC~1\MSOFFI~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11... Read more

http://www.techsupportforum.com/forums/f284/random-popups-virtumonde-virtumonde-dll-246983.html
Relevancy 55.04%

Hi to all I'm sure a lot of people are annoyed with the same bug it apprently happens on all Windows editions When you open explorer and activate the preview pane using the button on the uper right to and preview re-opening How size pane of closing Windows 7 when keep - the the Explorer? you can define the size like any pane by clicking and draging the vertical border line But when you close explorer and open it again the size is not kept and the preview pane is very big you have to click and drag everytime to resize it It doesn't happen if you double-click on computer it only happens when you click on explorer icon which opens the libraries location the default location i'm not completly sure but i've only seen that in this way Windows 7 - How to keep the size of the preview pane when closing and re-opening Explorer? It seems that Explorer doesn't read correctly the REG BINARY of quot ReadingPaneSizer quot or maybe the values quot PageSpaceControlSizer quot or quot PreviewPaneSizer quot in the key quot HKCU Software Microsoft Windows CurrentVersion Explorer Modules GlobalSettings Sizer quot when it opens but it writes it apparently Windows 7 - How to keep the size of the preview pane when closing and re-opening Explorer? correctly when you manual resize the pane and the value isn't change before manual action even when explorer Windows 7 - How to keep the size of the preview pane when closing and re-opening Explorer? opens and display preview pane in a different size And the last thing when you open explorer activate preview pane resize preview pane deactivate it close explorer open explorer again activate preview pane the size is the good one preserved from previous explorer window So question is does someone know a way to fix this really annonying bug I can't activate the preview pane in default profile for my domain users if there is this bug Thanks for your help

https://social.technet.microsoft.com/Forums/en-US/569509ae-a37a-441f-8cc3-95d5231b171b/windows-7-how-to-keep-the-size-of-the-preview-pane-when-closing-and-reopening-explorer?forum=w7itproui
Relevancy 55.04%

Hi,
I'm running a Dell Inspiron 6400 with Windows XP Home on it.
My problem is as such:
When ever I close an explorer window, the taskbar and desktop icons disappear for a few seconds...Its quite annoying, and it also closes any other Windows I have open.
Programs don't seem to be affected...

Has anyone come across this problem? And are there any solutions?
Much thanks for any help rendered.
 

A:Taskbar and Desktop Icons Dissapear After Closing Explorer Windows.

*bump*
Can no one help me?
 

https://forums.techguy.org/threads/taskbar-and-desktop-icons-dissapear-after-closing-explorer-windows.601650/
Relevancy 54.61%

Bagle removed but explorer exe crashes after i close all open explorer exe windows sometime drwatson exe crshes too Explorer exe crshes when closing all windows on a regular basis it crashes always i had bagle but i removed i did closing after crashes explorer.exe a removed all windows regular on Bagle basis but not post in other forums this new issue i am adding hijackthis log i also have a online kaspersky log i am adding it here too after the hijackthis log thanks Logfile of HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C Bagle removed but explorer.exe crashes after closing all windows on a regular basis WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C Programmi Intel Wireless Bin S EvMon exe C WINDOWS system spoolsv exe C Programmi Grisoft AVG Anti-Spyware guard exe C Programmi WIDCOMM Bluetooth Software bin btwdins exe C Programmi Intel Wireless Bin EvtEng exe C PROGRA McAfee MSC mcmscsvc exe c programmi file comuni mcafee mna mcnasvc exe c PROGRA FILECO mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Programmi McAfee MPF MPFSrv exe C Programmi McAfee Bagle removed but explorer.exe crashes after closing all windows on a regular basis MSK MskSrver exe C Programmi Intel Wireless Bin RegSrvc exe C WINDOWS System PAStiSvc exe C WINDOWS system svchost exe C Programmi Intel Wireless Bin WLKeeper exe c PROGRA mcafee com agent mcagent exe C Programmi Synaptics SynTP SynTPEnh exe C Programmi Creative Mixer CTSVolFE exe C WINDOWS system dla tfswctrl exe C Programmi File comuni InstallShield UpdateService issch exe C Programmi Dell MediaDirect PCMService exe C Programmi Microsoft Office Office GrooveMonitor exe C Programmi Unlocker UnlockerAssistant exe C Programmi Intel Wireless bin ZCfgSvc exe C Programmi Intel Wireless Bin ifrmewrk exe C Programmi ATI Technologies ATI ACE cli exe C Programmi Babylon Babylon-Pro Babylon exe C Programmi Dell QuickSet Quickset exe C Programmi Grisoft AVG Anti-Spyware avgas exe C Programmi iTunes iTunesHelper exe C Programmi File comuni Real Update OB realsched exe C Programmi Google Google Desktop Search GoogleDesktop exe C Programmi iGv Discador iG exe C Programmi DAEMON Tools daemon exe C Programmi Java jre bin jusched exe C WINDOWS system ctfmon exe C PROGRA iGv sysbrand exe C Programmi Free Download Manager fdm exe C Programmi Curse CurseClient exe C Programmi Google Google Desktop Search GoogleDesktopIndex exe C Programmi SUPERAntiSpyware SUPERAntiSpyware exe C Programmi Spybot - Search amp Destroy TeaTimer exe C Programmi PC Connectivity Solution ServiceLayer exe C Programmi WIDCOMM Bluetooth Software BTTray exe C Programmi Digital Line Detect DLG exe C WINDOWS system wuauclt exe C Programmi Intel Wireless Bin Dot XCfg exe C PROGRA WIDCOMM BLUETO BTSTAC EXE C Programmi iPod bin iPodService exe C Programmi PC Connectivity Solution NclBTHandler exe C WINDOWS System svchost exe C PROGRA McAfee VIRUSS mcsysmon exe C Programmi ATI Technologies ATI ACE cli exe C Programmi Mozilla Firefox firefox exe C WINDOWS system taskmgr exe C WINDOWS explorer exe C Programmi WinRAR WinRAR exe C Documents and Settings lorenzo Desktop HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Bar http farejador ig com br ie R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search Default Page URL http www google it ig dell hl it amp c it amp ibd R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKLM Software Microsoft Internet Explorer Main Local Page R - HKCU Softw... Read more

http://www.techsupportforum.com/forums/f284/bagle-removed-but-explorer-exe-crashes-after-closing-all-windows-on-a-regular-basis-246772.html
Relevancy 54.18%

Hi I have a Maxtor G USB hard drive connected to my explorer closing help the all Please Windows - windows time computer full of video files categorized in folders My OS is WinXP home I have Mb of RAM Recently whenever I open certain folders through the OS on the external HD windows would give me a message saying nothing but that Windows XP had encountered a problem and needs to close the window It then closes the window and returns me to the desktop Sometimes it takes me to the quot restore your active desktop quot screen I tried copying the info that it gives me in the dialog box but Windows explorer windows closing all the time - Please help I can t Windows doesn t do this on any folder on the internal HD It does it mainly Windows explorer windows closing all the time - Please help with or four different folders and Windows explorer windows closing all the time - Please help I can t see any correlation between them that would make it do this So far I ve found a semi-useful workaround by changing the view in all of the folders on that drive to quot details quot view instead of thumbnails view but that only helps about of the time I ve also called Dell tech support but they weren t able to fix the problem Has anyone else had this problem Any attempt to help is appreciated My wife who mainly uses the external HD is getting really frustrated Thanks nbsp

A:Windows explorer windows closing all the time - Please help

^bump^ to see if anyone can help on Tuesday.
 

https://forums.techguy.org/threads/windows-explorer-windows-closing-all-the-time-please-help.148502/
Relevancy 53.75%

I have random popups and programs close as soon as i open them sometimes I m thinking its spyware but not sure I posted a HJT log Please help thanks Logfile of HijackThis v Scan saved at PM on Platform Windows closing POPUPS and XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C POPUPS and closing WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS System svchost exe C WINDOWS system ctfmon exe C Program Files QuickTime qttask exe C Program Files Microsoft ActiveSync WCESCOMM EXE C Program Files Stardock ObjectDock ObjectDock exe C WINDOWS explorer exe D Program Files Crazy Browser Crazy Browser exe C hijackthis HijackThis exe R - HKCU Software Microsoft Internet POPUPS and closing Explorer Main Start Page R - HKLM Software Microsoft Internet Explorer Main SearchAssistant about blank R - HKLM Software Microsoft Internet Explorer Main Start Page R - POPUPS and closing HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Internet Connection Wizard ShellNext http www ursinus edu R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - URLSearchHook no name - F - B - B B-C A - BEB BAD - C WINDOWS krwnwded dll O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO no name - E C - E - BCB-C - BAEA E C - C WINDOWS krwnwded dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton AntiVirus NavShExt dll O - Toolbar Search - DF A B - - - - DA D F - C WINDOWS krwnwded dll O - Toolbar no name - A C B -F - AAB- D C- EA F E - no file O - HKLM Run UserFaultCheck systemroot system dumprep -u O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run H PC Connection Agent quot C Program Files Microsoft ActiveSync WCESCOMM EXE quot O - Startup Stardock ObjectDock lnk C Program Files Stardock ObjectDock ObjectDock exe O - Global Startup Adobe Gamma Loader lnk C Program Files Common Files Adobe Calibration Adobe Gamma Loader exe O - Extra button no name - E - E - DDB- A F- AD - C WINDOWS system wuauclt dll O - Extra Tools menuitem Java - E - E - DDB- A F- AD - C WINDOWS system wuauclt dll O - Extra button AIM - AC E - - d -BC D- B D A DE - C Program Files AIM aim exe O - Broken Internet access because of LSP provider xfire lsp dll missing O - DPF DE BB -B - D- -BCD ED B EE Tpwin Control - http www crezio com test leeyunho AlwaysOn AlwaysOn CAB O - DPF D - B - E - - A EC - http ftp entica com EnLaunch SeM ssunit cab O - DPF D C -F - D -A F- E XML DOM Document - http ftp entica com EnLaunch ENPPY Install msxml cab O - DPF BED AC -E D - E -B A - FA F E XTools Control - http player bugs co kr install mv XTools cab O - DPF A B A - D - -ADA - C E UploadList Control - http mail daum net hanmail-ax hanmail cab O - DPF A DE - F- BA - FC-C E D EzLauncher Class - http ftp entica com EnLaunch ENPPY Install NPWebLaunch cab O - DPF BF - E - D E-B C-EDDECFFABDBC Bugs AoD Class - http img bugs co kr playerdll BugsLoader cab O - Protocol msnim - A - C - - F- E F - quot C PROGRA MSNMES msgrapp dll quot file missing O - Service iPodService - Apple Computer Inc - D Program Files ipod bin iPodService exe nbsp

Relevancy 52.89%

Ive been getting bursts of popups every ten or randomly popups, IE closing so minuites and my internet explorer randomly popups, IE randomly closing says it has a problem and needs to shut down every now and then heres my dss log and panda scan log Deckard's System Scanner v Run by HP Administrator on - - at Computer is in Normal Mode -------------------------------------------------------------------------------- -- HijackThis run as HP Administrator exe ------------------------------------ Logfile of HijackThis v Scan saved at popups, IE randomly closing PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS popups, IE randomly closing system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C Program Files Common Files Symantec Shared AppCore AppSvc exe C WINDOWS system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C WINDOWS system svchost exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C WINDOWS eHome ehmsas exe C Program Files Common Files Real Update OB realsched exe C Program Files QuickTime qttask exe C PROGRA Yahoo browser ybrwicon exe C WINDOWS sm hlpr exe C Program Files Common Files Symantec Shared ccApp exe C PROGRA Yahoo browser ycommon exe C PROGRA Yahoo YOP yop exe C Program Files iTunes iTunesHelper exe C Program Files Messenger msmsgs exe C WINDOWS system ctfmon exe C Program Files iPod bin iPodService exe C PROGRA Yahoo MESSEN ymsgr tray exe C WINDOWS system wuauclt exe C HP KBD KBD EXE C WINDOWS ALCXMNTR EXE C Program Files ATI Technologies ATI Control Panel atiptaxx exe c windows system hpsysdrv exe C Program Files Java jre bin jusched exe C Program Files Java jre bin jucheck exe C WINDOWS explorer exe C Documents and Settings HP Administrator Desktop dss exe C PROGRA HIJACK HP ADM EXE R - HKCU Software Microsoft Internet Explorer Main Default Page URL http ie redirect hp com svs rdr TY rm seconduser R - HKCU Software Microsoft Internet Explorer Main Default Search URL http ie redirect hp com svs rdr TY rm seconduser R - HKCU Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust search ie html R - HKCU Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com cust www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http att yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http att yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http red clientapps yahoo com cust www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http red clientapps yahoo com cust search ie html R - HKLM Software Microsoft Internet Explorer Main Search Page http red clientapps yahoo com cust www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http att yahoo com R - HKLM Software Microsoft Internet Explorer Search SearchAssistant http ie redirect hp com svs rdr TY rm seconduser R - HKCU Software Microsoft Internet Explorer SearchURL Default http red clientapps yahoo com cust www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TY rm seconduser R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO no name - E A - - D F-BEAE-D A C - C Program Files Common Files Symantec Shared coShared Browser NppBho dll O - BHO no name - C A - E- - - C E BEE... Read more

A:popups, IE randomly closing

Download ComboFix from one of these locations. Place it on your desktop.http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sect...s/ComboFix.exe

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/forums/f284/popups-ie-randomly-closing-159019.html
Relevancy 52.89%

My popup problem has been narrowed down Now I get popups only AFTER I have closed the browser These ads appear even after I reboot blocking access to the desktop Most of the ads are for spyware scanners -- and so whoever is sending my popups knows my interest In the title bar most of them say Ad-Microsoft Internet Explorer Sometimes I get popups that say a Trojan Horse e g After Browser Closing Popups Revop C has been found and it can be resolved by running AVG But minutes after running AVG I may get another very similar warning I wonder if AVG is partial cause of the problem I have run repeatedly NAV and AVG plus CWShredder Kill Me Spybot Ad-Aware and other so-called popup virus killers but these popups won t go away Here is my current HiJackThis log I would appreciate any comment on the log or on my problem in general Thanks Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C HP KBD KBD EXE C Program Files Iomega DriveIcons ImgIcon exe C Program Files NavNT vptray exe C ImageMate CompactFlash USB SandIcon Exe C PROGRA Logitech MOUSEW SYSTEM EM EXEC EXE C Program Files ScanSoft OmniPageSE opware exe C PROGRA Grisoft AVG avgcc exe C Program Files Common Files Real Update OB realsched exe C WINDOWS acyp exe C WINDOWS System ctfmon exe C Program Files Messenger msmsgs Popups After Browser Closing exe C Program Popups After Browser Closing Files Iomega AutoDisk AD KClient exe C Program Files Calendarscope cs exe C Program Files Quickenw QWDLLS Popups After Browser Closing EXE C Program Files Microsoft Office Office OSA EXE C PROGRA Grisoft AVG avgserv exe C Program Files MightyFax MFNTCTL EXE C Program Files NavNT defwatch exe C Program Files Common Files EPSON EBAPI SAgent exe C PROGRA Iomega System ActivityDisk exe C Program Files NavNT rtvscan exe C WINDOWS System svchost exe C WINDOWS System MsgSys EXE C WINDOWS System ulae exe C Program Files Outlook Express MSIMN EXE C Program Files Internet Explorer IEXPLORE EXE C WINDOWS System msiexec exe C My Download Files HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www washingtonpost com R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - HKLM Software Microsoft Internet Explorer Main Local Page C WINDOWS SYSTEM blank htm R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - Default URLSearchHook is missing O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run SystemTray SysTray Exe O - HKLM Run KBD C HP KBD KBD EXE O - HKLM Run PS C WINDOWS system ps exe O - HKLM Run Iomega Startup Options C Program Files Iomega Common ImgStart exe O - HKLM Run Iomega Drive Icons C Program Files Iomega DriveIcons ImgIcon exe O - HKLM Run vptray C Program Files NavNT vptray exe O - HKLM Run SandIcon C ImageMate CompactFlash USB SandIcon Exe O - HKLM Run EM EXEC C PROGRA Logitech MOUSEW SYSTEM EM EXEC EXE O - HKLM Run PowerPlan Calendar C Program Files PowerPlan Calendar PowerPlanCalendar exe false O - HKLM Run Omnipage C Program Files ScanSoft OmniPageSE opware exe O - HKLM Run AVG CC C PROGRA Grisoft AVG avgcc exe STARTUP O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run xcxi C WINDOWS acyp exe O - HKLM Run ulae C WINDOWS System ulae exe O - HKCU Run ctfmon exe C WINDOWS System ctfmon exe O - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot background O - HKCU Run Iomega Active Disk C Program Files Iomega AutoDisk AD KClient exe O - HKCU Run Calendarscope quot C Program Files Calendarscope cs exe quot O - HKCU Run LDM Pro... Read more

Relevancy 52.46%

If I open a page through a link on my current webpage and when I close the new page my original page closes too. All the browser pages shut down.

A:Closing popups closes browser?

are new pages opening in tabs or windows

http://www.techsupportforum.com/forums/f56/closing-popups-closes-browser-266613.html
Relevancy 52.46%

How exactly do you close all IE & windows explorer windows when needing to do so. For XP & 98 as well. Thanks everyone.
 

Relevancy 52.03%

I just got my new laptop a few months ago but recently it keeps playing up Limewire which I have now deleted kept opening even though I was closing it A popup which I assume is malware keeps asking me to download anti-spyware software or something along those lines malware, firefox, etc down with popups keeps closing Problems and my firefox keeps randomly closing Any help would be greatly appreciated This is my HiJackthis log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE c PROGRA mcafee com agent mcagent exe C Problems with malware, keeps closing down firefox, popups etc Program Files Synaptics SynTP SynTPEnh exe C Windows OEM Mon exe C Program Files Sigmatel C-Major Audio WDM sttray exe C Windows System rundll exe C Windows System rundll exe C Program Files Java jre bin jusched exe C Program Files Common Files Roxio Shared SharedCOM RoxWatchTray exe C Program Files Google Google Desktop Search GoogleDesktop exe C Windows System rundll exe C Program Files Dell MediaDirect PCMService exe C Program Files iTunes iTunesHelper exe C Program Files Dell Support Center bin sprtcmd exe C Program Files HybridTM IR A RC A exe C Windows ehome ehtray exe C Program Files Windows Live Messenger msnmsgr exe C Windows ehome ehmsas exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files Windows Media Player wmpnscfg exe C Users Sean svchost exe C Program Files Google Google Desktop Search GoogleDesktop exe C Windows System rundll exe C Program Files Kontiki KHost exe C Program Files Digital Line Detect DLG exe C Program Files Dell QuickSet quickset exe C Program Files Common Files Roxio Shared SharedCOM CPSHelpRunner exe c PROGRA mcafee msc mcuimgr exe C Windows system rundll exe C Windows system wuauclt exe C Program Files Mozilla Firefox firefox exe C Program Files limewire limewire exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www google co uk R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer provided by Dell R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyServer proxy equinoxsolutions com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Skype add-on mastermind - BF B-C D - d - A -A F BA C - C Program Files Skype Toolbars Internet Explorer SkypeIEPlugin dll O - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - c PROGRA mcafee msk mcapbho dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - c Program Files Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - c PROGRA mcafee VIRUSS scriptsn dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c progr... Read more

Relevancy 51.6%

File came from www seriall comDownloaded PiugInLab exeAlso found that Bloodhound is in system Logfile of HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC With Windows Need Help Popups Explorer WINDOWS system Ati evxx Need Help With Windows Explorer Popups exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSvcHst exeC Program Files Common Files Symantec Shared AppCore AppSvc exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Common Files Symantec Shared Need Help With Windows Explorer Popups ccSvcHst exeC WINDOWS system inetsrv inetinfo exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEc Program Files Microsoft SQL Server MSSQL MICROSOFTSMLBIZ Binn sqlservr exec Program Files Microsoft SQL Server Shared sqlwriter exeC WINDOWS System svchost exeC WINDOWS system SearchIndexer exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files ATI Technologies ATI ACE cli exeC Program Files Common Files Symantec Shared ccApp exeC Program Files iTunes iTunesHelper exeC Program Files ATI Multimedia main ATIDtct EXEC Program Files Google Google Talk googletalk exeC Program Files iPod bin iPodService exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS system ctfmon exeC Program Files amp amp EasyLogin EasyLogin exeC Program Files Common Files Palo Alto Software PAS Update exeC Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exeC Program Files Microsoft SQL Server Tools Binn sqlmangr exeC Program Files Windows Desktop Search WindowsSearch exeC Program Files Microsoft Office OFFICE ONENOTEM EXEC Program Files My Desktop Post Office My Desktop Post Office exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Internet Explorer iexplore exeC WINDOWS system ntvdm exeC Program Files Microsoft Office Office OUTLOOK EXEC Program Files Hijackthis HijackThis exeO - Toolbar SnagIt - FF E -ABDE- EB-B E-D AAB CABE - C Program Files TechSmith SnagIt SnagItIEAddin dllO - Toolbar Adobe PDF - -D C - - FA - E EAAC - C Program Files Adobe Acrobat Acrobat AcroIEFavClient dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - Toolbar Show Norton Toolbar - -F - -B -FBEE C B DF - C Program Files Common Files Symantec Shared coShared Browser UIBHO dllO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -DelayO - HKLM Run REGSHAVE C Program Files REGSHAVE REGSHAVE EXE AUTORUNO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run osCheck quot C Program Files Norton Internet Security osCheck exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run Symantec PIF AlertEng quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe quot a m quot C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A AlertEng dll quot O - HKCU Run ATI DeviceDetect C Program Files ATI Multimedia main ATIDtct EXEO - HKCU Run googletalk quot C Program Files Google Google Talk googletalk exe quot autostartO - HKCU Run C Program Files amp amp EasyLogin EasyLogin exe quot amp EasyLogin quot HIDEO - HKCU Run Yahoo Pager quot C Program Files Yahoo Messenger YahooMessenger exe quot -quietO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run amp EasyLogin quot C Program Files amp amp EasyLogin EasyLogin exe quot HIDEO - St... Read more

A:Need Help With Windows Explorer Popups

Hi,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthislog.

http://www.bleepingcomputer.com/forums/t/89445/need-help-with-windows-explorer-popups/
Relevancy 51.17%

Hello all Recently i have been having problems with numerous adverts opening up during Closing Exlorer Internet message error and Popups, internet usage Internet explorer closing itself without warning and I keep getting the error message Buffer Overrun Detected Any help would be greatly appreciated Heres my HijackThis Log Logfile of Trend Micro HijackThis v Scan saved at Popups, error message and Internet Exlorer Closing on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C PROGRA COMMON AOL ACS AOLacsd exe C WINDOWS system cisvc exe c APPS Powercinema Kernel TV CLCapSvc exe c APPS Powercinema Kernel CLML NTService CLMLServer exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files ATI Technologies ATI ACE cli exe C WINDOWS RTHDCPL EXE C Program Files Java jre bin jusched exe C Program Files Real RealPlayer RealPlay exe C Program Files Sonic DigitalMedia LE v MyDVD LE DetectorApp exe C WINDOWS runservice exe C Program Files Common Files InstallShield UpdateService issch exe C APPS Powercinema PCMService exe C Program Files QuickTime qttask exe C Program Files McAfee MBK McAfeeDataBackup exe C Program Files Windows Defender MSASCui exe C Program Files McAfee com Agent mcagent exe C WINDOWS system ctfmon exe C Program Files McAfee MBK MBackMonitor exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mna mcnasvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C Program Files McAfee VirusScan McShield exe C Program Files McAfee MPF MPFSrv exe C Program Files McAfee MSK MskSrver exe C WINDOWS system PnkBstrA exe C WINDOWS system PnkBstrB exe C WINDOWS system tcpsvcs exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files Common Files Ulead Systems DVD ULCDRSvr exe C Program Files Sonic DigitalMedia LE v MyDVD LE USBDeviceService exe c APPS Powercinema Kernel TV CLSched exe C WINDOWS system wscntfy exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files ATI Technologies ATI ACE cli exe C Program Files ATI Technologies ATI ACE cli exe C WINDOWS system cidaemon exe C WINDOWS System svchost exe C WINDOWS system rundll exe C Program Files Internet Explorer iexplore exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http www wanadoo co uk iesearch default htm R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www sky com portal site skycom home R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch O - Toolbar Wanadoo - B D- FD- -B C- A F EE - C PROGRA Wanadoo WSBar WSBar dll file missing O - HKLM Run IMJPMIG quot C WINDOWS IME imjp IMJPMIG EXE quot Spoil RemAdvDef Migration O - HKLM Run PHIME ASync C WINDOWS system IME TINTLGNT TINTSETP EXE SYNC O - HKLM Run PHIME A C WINDOWS system IME TINTLGNT TINTSETP EXE IMEName O - HKLM Run High Definition Audio Property Page Shortcut HDAShCut exe O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE cli exe quot runtime -Delay O - HKLM Run RTHDCPL RTHDCP... Read more

https://forums.techguy.org/threads/popups-error-message-and-internet-exlorer-closing.733611/
Relevancy 50.31%

Hello guys Can't popups and virtumonde of get rid You helped me greatly in the past and now I need your help again I have somehow got the Virtumonde trojan and can't get rid of it Spybot adaware and norton say they remove it but it keeps reappearing I am also prompted for quot windows XP disc quot on startup This computer came with XP installed i have recovery disks but no Windows disks Here is my Panda scan Incident Status Location Spyware Spyware Virtumonde Not disinfected C WINDOWS system urqnkji dll Spyware Cookie Atlas DMT Not disinfected C Documents and Settings Bobby Cookies bobby atdmt txt Spyware Cookie Doubleclick Not disinfected C Documents and Settings Bobby Cookies bobby doubleclick txt Spyware Cookie Server iad Liveperson Not disinfected C Documents and Settings Bobby Cookies bobby server iad liveperson txt Spyware Cookie Tribalfusion Not disinfected C Documents and Settings Bobby Cookies bobby tribalfusion txt Adware Adware Yazzle Not disinfected C Documents and Settings Bobby Local Settings Can't get rid of virtumonde and popups Temp TMP tmp Spyware Cookie Atlas DMT Not disinfected C Documents and Settings Christine Local Settings Temp Cookies christine atdmt txt Spyware Cookie Atwola Not disinfected C Documents and Settings Christine Local Settings Temp Cookies christine atwola txt Spyware Can't get rid of virtumonde and popups Cookie Doubleclick Not disinfected C Documents and Settings Christine Local Settings Temp Cookies christine doubleclick txt Adware Adware Yazzle Not disinfected C Documents and Settings Shellie Local Settings Temp TMP C tmp Spyware Spyware Virtumonde Not disinfected C WINDOWS system eakootij dll Spyware Spyware Virtumonde Not disinfected C WINDOWS system prmcpykb dll Here is my Hijack this main log Deckard's System Scanner v Run by Bobby on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Last known good configuration - - UTC - RP - System Checkpoint Backed up registry hives Performed disk cleanup -- HijackThis run as Bobby exe ----------------------------------------------- Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Adobe Photoshop Elements PhotoshopElementsFileAgent exe C Program Files Symantec AntiVirus DefWatch exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C Program Files Adobe Photoshop Elements PhotoshopElementsDeviceConnect exe C Program Files Common Files Sony Shared WMPlugIn SonicStageMonitoring exe C Program Files Sony Sony TV Tuner Library SMceMan exe C WINDOWS system svchost exe C Program Files Symantec AntiVirus Rtvscan exe C Program Files Common Files Sony Shared VAIO Entertainment Platform VCSW VCSW exe C Program Files Viewpoint Common ViewpointService exe C Program Files Sony Sony TV Tuner Library RM SV exe C WINDOWS system dllhost exe C WINDOWS ehome ehtray exe C Program Files Intel Intel Matrix Storage Manager iaanotif exe C WINDOWS eHome ehmsas exe C Program Files ATI Technologies ATI Control Panel atiptaxx exe C WINDOWS SOUNDMAN EXE C WINDOWS ALCWZRD EXE C Program Files Common Files Symantec Shared ccApp exe C WINDOWS System spool DRIVERS W X E FATI FA EXE C PROGRA ALLTEL SMARTB MotiveSB exe C PROGRA SYMANT VPTray exe C ... Read more

A:Can't get rid of virtumonde and popups

Hi, welcome to TSF!

Disable Spybot's TeaTimer. This is a two step process.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
______

Download combofix.exeSave it to your desktop.
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:In case you already used Combofix previously, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Do not post the ComboFix-quarantined-files.txt - unless I ask you to.
If your Antivirus software is detecting combofix or a part of it as a virus, please choose to ignore it as Antivirus products cannot determine the good/bad use of some softwares embedded in combofix.
______

Download RenV.exe

1. Download & double click to run it
2. a log file will be created. Please post all the contents of that log to your next reply.
On your next reply, please include aFresh HijackThis log.
combofix log
renv log

http://www.techsupportforum.com/forums/f100/cant-get-rid-of-virtumonde-and-popups-206377.html
Relevancy 50.31%

Unable to delete jkklj dll Have tried various Popups Virtumonde/ programs such as adware spybot spyware doctor AVG Keeps trying to install as a IE helper Running win XP sp pentiumIV ghz ThanksLogfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP Virtumonde/ Popups WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC PROGRA mcafee com vso mcvsshld exeC PROGRA mcafee com agent mcagent exeC PROGRA McAfee com PERSON MpfTray exec progra mcafee com vso mcvsescn exeC Program Files BillP Studios WinPatrol winpatrol exeC Program Files Spyware Doctor SDTrayApp exeC Program Files YourWare Solutions FreeRAM XP Pro FreeRAM XP Pro exeC PROGRA McAfee com PERSON MpfAgent exeC WINDOWS system devldr exeC WINDOWS System CTsvcCDA EXEC Program Files Google Common Google Updater GoogleUpdaterService exec program files mcafee com agent mcdetect exec PROGRA mcafee com agent mctskshd exec PROGRA mcafee com vso mcvsrte exeC PROGRA McAfee com PERSON MPFSERVICE exeC WINDOWS System nvsvc exeC Program Files Spyware Doctor svcntaux exeC Program Files Spyware Doctor swdsvc exeC WINDOWS System svchost exeC WINDOWS System MsPMSPSv exec PROGRA mcafee com vso mcshield exeC WINDOWS System alg exeC WINDOWS system ctfmon exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS System wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Search Bar about blankR - HKCU Software Microsoft Internet Explorer Main Start Page http news yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Search SearchAssistant about blankR - URLSearchHook OLE Part of - - no file O - Toolbar McAfee VirusScan - BA B -B - c -B - F F - c progra mcafee com vso mcvsshl dllO - HKLM Run VSOCheckTask quot c PROGRA mcafee com vso mcmnhdlr exe quot checktaskO - HKLM Run VirusScan Online quot c PROGRA mcafee com vso mcvsshld exe quot O - HKLM Run MCAgentExe c PROGRA mcafee com agent mcagent exeO - HKLM Run MCUpdateExe C PROGRA mcafee com agent McUpdate exeO - HKLM Run MPFExe C PROGRA McAfee com PERSON MpfTray exeO - HKLM Run WinPatrol C Program Files BillP Studios WinPatrol winpatrol exeO - HKLM Run SDTray quot C Program Files Spyware Doctor SDTrayApp exe quot O - HKCU Run FreeRAM XP quot C Program Files YourWare Solutions FreeRAM XP Pro FreeRAM XP Pro exe quot -winO - HKCU Run Microsoft Works Update Detection C Program Files Microsoft Works WkDetect exeO - Global Startup Google Updater lnk C Program Files Google Google Updater GoogleUpdater exeO - HKCU Software Policies Microsoft Internet Explorer Control Panel presentO - Extra button no name - B E C - FCB- CF-AAA - C - C WINDOWS System msjava dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C WINDOWS System msjava dllO - Extra button no name - - A- A - E -B C ECA - C Program Files Surfapps com PopThis Free Version PopThis dllO - Extra 'Tools' menuitem PopThis Options - - A- A - E -B C ECA - C Program Files Surfapps com PopThis Free Version PopThis dllO - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS System Shdocvw dllO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Wi... Read more

A:Virtumonde/ Popups

Hello skydevilace,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

http://www.bleepingcomputer.com/forums/t/118772/virtumonde-popups/
Relevancy 50.31%

Hey I'm having trouble removing Virtumonde I've done everything dictated in the tutorial I don't know what else to say I just get a pop-up about once every minutes or so Not terrible but still annoying Here is my Hijackthis log Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC - Popups Virtumonde Program Files Lavasoft Ad-Aware aawservice exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC Program Files Bonjour mDNSResponder exeC WINDOWS system Ati evxx exeC WINDOWS Explorer EXEC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system svchost exeC Program Files Hewlett-Packard Shared hpqwmiex Virtumonde - Popups exeC Program Files ATI Technologies ATI Control Panel atiptaxx exeC Program Files Hp HP Software Update HPWuSchd exeC Program Virtumonde - Popups Files Synaptics SynTP SynTPEnh exeC Program Files HPQ Quick Launch Buttons EabServr exeC PROGRA ALWILS Avast ashDisp Virtumonde - Popups exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC WINDOWS System svchost exeC Program Files AIM aim exeC Program Files mIRC mirc exeC Program Files Adobe Acrobat Reader AcroRd exeC Program Files Ventrilo Ventrilo exeC Program Files Mozilla Firefox firefox exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http ie redirect hp com svs rdr TYPE a n amp pf laptopR - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - HKLM Run ATIPTA quot C Program Files ATI Technologies ATI Control Panel atiptaxx exe quot O - HKLM Run HP Software Update C Program Files Hp HP Software Update HPWuSchd exeO - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exeO - HKLM Run eabconfg cpl C Program Files HPQ Quick Launch Buttons EabServr exe StartO - HKLM Run RecGuard C Windows SMINST RecGuard exeO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run acb aea rundll exe quot C WINDOWS system epojnfib dll quot bO - Global Startup Adobe Reader Speed Launch lnk C Program Files Adobe Acrobat Reader reader sl exeO - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dllO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button AIM - AC E - - d -BC D- B D A DE - C Program Files AIM aim exeO - Extra button no name - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dllO - Extra 'Tools' menuitem Spybot - Search amp Destroy Configuration - DFB A - F - C -A - CAB FD A - C PROGRA SPYBOT SDHelper dllO - Extra button Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - Extra 'Tools' menuitem Windows Messenger - FB F -F - d -BB E- C F - C Program Files Messenger msmsgs exeO - IERESET INF START PAGE URL http ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c Q amp bd pavilion amp pf laptopO - DPF - DD- - E - ADCA E - http www shizmoo com activex web cabO - Service Ad-Aware Service aawservice - Lavasoft AB - C Program Files Lavasoft Ad-Aware aawservice exeO - Service avast iAVS Control Service aswUpdSv - ALWIL Software - C Program Files Alwil Software Avast aswUpdSv exeO - Service Ati HotKey Poller - ATI Technologies Inc - C WINDOWS system Ati evxx exeO - Service avast Antivirus - ALWIL Software - C Program Files Alwil Software Avast ashServ exeO - Service avast Mail Scanner - ALWIL Software - C Program Files Alwil Software Avast ashMaiSv exeO - Service avast Web Scan... Read more

A:Virtumonde - Popups

Hello themuffinman857, I am SifuMike and I will be helping you. Let's run ComboFix. Disable your AVAST antivirus before using ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday. Disconnect from the Internet while running ComboFix. Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. 1. Download this file - combofix.exe to your Desktop. Note: It is important that it is saved directly to your desktop 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply. Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to. Do NOT run ComboFix more than once. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

http://www.bleepingcomputer.com/forums/t/119942/virtumonde-popups/
Relevancy 50.31%

I did a scan with McAfee Ad-aware spybot I deleted all I Getting Popups Keep (virtumonde) it found and follow all instructions I found on this website Now I have a HijackThis log have to post The things I found were I Keep Getting Popups (virtumonde) Virtumonde windows antivirusdisablenotify windows firewalldisablenotify Can you see if it's all gone Here is the log Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Alwil Software Avast aswUpdSv exeC WINDOWS Explorer EXEC Program Files Alwil Software Avast ashServ exeC WINDOWS StartupMonitor exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC PROGRA Sony SONICS SsAAD exeC Program Files Belgacom bin sprtcmd exeC WINDOWS SOUNDMAN EXEC PROGRA ALWILS Avast ashDisp exeC WINDOWS system RUNDLL EXEC WINDOWS system ctfmon exeC Program Files MSN Messenger msnmsgr exeC Program Files Kodak Kodak EasyShare software bin EasyShare exeC Program Files Kodak KODAK Software Updater Program Kodak Software Updater exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Grisoft AVG Anti-Spyware guard exeC WINDOWS system nvsvc exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Files Internet Explorer IEXPLORE EXEC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http www skynet be searchR - HKCU Software Microsoft Internet Explorer Main Start Page http www google be R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName KoppelingenR - URLSearchHook SweetIM For Internet Explorer - BC FFE -DE F- fa-B -AAD B F - C Program Files Macrogaming SweetIMBarForIE toolbar dll file missing O - Toolbar SweetIM For Internet Explorer - BC FFE -DE F- fa-B -AAD B F - C Program Files Macrogaming SweetIMBarForIE toolbar dll file missing O - HKLM Run NeroCheck C WINDOWS system NeroCheck exeO - HKLM Run SpeedTouch USB Diagnostics quot C Program Files Alcatel SpeedTouch USB Dragdiag exe quot iconO - HKLM Run Run StartupMonitor StartupMonitor exeO - HKLM Run DXM Patch C WINDOWS p exe Q AO - HKLM Run Adobe Photo Downloader quot C Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exe quot O - HKLM Run SsAAD exe C PROGRA Sony SONICS SsAAD exeO - HKLM Run Belgacom quot C Program Files Belgacom bin sprtcmd exe quot P BelgacomO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run NvMediaCenter RUNDLL EXE C WINDOWS system NvMcTray dll NvTaskbarInitO - HKCU Run CTFMON EXE C WINDOWS system ctfmon exeO - HKCU Run msnmsgr quot C Program Files MSN Messenger msnmsgr exe quot backgroundO - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'Lokale service' O - HKUS S- - - Run CTFMON EXE C WINDOWS system CTFMON EXE User 'Netwerkse... Read more

A:I Keep Getting Popups (virtumonde)

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Snake_death2My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Please disable Spybot S&D?s protection,or it will interfere.You can enable it after you're clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmPlease download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Now go to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hija... Read more

http://www.bleepingcomputer.com/forums/t/121385/i-keep-getting-popups-virtumonde/
Relevancy 50.31%

Hello, I think I have Virtumonde- I get popups, and web sites launch on their own... some thing is lowering IE security settings to allow all, I reset and it goes back and changes them. I clean the system and it comes back.I have tried Vundofix, combofix, VirtumundoBegone...ect. and it comes back. I have put the three or four main web sites in not trusted sites and IE still loades them ?any help would be great !Thank youPaul Edit: Moved topic to the more appropriate forum. ~ Animal

A:Virtumonde-popups... Can't Get Rid Of It

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

http://www.bleepingcomputer.com/forums/t/133279/virtumonde-popups-cant-get-rid-of-it/
Relevancy 50.31%

Hello all!

We are trying to fix a problem with our Internet Explorer on our Windows XP Home desktop computer. Whenever we open Internet Explorer and browse for a few seconds, a random advertisement pop-up will appear. It really slows our PC down and it takes a long period of time before we are able to close it. We have already ran Lavasoft Ad-Aware to no avail. Windows Defender also found nothing and said that our PC was "running normally". Does anybody have any other suggestions as to how we can fix this problem?

We also upgraded from the default Internet Explorer 6 to IE 7 and had the same problem.

Thanks in advance!

A:Random New Windows (popups) In Internet Explorer

It sounds like you are infected.The best way to clean your computer is to run a little program called HiJackThis. This program creates a log. Then you paste the log into the HiJackThis forum here at Bleeping Computer. An expert will help you get rid of the malware on your computer. It takes a little time, and it takes a little patience and you must be good at following instructions, as there will be some to follow. The following instructions will walk you through the process of creating a log:FIRSTRead the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.) NEXTPost your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.FINALLYIf, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.You are in good hands! Good luck!

http://www.bleepingcomputer.com/forums/t/116211/random-new-windows-popups-in-internet-explorer/
Relevancy 50.31%

it appears as though i picked up a virus by merely visiting a website i use firefox i never get pops-ups and now everytime i open firefox i get pop-ups and when i accidently clicked on one internet explorer windows popped up it was so fast i had to wait until it finished on top of that this virus has slowed down my computer and i cant access all of the websites i used to including gmail i used spybot but have mostly been using adware constantly ad-aware has found popups as internet which has NEVER firefox random explorer popups posing various things but still hasnt been able to find whatever this virus is i just ran a full adaware this morning it found some malicious objects removed them asked me to restart i did but then once i clicked on firefox popups galore everything slow to run and cant pull up all the websites i normally do so ad-aware is not working on this issue any thoughts help would be appreciated frustrated and as you can probably tell not particularly computer saavy thanks internet explorer popups posing as firefox which NEVER has random popups

A:internet explorer popups posing as firefox which NEVER has random popups

Hello lolacomp Welcome to TSF.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic,
as this one will be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

http://www.techsupportforum.com/forums/f50/internet-explorer-popups-posing-as-firefox-which-never-has-random-popups-347824.html
Relevancy 49.88%

Hello i have recently had a virtumonde virus as well as smitfraud-C to name the biggest I removed most of it with spybot superantispyware Mcafee and spysweeper i removed most of it but a few remnants still remain I still have popups whenever i am on the internet and not sure what else it Post-virtumonde Popups left thanks in advance jay ---------------------------------------------------------------------- Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost Post-virtumonde Popups exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Java jre bin jusched exe C Program Files iTunes iTunesHelper exe C Program Files McAfee com Agent mcagent exe Post-virtumonde Popups C Program Files Google Google Desktop Search GoogleDesktop exe C WINDOWS RTHDCPL EXE Post-virtumonde Popups C Program Files Spybot - Search amp Destroy TeaTimer exe C Documents and Settings -Jay- Local Settings Application Data Google Update GoogleUpdate exe C Program Files Logitech Desktop Messenger Program LogitechDesktopMessenger exe C Program Files Logitech SetPoint SetPoint exe C Program Files Martin Fuchs servicemgr exe C Program Files Google Google Desktop Search GoogleDesktop exe C Program Files Yahoo Widgets YahooWidgets exe C Program Files Common Files Logitech khalshared KHALMNPR EXE C Program Files Yahoo Widgets YahooWidgets exe C WINDOWS system cisvc exe C WINDOWS System svchost exe C Program Files McAfee SiteAdvisor McSACore exe C PROGRA McAfee MSC mcmscsvc exe c PROGRA COMMON mcafee mcproxy mcproxy exe C PROGRA McAfee VIRUSS mcshield exe C Program Files McAfee MSK MskSrver exe C WINDOWS system nvsvc exe C Program Files Webroot Spy Sweeper SpySweeper exe C WINDOWS system rundll exe C Program Files iPod bin iPodService exe C PROGRA McAfee VIRUSS mcsysmon exe C Program Files Mozilla Firefox firefox exe C WINDOWS system cidaemon exe C Program Files McAfee MBK McAfeeDataBackup exe C Program Files Mozilla Firefox firefox exe C Program Files Mozilla Firefox firefox exe C WINDOWS system msiexec exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Lavasoft Ad-Aware Ad-Aware exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Search Default Page URL www google com ig dell hl en amp client dell-usuk amp channel us amp ibd R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - URLSearchHook no name - CFBFAE - A - D - CB- C FD - no file O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - Toolbar STOPzilla - DED-A - F- BA-D F A B B - no file O - Toolbar McAfee SiteAdvisor Toolbar - EBBBE -BAD - B C- E A- ABECAE - c PROGRA mcafee SITEAD mcieplg dll O - HKLM Run dscactivate quot C Program Files Dell Support Center gs agent custom dsca exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime QTTask exe quot -atboottime O - HKLM Run Kernel and Hardware Abstraction Layer quot C WINDOWS KHALMNPR EXE quot O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AppleSyncNotifier quot C Program Files Common Files Apple Mobile Device Support bin AppleSyncNotifier exe quot O - HKLM Run iTunesHelper quot C Program Files iTunes iTunesHelper exe quot O - HKLM Run McENUI quot C PROGRA McAfee MHN McENUI exe quot hide O - HKLM Run mcagent exe quot C Program Files McAfee com Agent mcagent exe quot runkey O - HKLM Run Google Desktop Search quot... Read more

A:Post-virtumonde Popups

Hello Jay,

Welcome to the BleepingComputer Forums.
Since it has been a few days, please post a new HijackThis log.
Thank you for your patience.

http://www.bleepingcomputer.com/forums/t/167973/post-virtumonde-popups/
Relevancy 49.88%

my computer has been infected with the winantispyware popups for at least two days now and i am praying that someone here could help me destroy it I feel so foolish The following is a HijackThis Log I will be forever grateful to whoever can assist me Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exec Program Files Common Files Symantec Shared ccSetMgr exec Program Files Common Files Symantec Shared ccEvtMgr exeC Program Files Lavasoft Ad-Aware aawservice exeC windows system hpsysdrv exeC Program Files HP Digital Imaging Unload Popups/virtumonde Winantispyware hpqcmon exeC WINDOWS System hphmon exeC HP KBD KBD EXEC Program Files Common Files Symantec Shared ccApp exeC WINDOWS system spoolsv exeC WINDOWS LTMSG exeC WINDOWS ALCXMNTR EXEC Program Files Multimedia Card Reader shwicon k exeC Program Files MUSICMATCH MUSICMATCH Jukebox mmtask exeC WINDOWS System RUNDLL EXEC WINDOWS winshow exeC Program Files Unlocker UnlockerAssistant exeC Program Files HP Digital Imaging bin hpqtra exeC Winantispyware Popups/virtumonde Program Files Updates from Winantispyware Popups/virtumonde HP Program BackWeb- exeC Program Winantispyware Popups/virtumonde Files interMute SpamSubtract SpamSub exec Program Files Norton AntiVirus navapsvc exeC WINDOWS System nvsvc exeC Program Files Support com bin tgcmd exeC WINDOWS System wuauclt exeC Program Files Mozilla Firefox firefox exeC WINDOWS System svchost exeC Program Files Mozilla Firefox firefox exeC WINDOWS explorer exeC HJT HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page http home bellsouth net R - HKLM Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Start Page http us hpwis com R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhostO - Toolbar amp Radio - E - F- D - E- A C - C WINDOWS System msdxm ocxO - Toolbar HP View - B E - D D- DEB- B - D BCF F - c Program Files HP Digital Imaging bin hpdtlk dllO - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - c Program Files Norton AntiVirus NavShExt dllO - Toolbar BellSouth Toolbar - E BD F- B D- E- CBD-FD BB AAE E - C PROGRA BLSTOO BLSTOO DLLO - HKLM Run hpsysdrv c windows system hpsysdrv exeO - HKLM Run HotKeysCmds C WINDOWS System hkcmd exeO - HKLM Run CamMonitor c Program Files HP Digital Imaging Unload hpqcmon exeO - HKLM Run HPHUPD c Program Files HP B B-DCAB- - EE - F hphupd exeO - HKLM Run HPHmon C WINDOWS System hphmon exeO - HKLM Run KBD C HP KBD KBD EXEO - HKLM Run UpdateManager quot C Program Files Common Files Sonic Update Manager sgtray exe quot rO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run AutoTKit C hp bin AUTOTKIT EXEO - HKLM Run Recguard C WINDOWS SMINST RECGUARD EXEO - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS System NvCpl dll NvStartupO - HKLM Run nwiz nwiz exe installO - HKLM Run VTTimer VTTimer exeO - HKLM Run ccApp quot c Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run LTMSG LTMSG exe O - HKLM Run AlcxMonitor ALCXMNTR EXEO - HKLM Run P... Read more

A:Winantispyware Popups/virtumonde

Hi1. Download this file -combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in yournext reply with a fresh hjt log.Note:Do not mouseclick combofix's window whilst it's running. That may causeit to stall

http://www.bleepingcomputer.com/forums/t/112084/winantispyware-popupsvirtumonde/
Relevancy 49.88%

Symptoms started with Norton Internet security kept blinking at me saying an attack by Vundo trojan and Metajuan trojan had been blocked the attacks were quite often I d guess that not all attacks were blocked as I now get a lot of pop ups when using internet explorer usually the same sites crush calculator I figure something must be on the inside telling the outside Virtumonde Popups Aftermath to attack Norton antivirus updated full system scan picks up absolutely nothing --------------------------------------------------------------------------------------------------------- Bit defender picks up nothing -------------------------------------------------------------------------------------------------------- Spybot picks up virtumonde --- Spybot - Search amp Destroy version build --- --- Search result list --- Microsoft WindowsSecurityCenter disabled SBI E C A Settings Registry change fixed HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services wscsvc Start Virtumonde SBI User settings Registry key fixed HKEY USERS S- - - - - - Virtumonde Aftermath Popups - Software Microsoft rdfa Virtumonde SBI E CD Settings Registry key fixed HKEY LOCAL MACHINE SOFTWARE Microsoft aoprndtws Virtumonde SBI F D Settings Registry key fixed HKEY USERS S- - Virtumonde Aftermath Popups - - - - - Software Microsoft aldd DoubleClick SBI Virtumonde Aftermath Popups CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed FastClick SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed AdRevolver SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed AdRevolver SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed Zedo SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed BurstMedia SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed Spybot rescan after reboot showed reappearance of virtumonde --- Spybot - Search amp Destroy version build --- --- Search result list --- Microsoft WindowsSecurityCenter disabled SBI E C A Settings Registry change nothing done HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services wscsvc Start Virtumonde SBI User settings Registry key nothing done HKEY USERS S- - - - - - - Software Microsoft rdfa Virtumonde SBI E CD Settings Registry key nothing done HKEY LOCAL MACHINE SOFTWARE Microsoft aoprndtws Virtumonde SBI F D Settings Registry key nothing done HKEY USERS S- - - - - - - Software Microsoft aldd ---------------------------------------------------------------------------------------------------------- Vundofix VundoFix V Checking Java version Scan started at p m Listing files found while scanning C WINDOWS system nnxykvqn dll Beginning removal Attempting to delete C WINDOWS system nnxykvqn dll C WINDOWS system nnxykvqn dll Has been deleted Performing Repairs to the registry Done Vundofix rescan showed the vundo is gone but I still am getting the popup symptoms ------------------------------------------------------------------------------------------------------------ Security task manager says I still have worrying processes going on fool dll C WINDOWS system fool dll DLL - tustr dll C WINDOWS system tustr dll Internet when Internet Explorer starts Browser Extension - ieso dll C WINDOWS system ieso dll Internet when Internet Explorer starts IEHlprObj IEHlprObj Browser Extension - xicnqlkf dll C WINDOWS system xicnqlkf dll DLL when Windows starts Registry Machine Run - I got security task manager to kill process and quarantine but it only worked on the last one and not the first So I m guessing I m just left with fool dll C WINDOWS system fool dll DLL - tustr dll C WINDOWS system tustr dll Internet when Internet Explorer starts Browser Extension - ieso dll C WINDOWS system ieso dll Internet when Internet Explorer starts IEHlprObj IEHlprObj Browser Extension ------------------------------------------------------------------------------------------------------------ Hijack this log Logfile of Trend Micro HijackThis v Scan saved at p m on Platform Windows XP SP WinNT MSIE In... Read more

A:Virtumonde Aftermath Popups

-------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------

Okay I ran combofix which got rid of another of the processes i was worried about: tustr.dll

So I'm left with:
fool0.dll
100%
C:\WINDOWS\system32\fool0.dll DLL -

ieso0.dll
92%
C:\WINDOWS\system32\ieso0.dll Internet
when Internet Explorer starts IEHlprObj.IEHlprObj.1 (Browser Extension)

-------------------------------------------------------------------------------------------------------------------------

COMBOFIX LOG
ComboFix 08-02-20.2 - Jimmy 2008-02-20 13:41:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446 [GMT 13:00]
Running from: C:\Documents and Settings\Jimmy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tustr.dll
C:\Autorun.inf
C:\WINDOWS\system32\micr0st.dll
C:\WINDOWS\system32\mlllm.ini
C:\WINDOWS\system32\mlllm.ini2
C:\WINDOWS\system32\rtsut.ini
C:\WINDOWS\system32\rtsut.ini2
C:\WINDOWS\system32\tustr.dll
C:\WINDOWS\system32\yrillrbk.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 22:57 . 2008-02-19 22:57 294 --ahs---- C:\WINDOWS\system32\hkgpelss.ini
2008-02-19 21:44 . 2008-02-19 21:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-19 08:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-19 08:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-18 23:00 . 2008-02-19 21:05 474 --ahs---- C:\WINDOWS\system32\fklqncix.ini
2008-02-18 21:53 . 2007-07-01 16:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-18 21:53 . 2007-12-07 15:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-18 21:53 . 2007-12-07 15:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-18 21:53 . 2007-12-07 15:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-18 21:53 . 2007-12-07 00:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-18 21:52 . 2007-12-07 15:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-18 21:52 . 2007-07-01 16:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-18 21:52 . 2007-12-07 15:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-18 21:52 . 2007-12-07 15:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-18 20:56 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-18 20:56 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-18 18:22 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002372_.tmp
2008-02-18 16:48 . 2008-02-18 16:48 278,927,592 --a------ C:\WindowsXP-KB835935-SP2-ENU.exe
2008-02-18 15:06 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-02-18 15:06 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-02-18 14:37 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-02-18 14:05 . 2002-08-30 01:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-18 14:04 . 2002-08-30 01:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-18 14:03 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-02-18 14:03 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll
2008-02-18 13:59 . 2008-02-18 13:59 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-18 13:59 . 2008-02-18 13:59 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-18 13:59 . 2008-02-18 13:59 749 -rah----- C:\WINDOWS\system32\sapi.cpl.m... Read more

http://www.techsupportforum.com/forums/f284/virtumonde-aftermath-popups-222766.html
Relevancy 49.88%

Hi This is my first time posting in this forum I really Popups Virtumonde/advancedcleaner need help I followed Virtumonde/advancedcleaner Popups the preparation guide but it does not seem to completely rid my computer of the problem Everytime my computer restarts after the quot cleaning quot with AdAware the popups Virtumonde/advancedcleaner Popups return AdAware is always detecting quot virtumonde quot and an ad for AdvancedCleaner pops up at random I've noticed that the Virtumonde/advancedcleaner Popups problems begin after I've opened up FireFox Here is my HijackThis logfile Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system Ati evxx exeC WINDOWS system spoolsv exeC Program Files IOGEAR Bluetooth Software bin btwdins exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files Spyware Doctor pctsAuxs exeC PROGRA McAfee com Agent mcagent exeC Program Files SiteAdvisor SAService exeC WINDOWS System svchost exeC WINDOWS System MsPMSPSv exeC WINDOWS system svchost exeC Program Files Linksys Wireless-G USB Wireless Network Monitor WLService exeC Program Files Linksys Wireless-G USB Wireless Network Monitor WUSB GSv exeC WINDOWS system fxssvc exeC WINDOWS system S apphk exeC Program Files iTunes iTunesHelper exeC Program Files Spyware Doctor pctsTray exeC Program Files iTunes iTunesHelper exeC Program Files Spyware Doctor pctsTray exeC Program Files IOGEAR Bluetooth Software BTTray exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Spyware Doctor pctsSvc exeC PROGRA IOGEAR BLUETO BTSTAC EXEC Program Files iPod bin iPodService exeC Program Files Yahoo Widgets YahooWidgetEngine exeC Program Files Yahoo Widgets YahooWidgetEngine exeC PROGRA McAfee VIRUSS mcsysmon exeC Program Files Yahoo Widgets YahooWidgetEngine exeC WINDOWS System alg exeC WINDOWS system rundll exec PROGRA COMMON mcafee mna mcnasvc exeC Program Files McAfee MSC mcuimgr exeC WINDOWS explorer exeC PROGRA MOZILL FIREFOX EXEC Program Files Trend Micro HijackThis HijackThis exeC WINDOWS System wbem wmiprvse exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKCU Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKCU Software Microsoft Internet Explorer Main Start Page https boris blinn edu R - HKLM Software Microsoft Internet Explorer Main Default Page URL http us hpwis com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Bar http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Search Page http srch-us hpwis com R - HKLM Software Microsoft Internet Explorer Main Start Page http us hpwis com R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch http srch-us hpwis com F - REG win ini load C WINDOWS system sstqr exeO - Toolbar amp hp toolkit - B E - D D- DEB- B - D BCF F - C HP EXPLOREBAR HPTOOLKT DLLO - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dllO - Toolbar McAfee SiteAdvisor - BF - F - - - FE E AA - C Program Files SiteAdvisor SiteAdv dllO - HKLM Run S apphk S apphk exeO - HKLM Run Tweak UI RUNDLL EXE TWEAKUI CPL TweakMeUpO - HKLM Run AlcxMonitor ALCXMNTR EXEO - HKLM Run SunJavaUpdateSched C Program Files Java j re bin jusched exeO - HKLM Run ... Read more

A:Virtumonde/advancedcleaner Popups

Hello droopytx,We will run ComboFix. You need to disable your McAfee Antivirus, Spybot Teatimer and Spyware Doctor before running ComboFix, as they will prevent it from running. To disable McAfee Virusscan: Please navigate to the system tray on the bottom right hand corner and look for a sign.right-click it -> chose "Exit."a popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.You succesfully disabled the McAfee Guard.To disable Spyware Doctor from running on your system startup:1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.2. Click the "Settings" button on the left side.3. Click the "Startup Settings" link.4. Uncheck "Run at Windows Startup".5. Click the "Apply" button.To disable Spybot's Teatimer: Run Spybot-S&D Go to the Mode menu, and make sure "Advanced Mode" is selected On the left hand side, choose Tools -> Resident Uncheck "Resident TeaTimer" and OK any prompts Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Be sure to install the Windows XP Recovery Console in case you have not installed it yet. <== IMPORTANT Post the ComboFix log.

http://www.bleepingcomputer.com/forums/t/131703/virtumondeadvancedcleaner-popups/
Relevancy 49.88%

Symptoms started with Norton Internet security kept blinking at me saying an attack by Vundo trojan and Metajuan trojan had been blocked the attacks were quite often I d guess that not all attacks were blocked as I now get a lot of pop ups when using internet explorer usually the same sites crush calculator I figure something must be on the inside telling the outside to attack Norton antivirus updated full system scan picks up absolutely nothing ---------------------------------------------------------------------------------------------------------Bit defender picks up nothing--------------------------------------------------------------------------------------------------------Spybot picks up virtumonde--- Spybot - Search amp Destroy Aftermath Virtumonde Popups version build ------ Search result list ---Microsoft WindowsSecurityCenter disabled SBI E C A Settings Registry change fixed HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services wscsvc StartVirtumonde SBI User settings Registry key fixed HKEY USERS S- - - - - - - Software Microsoft rdfaVirtumonde SBI E CD Settings Registry key fixed HKEY LOCAL MACHINE SOFTWARE Microsoft aoprndtwsVirtumonde SBI Virtumonde Aftermath Popups F D Settings Registry key fixed HKEY USERS S- - - - - - - Software Microsoft alddDoubleClick SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed FastClick SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed AdRevolver SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed AdRevolver SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed Zedo SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed BurstMedia SBI CDCC D Tracking cookie Internet Explorer Jimmy Cookie fixed Spybot rescan after reboot showed reappearance of virtumonde--- Spybot - Search amp Destroy version build ------ Search result list ---Microsoft WindowsSecurityCenter disabled SBI E C A Settings Registry change nothing done HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services wscsvc StartVirtumonde SBI User settings Registry key nothing done HKEY USERS S- - - - - - - Software Microsoft rdfaVirtumonde SBI E CD Settings Registry key nothing done HKEY LOCAL MACHINE SOFTWARE Microsoft aoprndtwsVirtumonde SBI F D Settings Registry key nothing done HKEY USERS S- - - - - - - Software Microsoft aldd----------------------------------------------------------------------------------------------------------VundofixVundoFix V Checking Java version Scan started at p m Listing files found while scanning C WINDOWS system nnxykvqn dllBeginning removal Attempting to delete C WINDOWS system nnxykvqn dllC WINDOWS system nnxykvqn dll Has been deleted Performing Repairs to the registry Done Vundofix rescan showed the vundo is gone but I still am getting the popup symptoms ------------------------------------------------------------------------------------------------------------Security task manager says I still have worrying processes going on fool dll C WINDOWS system fool dll DLL -tustr dll C WINDOWS system tustr dll Internet when Internet Explorer starts Browser Extension -ieso dll C WINDOWS system ieso dll Internet when Internet Explorer starts IEHlprObj IEHlprObj Browser Extension -xicnqlkf dll C WINDOWS system xicnqlkf dll DLL when Windows starts Registry Machine Run -I got security task manager to kill process and quarantine but it only worked on the last one and not the first So I m guessing I m just left with fool dll C WINDOWS system fool dll DLL -tustr dll C WINDOWS system tustr dll Internet when Internet Explorer starts Browser Extension -ieso dll C WINDOWS system ieso dll Internet when Internet Explorer starts IEHlprObj IEHlprObj Browser Extension ------------------------------------------------------------------------------------------------------------Hijack this logLogfile of Trend Micro HijackThis v Scan saved at p m on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS... Read more

A:Virtumonde Aftermath Popups

ComboFix 08-02-24.2 - Jimmy 2008-02-24 20:02:41.4 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.453 [GMT 13:00]Running from: C:\Documents and Settings\Jimmy\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))).2008-02-24 19:54 . 2008-02-24 19:53 151,234 -r-hs---- C:\bicsxk03.com2008-02-19 22:57 . 2008-02-19 22:57 294 --ahs---- C:\WINDOWS\system32\hkgpelss.ini2008-02-19 21:44 . 2008-02-19 21:44 0 --a------ C:\WINDOWS\nsreg.dat2008-02-19 08:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll2008-02-19 08:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui2008-02-18 23:00 . 2008-02-19 21:05 474 --ahs---- C:\WINDOWS\system32\fklqncix.ini2008-02-18 21:53 . 2007-07-01 16:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui2008-02-18 21:53 . 2007-12-07 15:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll2008-02-18 21:53 . 2007-12-07 15:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll2008-02-18 21:53 . 2007-12-07 15:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll2008-02-18 21:53 . 2007-12-07 00:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe2008-02-18 21:52 . 2007-12-07 15:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll2008-02-18 21:52 . 2007-07-01 16:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat2008-02-18 21:52 . 2007-12-07 15:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll2008-02-18 21:52 . 2007-12-07 15:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll2008-02-18 20:56 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll2008-02-18 20:56 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe2008-02-18 18:22 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002372_.tmp2008-02-18 16:48 . 2008-02-18 16:48 278,927,592 --a------ C:\WindowsXP-KB835935-SP2-ENU.exe2008-02-18 15:06 . 2004-08-04 00:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll2008-02-18 15:06 . 2004-08-04 00:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll2008-02-18 14:37 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl2008-02-18 14:05 . 2002-08-30 01:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex2008-02-18 14:04 . 2002-08-30 01:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll2008-02-18 14:03 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll2008-02-18 14:03 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll2008-02-18 13:59 . 2008-02-18 13:59 749 -rah----- C:\WINDOWS\WindowsShell.Manifest2008-02-18 13:59 . 2008-02-18 13:59 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest2008-02-18 13:59 . 2008-02-18 13:59 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest2008-02-18 13:59 . 2008-02-18 13:59 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest2008-02-18 13:59 . 2008-02-18 13:59 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest2008-02-18 13:58 . 2002-08-30 01:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe2008-02-18 13:58 . 2002-08-30 01:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll2008-02-1... Read more

http://www.bleepingcomputer.com/forums/t/131940/virtumonde-aftermath-popups/
Relevancy 49.88%

Hey Guys My pc been infected by Virtumonde and ad popups for the last few days Symptoms include browser Firefox extremely slow to load web pages as well random ad popups Also Spybot picked up Virtumonde and tried removing it bit it wasn't successfully Also my pc CPU was running at most of the time with winlogin exe taking almost f the cpu usage which is unusual After using VirtumundoBeGone exe amp VundoFix exe the cpu usage seem to behave somewhat allowing me open up applications but it does randomly still goes up to with out even doing anything I also still get random popups which is really Infection Ad Popups / Virtumonde annoying so I don't think the problem Virtumonde Infection / Ad Popups is still fixed I tried running Kaspersky Online Scanner as suggested by you guide but it kept on crashing because of all the ad popups I ran HijackThis and here are the log files Any help is greatly appreciated Deckard's System Scanner v Run by Kay on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - System Checkpoint - - UTC - RP - Last known good configuration - - UTC - RP - Software Distribution Service - - UTC - RP - System Checkpoint-- First Restore Point -- - - UTC - RP - Installed ESET NOD AntivirusBacked up registry hives Performed disk cleanup -- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode NormalRunning processes C WINDOWS system smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS system svchost exeC WINDOWS system spoolsv exeC Program Files Common Files logishrd LVMVFM LVPrcSrv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Cisco Systems VPN Client cvpnd exeC Program Files ESET ESET NOD Antivirus ekrn exeC WINDOWS system svchost exeC WINDOWS system LckFldService exeC Program Files Common Files logishrd LVCOMSER LVComSer exeC Program Files NDAS System ndassvc exeC WINDOWS system nvsvc exeC WINDOWS system PnkBstrA exeC WINDOWS system svchost exeC Program Files TVersity Media Server MediaServer exeC WINDOWS system wscntfy exeC Program Files Common Files logishrd LVCOMSER LVComSer exeC WINDOWS system ctfmon exeC WINDOWS RTHDCPL exeC Program Files Common Files logishrd LComMgr Communications Helper exeC Program Files Logitech QuickCam Quickcam exeC Program Files ESET ESET NOD Antivirus egui exeC WINDOWS system rundll exeD Program Files DAEMON Tools daemon exeD Program Files Valve Steam Steam exeD Program Files Microsoft ActiveSync wcescomm exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files Windows Media Player wmpnscfg exeD Program Files Logitech SetPoint SetPoint exeD Program Files Microsoft ActiveSync rapimgr exeC Program Files NDAS System ndasmgmt exeD Program Files Stardock ObjectDock ObjectDock exeC Program Files Common Files Logitech KhalShared KHALMNPR exeC Program Files Common Files logishrd LQCVFX COCIManager exeC Program Files Internet Explorer iexplore exeC WINDOWS explorer exeC WINDOWS system taskmgr exeD Downloads Firefox dss exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http home microsoft com search search aspR - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO f c - d -f -b a - a fa - af a - - a b- f- d c f - C WINDOWS system xcbydqhr dllO - BHO Spybot-S amp D IE Protection - - F ... Read more

A:Virtumonde Infection / Ad Popups

Hello B00mer and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.3. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

http://www.bleepingcomputer.com/forums/t/151562/virtumonde-infection-ad-popups/
Relevancy 49.88%

I know I am infected by Virtumode Virtumonde/Ad Infected with popups. Recently it just hit and I can barely run youtube videos and I can't send emails It's really slowing down my computer and It only happened recently DDS Ver - - - NTFSx Run by lolran at on Sun Internet Explorer Infected with Virtumonde/Ad popups. BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV avast antivirus VPS - On-access scanning enabled Updated DB - F - A -B - A FD D Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Lavasoft Ad-Aware AAWService exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C Infected with Virtumonde/Ad popups. PROGRA ALWILS Avast ashDisp exe C Program Files iTunes iTunesHelper exe C WINDOWS Infected with Virtumonde/Ad popups. SOUNDMAN EXE C Program Files Java jre bin jusched exe C WINDOWS AGRSMMSG exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files FlashGet FlashGet exe C WINDOWS system ctfmon exe svchost exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Windows Live Messenger msnmsgr exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C WINDOWS system nvsvc exe C Program Files Yahoo SoftwareUpdate YahooAUService exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files iPod bin iPodService exe C Program Files Alwil Software Avast ashWebSv exe C WINDOWS system wuauclt exe C Program Files Lavasoft Ad-Aware AAWTray exe C Program Files Mozilla Firefox firefox exe C WINDOWS system conime exe C Documents and Settings lolran My Documents Downloads dds scr Pseudo HJT Report uStart Page hxxp start nexon com BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO FGCatchUrl f -aa - b - f d- a b e ef - c program files flashget jccatch dll BHO Spybot-S amp D IE Protection - f - d - - d f - c program files spybot - search amp destroy SDHelper dll BHO C C A-E - b - D - CECB - No File BHO Groove GFS Browser Helper - c - d -b f - bbc d a e - c program files microsoft office office GrooveShellExtensions dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO FlashGet GetFlash Class f e- ef- c- - ba dba - c program files flashget getflash dll BHO SingleInstance Class fdad da - a - fd - c - f ac - c program files yahoo companion installs cpn YTSingleInstance dll TB ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll uRun CTFMON EXE c windows system ctfmon exe uRun Google Update quot c documents and settings lolran local settings application data google update GoogleUpdate exe quot c uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun msnmsgr quot c program files windows live messenger msnmsgr exe quot background mRun IMJPMIG quot c windows ime imjp IMJPMIG EXE quot Spoil RemAdvDef Migration mRun PHIME ASync c windows system ime tintlgnt TINTSETP EXE SYNC mRun PHIME A c windows system ime tintlgnt TINTSETP EXE IMEName mRun Adobe Reader Speed Launcher quot c program files adobe reader reader Reader sl exe quot mRun avast c progra alwils avast ashDisp exe mRun QuickTime Task quot c program files quicktime QTTask exe quot -atboottime mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun SoundMan SOUNDMAN EX... Read more

A:Infected with Virtumonde/Ad popups.

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

http://www.bleepingcomputer.com/forums/t/276959/infected-with-virtumondead-popups/
Relevancy 49.88%

Hello Thank you for offering this service After sudden peculiar behavior of my system along with sudden explosion of quot you're infected download this quot pop ups and the switching of my desktop image to a blood red nuclear warning backdrop I ran Spybot I found an unusual number of problems many were fixed as usual but this Virtumonde and others are quite persistent Please review my situation and help if you are able I am attaching two Popups Infection & Ad Virtumonde log files to this topic Extra txt from DSS exe and hijackthis log from Hijackthis exeThank you JoeDSSExtra logfile - please post this as an attachment with your post ---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition build SP Architecture linenums ' Deckard's Virtumonde Infection & Ad Popups System Scanner v Extra logfile - please post this as an attachment with your post ---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition build SP Architecture X Language EnglishCPU Intel reg Pentium reg CPU GHzPercentage of Memory in Use Physical Memory total avail MiB MiBPagefile Memory total avail MiB MiBVirtual Memory total avail MiB MiBA is Removable No Media C is Fixed NTFS - GiB total GiB free D is CDROM CDFS E is CDROM No Media F is Removable No Media PHYSICALDRIVE - WDC WD BB- CAA - GiB - partitions PARTITION - Unknown - MiB PARTITION bootable - Installable File System - GiB - C PHYSICALDRIVE - Dell USB Mass Storage USB Device-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install Windows Internal Firewall is enabled AV AVG v Grisoft HKLM System CurrentControlSet Services SharedAccess Parameters FirewallPolicy DomainProfile AuthorizedApplications List quot windir system sessmgr exe quot quot windir system sessmgr exe enabled xpsp res dll - quot quot C Program Files America Online waol exe quot quot C Program Files America Online waol exe Enabled America Online quot quot C Program Files Common Files AOL ACS AOLDial exe quot quot C Program Files Common Files AOL ACS AOLDial exe Enabled AOL quot quot C Program Files Common Files AOL ACS AOLAcsd exe quot quot C Program Files Common Files AOL ACS AOLAcsd exe Enabled AOL quot quot C Program Files America Online a waol exe quot quot C Program Files America Online a waol exe Enabled AOL quot quot C Program Files Common Files AOL ee AOLServiceHost exe quot quot C Program Files Common Files AOL ee AOLServiceHost exe Enabled AOL Services quot quot C Program Files Common Files AOL Loader aolload exe quot quot C Program Files Common Files AOL Loader aolload exe Enabled AOL Loader quot quot windir Network Diagnostic xpnetdiag exe quot quot windir Network Diagnostic xpnetdiag exe Enabled xpsp res dll - quot quot C Program Files FlashFXP FlashFXP exe quot quot C Program Files FlashFXP FlashFXP exe Enabled FlashFXP v quot quot C Program Files Windows Live Messenger msnmsgr exe quot quot C Program Files Windows Live Messenger msnmsgr exe Enabled Windows Live Messenger quot quot C Program Files Windows Live Messenger livecall exe quot quot C Program Files Windows Live Messenger livecall exe Enabled Windows Live Messenger Phone quot HKLM System CurrentControlSet Services SharedAccess Parameters FirewallPolicy StandardProfile AuthorizedApplications List quot windir system sessmgr exe quot quot windir system sessmgr exe enabled xpsp res dll - quot quot C Program Files Messenger msmsgs exe quot quot C Program Files Messenger msmsgs exe Enabled Windows Messenger quot quot C Program Files Kodak KODAK Software Updater Program Kodak Software Updater exe quot quot C Program Files Kodak KODAK Software Updater Program Kodak Software Updater exe Disabled Kodak Software Updater quot quot C Program Fil... Read more

A:Virtumonde Infection & Ad Popups

Hi and welcome to the forums.
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. I belong to HJT Senior Classmen and everything that I post to you must be checked by
teachers of Bleeping Computer.
Please be patient.

http://www.bleepingcomputer.com/forums/t/147009/virtumonde-infection-ad-popups/
Relevancy 49.88%

I recently started getting popups in IE and Firefox on my WinXpSP MCE PC in addition to some other odd behaviour Firewire camcorder not recognized by system BTW my AV is Avast and I'm running MS Windows Defender Avast reported quot quot quot Sign of quot Win Trojan.Virtumonde Popups and Small-IKZ Trj quot has been found in quot C a exe Popups and Trojan.Virtumonde UPX quot file quot quot I believe I instructed to Avast to repair this but can't remember exactly I downloaded and installed PC Tools Spyware Doctor to try to remedy the situation Although scans detected and supposedly cleaned Trojan Virtumonde after subsequent reboots Spyware Doctor's active scan continues to detect malware trying to access c windows system mllmm dll and c windows system vtuts dll I then downloaded installed and ran SpyBot S amp D and AdAware to help the situation Although both apps found various ad Popups and Trojan.Virtumonde spy malware my problems persist I Popups and Trojan.Virtumonde continued to research the problem and came across this site I followed the steps as outlined and am including DSS's main txt below and its extra txt attached I am also attaching Panda's ActionScan results attached Deckard's System Scanner v Run by john on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Ad-Aware Restore Point - - - - UTC - RP - Installed Ad-Aware - - UTC - RP - Configured Proshots Studio Software v - - UTC - RP - Removed Java TM Update -- First Restore Point -- - - UTC - RP - Made by Registry Mechanic O Backed up registry hives Performed disk cleanup -- HijackThis run as john exe ------------------------------------------------ Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Windows Defender MsMpEng exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Executive Software Diskeeper DkService exe C WINDOWS eHome ehRecvr exe C WINDOWS eHome ehSched exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C WINDOWS Explorer EXE C WINDOWS system nvsvc exe C WINDOWS System svchost exe C WINDOWS system PSIService exe C Program Files Photodex ProShowGold ScsiAccess exe C WINDOWS ehome ehtray exe C WINDOWS ARPWRMSG EXE C WINDOWS ehome ehtray exe C PROGRA ALWILS Avast ashDisp exe C PROGRA ALWILS Avast ashDisp exe C WINDOWS RTHDCPL EXE C Program Files Windows Defender MSASCui exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files VMware VMware Player vmware-authd exe C WINDOWS system ctfmon exe C Program Files Common Files VMware VMware Virtual Image Editing vmount exe C Program Files Zinio ZinioDeliveryManager exe C Program Files Siber Systems AI RoboForm RoboTaskBarIcon exe C WINDOWS system vmnat exe C WINDOWS system fxssvc exe C WINDOWS ehome mcrdsvc exe C Program Files Sony Handheld HOTSYNC EXE C WINDOWS system vmnetdhcp exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Common Files Intuit QuickBooks QBUpdate qbupdate exe C Program Files Updates from HP Program Updates from HP exe C P... Read more

A:Popups and Trojan.Virtumonde

I forgot to add that before coming across this site and going through the 5 steps, I found instructions for using vundofix.exe to clean this trojan. It detected and cleaned, had me reboot and cleaned some more. I have attached the vundofix.txt here also.

John


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 1:07:22 AM 12/23/07

Listing files found while scanning....

C:\windows\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.exe
C:\windows\system32\mmllm.ini
C:\windows\system32\mmllm.ini2
C:\WINDOWS\system32\pmnopop.dll
C:\WINDOWS\system32\ssttq.exe
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.exe
C:\WINDOWS\system32\WDBtnMgr.exe

Beginning removal...

Attempting to delete C:\windows\system32\mllmm.dll
C:\windows\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.exe
C:\WINDOWS\system32\mllmm.exe Has been deleted!

Attempting to delete C:\windows\system32\mmllm.ini
C:\windows\system32\mmllm.ini Has been deleted!

Attempting to delete C:\windows\system32\mmllm.ini2
C:\windows\system32\mmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnopop.dll
C:\WINDOWS\system32\pmnopop.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssttq.exe
C:\WINDOWS\system32\ssttq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.exe
C:\WINDOWS\system32\vtuts.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\WDBtnMgr.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnopop.dll
C:\WINDOWS\system32\pmnopop.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 1:55:35 AM 12/23/07

Listing files found while scanning....

No infected files were found.

http://www.techsupportforum.com/forums/f100/popups-and-trojan-virtumonde-205950.html
Relevancy 49.88%

Spybot and Malwarebytes didn't pick it up Don't know what to do It seems as if something Popups... Ad varient? virtumonde new? Or it only pops up when firefox is open other than that there isn't anything else to describe My CPU usage isn't being maxed out just the pop ups DDS Ver - - - NTFSx Run by HP Administrator at on Tue Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - FW Norton Internet Worm Protection disabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C WINDOWS system spoolsv exe C Program Files Google Update GoogleUpdate exe C WINDOWS Explorer EXE Ad Popups... virtumonde varient? Or something new? C WINDOWS ehome ehtray exe C WINDOWS RTHDCPL EXE C Program Files HP DigitalMedia Archive DMAScheduler exe C Program Files HP HP Software Update HPwuSchd exe C Program Files SyncroSoft Pos H O cledx exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C Program Files Winamp winampa exe C Program Files QuickTime QTTask exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Documents and Settings HP Administrator Desktop utorrent exe C Program Files AIM aim exe C Program Files Google Google Talk googletalk exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C Program Files Common Files InstallShield UpdateService isuspm exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C WINDOWS arservice exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS eHome ehSched exe C Program Files Java jre bin jqs exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Common Files Symantec Shared PIF B E DD - - c -B F- F FCA A PIFSvc exe C WINDOWS system nvsvc exe svchost exe C WINDOWS system svchost exe -k imgsvc C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C Program Files iPod bin iPodService exe C WINDOWS system dllhost exe C WINDOWS eHome ehmsas exe C HP KBD KBD EXE C Program Files MSN Messenger usnsvc exe c windows system hpsysdrv exe C Program Files Winamp winamp exe C Program Files Last fm LastFM exe C Program Files Spybot - Search amp Destroy SpybotSD exe C WINDOWS eHome ehRecvr exe C WINDOWS system rundll exe C Program Files Trend Micro HijackThis HijackThis exe C Program Files SmartFTP Client SmartFTP exe C Program Files Mozilla Firefox firefox exe C Documents and Settings HP Administrator Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uSearch Page hxxp www google com uDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd PAVILION amp pf desktop uDefault Search URL hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktop uSearch Bar hxxp www google com ie mDefault Page URL hxxp ie redirect hp com svs rdr TYPE amp tp iehome amp locale EN US amp c amp bd PAVILION amp pf desktop mDefault Search URL hxxp www google com ie mSearch Page hxxp www google com mStart Page hxxp www google com mSearch Bar hxxp ie redirect hp com svs rdr TYPE amp tp iesearch amp locale EN US amp c amp bd PAVILION amp pf desktop uInternet Connection Wizard ShellNext hxxp uInternet Settings ProxyOverride local mSearchAssistant hxxp www google com uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll BHO fb ee -ecbb- f - c - b ba c - c w... Read more

A:Ad Popups... virtumonde varient? Or something new?

hi nick wan,

Sorry for delay, no shortage of posters. log is several days old. Still need help? You can do this:
We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide, download combofix, save it to your desktop. disable your AV etc as explained in the guide. Double click the icon and follow the prompts. Post the log in your reply.

http://www.bleepingcomputer.com/forums/t/206318/ad-popups-virtumonde-varient-or-something-new/
Relevancy 49.88%

Looks like my 8 year old was surfing unattended (I know- Shame on me!) and picked up a lovely trojan. PC Tools found it by Norton doesn't. PC Tools doesn't remove it nor does the vundofixit file that is available out there. I seem to be at a loss here and the pop ups keep coming. They are mainly about virus protection tools with the odd tarot card or high school reunion ad thrown in. I ran the deckard program and have my logs which I have attached. Any help would be greatly appreciated!

A:trojan.virtumonde - popups

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please do not attach logs unless specifically asked. Copy/paste the entire log directly into your reply window. Thanks.

------------------------------------------------------

I see you have P2P software ( Azureus Vuze and Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to uninstall Azureus Vuze and Limewire, also delete these Folders if they still exist:

F:\Documents and Settings\Nemesis\Application Data\Azureus
F:\Documents and Settings\Nemesis\Application Data\LimeWire
F:\Program Files\Azureus
F:\Program Files\LimeWire

------------------------------------------------------

Please visit this webpage for instructions on downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:
Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
Please click Yes to continue scanning for malware.
When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Please download HijackThis and Save it to your Desktop.

Alternate link

This program will help us determine if there are ... Read more

http://www.techsupportforum.com/forums/f100/trojan-virtumonde-popups-261004.html
Relevancy 49.88%

Spybot S amp D reported a virtumonde infection says it removed it but didnt Getting annyoying popups for quot removal software quot and advertisements and who knows what else its doing in the background Microsoft update is reporting that it is off even know it is switched on in its menu and attempts to turn Infection/popups Virtumonde it back on do nothing DSS scan and Kaspersky attached Deckard's Virtumonde Infection/popups System Scanner v Run by Justin on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis run as Virtumonde Infection/popups Justin exe ----------------------------------------------Logfile of Trend Micro HijackThis Virtumonde Infection/popups v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC WINDOWS system svchost exeC Program Files Intel Wireless Bin S EvMon exeE Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC Program Files ActivIdentity ActivClient acautoup exeC Program Files ActivIdentity ActivClient accoca exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Intel Wireless Bin EvtEng exeE Program Files Hotspot Shield bin openvpnas exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC WINDOWS system nvsvc exeC WINDOWS system HPZipm exeC Program Files Intel Wireless Bin RegSrvc exeC Program Files CyberLink Shared files RichVideo exeC WINDOWS system svchost exeC Program Files Intel Wireless Bin WLKeeper exeC WINDOWS system SearchIndexer exeC Program Files Common Files LogiShrd LVCOMSER LVComSer exeC Program Files Intel Wireless bin ZCfgSvc exeC Program Files Intel Wireless Bin ifrmewrk exeC WINDOWS system dllhost exeC WINDOWS system rundll exeC Program Files SigmaTel C-Major Audio WDM stsystra exeC Program Files Synaptics SynTP SynTPEnh exeC WINDOWS system RUNDLL EXEC WINDOWS system taskswitch exeC WINDOWS system rundll exeE Program Files UltraMon UltraMon exeC Program Files WIDCOMM Bluetooth Software BTTray exeE Program Files UltraMon UltraMonTaskbar exeE Program Files Logitech SetPoint SetPoint exeC Program Files Common Files Logishrd KHAL KHALMNPR EXEC WINDOWS System svchost exeC Program Files Windows Live Messenger msnmsgr exeC Program Files Windows Live Messenger usnsvc exeC WINDOWS system wscntfy exeC PROGRA McAfee MSC mcmscsvc exec PROGRA COMMON mcafee mna mcnasvc exec PROGRA mcafee com agent mcagent exec PROGRA COMMON mcafee mcproxy mcproxy exeC PROGRA McAfee VIRUSS mcsysmon exeC PROGRA McAfee VIRUSS mcshield exeC Program Files McAfee MPF MPFSrv exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeE Program Files Logitech QuickCam Quickcam exeC Program Files Common Files LogiShrd LComMgr Communications Helper exeC Program Files Common Files Logishrd LQCVFX COCIManager exeC Program Files CyberLink PowerDVD PowerDVD exeC Documents and Settings Justin Desktop dss exeE PROGRA TRENDM HIJACK Justin exeR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localO - BHO no name - D -C F - efb- B - ECA - no file O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper... Read more

A:Virtumonde Infection/popups

Hello superbeast_87,Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh DSS Main.txt log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

http://www.bleepingcomputer.com/forums/t/162485/virtumonde-infectionpopups/
Relevancy 49.88%

I am writing here after spending the better part of the past week in a failed attempt to rid my computer of malware The problem first expressed itself in a series of - help! tried, Virtumonde, hijacks please I've popups, browser hijacks and redirections which persist despite my efforts to rid my computer of the problem via Virtumonde, popups, hijacks - I've tried, please help! varying methods Additionally I am unable in most cases to perform any searches Virtumonde, popups, hijacks - I've tried, please help! in Google even though the Google home page loads just fine Here s what I have tried so far - Initially I tried to update Windows I run XP Pro SP with the updater but that didn t work since I was unable to start the automatic updates service - I purchased and installed Norton AntiVirus which found a number of things and said that my system was cleaned yet the problem persisted - I installed and Ran Spybot Search and Destroy This temporarily allowed me to perform Google searches but after a short while the browser is once again compromised and Google searches will no longer work - I ran Vundofix to no avail -- it found no problems - I installed and ran Combofix based on a post I read here It found some things and after running the software the automatic updates service had started Even so I was still unable to perform a windows update and when I looked I see that the automatic updates service has once again been disabled Also after I ran Combofix there seemed to be an odd delay after I started IE and eventually I was redirected to a seedy web site Other symptoms - There are frequent attempts to redirect me to winscanner-freeversion - it seems that some of the ads in legitimate web sites have been compromised and replaced with seedy ads instead - I suspect Virtumonde but am not sure and do not know how to rid my computer of this virus My HijackThis log is posted below I also have a Combofix log that resulted from today s scan that I will post as well Please help Thanks -Dave Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system Ati evxx exe C WINDOWS system svchost exe C WINDOWS System svchost exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Symantec LiveUpdate AluSchedulerSvc exe C Program Files Bonjour mDNSResponder exe C WINDOWS Microsoft NET Framework v mscorsvw exe C Program Files eFax Messenger J GDllCmd exe C Program Files Cisco Systems VPN Client cvpnd exe C Program Files Portrait Displays Pivot Software wpctrl exe C Program Files iTunes iTunesHelper exe C Program Files Common Files Portrait Displays Shared DTSRVC exe C Program Files Intel Intel Matrix Storage Manager iaantmon exe C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Norton Ghost Agent VProSvc exe C Program Files Common Files Symantec Shared ccSvcHst exe C WINDOWS system ctfmon exe C Program Files MSN Messenger MsnMsgr Exe C Program Files eFax Messenger J GTray exe C Program Files Portrait Displays Pivot Software floater exe C WINDOWS system svchost exe C Program Files iPod bin iPodService exe C WINDOWS system msiexec exe C Program Files MSN Messenger usnsvc exe C WINDOWS system rundll exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS system rundll exe C Program Files Mozilla Firefox firefox exe C WINDOWS system rundll exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main... Read more

Relevancy 49.88%

I am running microsoft xp home edition with GB of RAM fter an ad-aware scan and trojan remover it said i was infected with virtumonde as well as other infections Before I was able to copy them down this error message appeared Buffer underrun detected C windows explorer exe Microsoft Visual C Explorer then crashes sometimes restarting on its own other timesI have to use taskmanager to restart the process This happens everytime I open more than one internet page Popups galore some just regular but the majority are from porn sites Any help will be greatly appreciated Thanks for you time P kat Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C OH porn MY! popups and Virtumonde, WINDOWS system Ati evxx Virtumonde, popups and porn OH MY! exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system Ati evxx exe C WINDOWS system spoolsv exe C Program Files Common Files Real Update OB realsched exe C WINDOWS system ctfmon exe C WINDOWS system CTsvcCDA exe C Program Files Nero Nero Nero BackItUp NBService exe C Program Files Spyware Terminator sp rsser exe C WINDOWS System svchost exe C WINDOWS system wscntfy exe C WINDOWS System svchost exe C Program Files Internet Explorer iexplore exe C Program Files Lavasoft Ad-Aware aawservice exe C Program Files Internet Explorer iexplore exe C WINDOWS explorer exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html R - HKCU Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp ymj http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http us rd yahoo com customize ie defaults su ymj http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaults sb ymj http www yahoo com ext search search html R - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaults sp ymj http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Explorer SearchURL Default http us rd yahoo com customize ie defaults su ymj http www yahoo com R - HKCU Software Microsoft Internet Explorer Main Local Page R - URLSearchHook Yahoo u C - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - Hosts www winmx com O - Toolbar Yahoo u C - EF BD -C FB- D - F- D F - C PROGRA Yahoo Companion Installs cpn yt dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dll O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run e b e rundll exe quot C WINDOWS system lnrotpvj dll quot b O - HKLM Run BMe a d Rundll exe quot C WINDOWS system vdjdsbuq dll quot s O - HKLM Run SpywareTerminator quot C Program Files Spyware Terminator SpywareTerminatorShield exe quot O - HKLM Run TrojanScanner C Program Files Trojan Remover Trjscan exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Run Yahoo Pager quot C Program Files Yahoo Messenger YahooMessenger exe quot -quiet O - Startup Zoomin exe lnk C Documents and Settings All Users Favorites Zoomin exe O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS Office EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ssv dll O - Extra Tools menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java jre bin ss... Read more

Relevancy 49.88%

hi picked up virtumonde and cant seem to get rid of it with adaware Of Need Popups Virtumonde Getting Desperately Rid And Help or spybot or Vundofix heres my HJT log please help Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system spoolsv exeC WINDOWS ehome ehtray Desperately Need Help Getting Rid Of Virtumonde And Popups exeC Program Files Java jre bin jusched exeC Program Files Desperately Need Help Getting Rid Of Virtumonde And Popups hpq HP Wireless Assistant HP Wireless Assistant exeC WINDOWS system hkcmd exeC WINDOWS system igfxpers exeC Program Files HP QuickPlay QPService exeC Program Files HP HP Software Update HPWuSchd exeC Program Files Hewlett-Packard HP Quick Launch Buttons QlbCtrl exeC Program Files Synaptics SynTP SynTPLpr exeC Program Files Synaptics SynTP SynTPEnh exeC Program Files QuickTime qttask exeC Program Files The Weather Channel FW Desktop Weather DesktopWeather exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Hp Digital Imaging bin hpqtra exeC PROGRA MUSICM MUSICM MMDiag exeC PROGRA Yahoo MESSEN ymsgr tray exeC Program Files Musicmatch Musicmatch Jukebox mim exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Common Files LightScribe LSSrvc exeC WINDOWS system HPZipm exeC WINDOWS system PSIService exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC Program Files Viewpoint Common ViewpointService exeC Program Files Vongo VongoService exeC WINDOWS system mqsvc exeC Program Files Hewlett-Packard Shared hpqwmiex exeC WINDOWS system mqtgsvc exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC Program Files HP Digital Imaging bin hpqSTE exeC PROGRA HPQ Shared HPQTOA EXEC WINDOWS System svchost exeC Program Files MySpace IM MySpaceIM exeC Program Files MySpace IM MySpaceIM exeC Program Files Viewpoint Viewpoint Manager ViewMgr exeC Program Files internet explorer iexplore exeC Program Files Internet Explorer IEXPLORE EXEC WINDOWS explorer exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Start Page http fantasysports yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Search Bar http us rd yahoo com customize ie defaul rch search htmlR - HKLM Software Microsoft Internet Explorer Main Search Page http us rd yahoo com customize ie defaul www yahoo comR - HKCU Software Microsoft Internet Connection Wizard ShellNext http ie redirect hp com svs rdr TYPE a n amp pf laptopR - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run ehTray C WINDOWS ehome ehtray exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run hpWirelessAssistant C Program Files hpq HP Wireless Assistant HP Wireless Assistant exeO - HKLM Run igfxtray C WINDOWS system igfxtray exeO - HKLM Run igfxhkcmd C WINDOWS system hkcmd exeO - HKLM Run igfxpers C WINDOWS system igfxpers exeO - HKLM Run MsmqIntCert regsvr s mqrt dllO - HKLM Run High Definition Audio Property Page Shortcut CHDAudPropShortcut exeO - HKLM Run QPService quot C Program Files HP QuickPlay QPService exe quot O - HKLM Run HP Software Update C Program Files HP HP Software Update HPWuSchd exeO - HKLM Run ISUSPM Startup quot C Program Files Common Files InstallShield UpdateService i... Read more

A:Desperately Need Help Getting Rid Of Virtumonde And Popups

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ElectrickoolaidMy name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerYour version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop.Alternative Combofix download link HERE.Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

http://www.bleepingcomputer.com/forums/t/127256/desperately-need-help-getting-rid-of-virtumonde-and-popups/
Relevancy 49.88%

Hello All Per step my issues is with constant pop-ups regarding anti-virus software Also I have a yellow triangle with a black exclamation point as well as a red circle with a white quot x quot in the taskbar I completed all steps as per the instructions MAIN TXT Deckard's System Scanner v Run by Allan Burek on - - Computer is in Normal Mode -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Constant Popups-Virtumonde Point - - UTC - RP - Installed Simmer's Sky - Japanese Airports vol - - UTC - RP - Installed LosAngeles - - UTC - RP - Installed Amsterdam - - UTC Constant Popups-Virtumonde - RP - Installed PMDG - FS Update V R Unifies to FSX -- First Restore Point -- - - UTC - RP - System Checkpoint Backed up registry hives Performed disk Constant Popups-Virtumonde cleanup -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v Scan saved at - - Platform Windows XP Service Pack MSIE Internet Explorer Boot mode Normal Running processes C WINDOWS system smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system ati evxx exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Common Files Symantec Shared ccSetMgr exe C WINDOWS system ati evxx exe C Program Files Common Files Symantec Shared ccEvtMgr exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C WINDOWS system spoolsv exe C WINDOWS explorer exe C WINDOWS ltmsg exe C Program Files Common Files Symantec Shared ccApp exe C Program Files Symantec AntiVirus VPTray exe C Program Files Java jre bin jusched exe C Program Files Adobe Acrobat Acrobat Acrotray exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files HP HP Software Update hpwuSchd exe C Program Files ATI Technologies ATI ACE Core-Static MOM exe C WINDOWS RTHDCPL exe C WINDOWS system ctfmon exe C Program Files ATI Technologies ATI ACE Core-Static CCC exe C Program Files Bonjour mDNSResponder exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files Symantec AntiVirus DefWatch exe C Program Files Windows Desktop Search WindowsSearch exe C WINDOWS system oodag exe C WINDOWS system HPZipm exe C WINDOWS system svchost exe C Program Files Symantec AntiVirus Rtvscan exe C WINDOWS system searchindexer exe C Program Files HP Digital Imaging bin hpqimzone exe C Program Files Common Files Macrovision Shared FLEXnet Publisher FNPLicensingService exe C WINDOWS system alg exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C WINDOWS system winver exe C WINDOWS system wscntfy exe C Documents and Settings Allan Burek Local Settings Temporary Internet Files Content IE VQ X MBA dss exe R - HKCU Software Microsoft Internet Explorer Main Search Bar http www microsoft com isapi redir ie amp ar iesearch R - HKCU Software Microsoft Internet Explorer Main Start Page http www msn com wl true R - HKCU Software Microsoft Internet Explorer SearchURL Default http home microsoft com access autosearch asp p s R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO no name - CD- E- - EC - D B D ED - C WINDOWS system jkkLCtSI dll file missing O - BHO no name - BCC F -F C - D -A ... Read more

A:Constant Popups-Virtumonde

Hi, welcome to TSF!

Sorry for the delay, the helpers are very busy.

If you still need assistance, please post a fresh main.txt log.

http://www.techsupportforum.com/forums/f284/constant-popups-virtumonde-250039.html
Relevancy 49.88%

Hello - -thank you for all the help so far I have completed all the steps required before posting The problem started with the Win Antivirus pop-up-after closing it I encountred many pop-ups and redirects to other sites I attempted to remove after finding the files such as Webbuying Vundo and WinAntivirus with no avail they keep coming back after deleted I hope you can help me gardner Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC Up Pop - Virtumonde-win Antivirus Many Other Popups WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS Explorer EXEC WINDOWS system spoolsv exeC WINDOWS system CTsvcCDA exeC WINDOWS system HPZipm exeC WINDOWS system svchost exeC WINDOWS system hkcmd exeC Program Files Creative SBAudigy Surround Mixer CTSysVol exeC PROGRA ALWILS Avast ashDisp exeC Program Files Creative MediaSource Detector CTDetect exeC WINDOWS system ctfmon exeC Program Files Internet Explorer iexplore exeC Documents and Settings Mikey Desktop weeds stinger exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Bar http google icq com search search frame phpR - HKCU Software Microsoft Internet Explorer Main Search Page http google icq comR - HKCU Software Microsoft Internet Explorer Main Start Virtumonde-win Antivirus Pop Up - Many Other Popups Page http www cox net R Virtumonde-win Antivirus Pop Up - Many Other Popups - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R Virtumonde-win Antivirus Pop Up - Many Other Popups - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKCU Software Microsoft Internet Explorer Main Local Page R - HKCU Software Microsoft Internet Explorer Main Window Title Internet Explorer Provided by Cox High Speed InternetO - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar no name - BF - F - - - FE E AA - no file O - HKLM Run igfxtray C WINDOWS system igfxtray exeO - HKLM Run igfxhkcmd C WINDOWS system hkcmd exeO - HKLM Run CTSysVol C Program Files Creative SBAudigy Surround Mixer CTSysVol exe rO - HKLM Run UpdReg C WINDOWS UpdReg EXEO - HKLM Run avast C PROGRA ALWILS Avast ashDisp exeO - HKCU Run SetDefaultMIDI MIDIDef exeO - HKCU Run Creative Detector quot C Program Files Creative MediaSource Detector CTDetect exe quot RO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKUS S- - - Run MySpaceIM C Program Files MySpace IM MySpaceIM exe User 'SYSTEM' O - HKUS DEFAULT Run MySpaceIM C Program Files MySpace IM MySpaceIM exe User 'Default user' O - Extra context menu item E amp xport to Microsoft Excel - res C PROGRA MICROS OFFICE EXCEL EXE O - Extra button no name - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra 'Tools' menuitem Sun Java Console - B E C - FCB- CF-AAA - C - C Program Files Java j re bin npjpi dllO - Extra button Send to OneNote - A- - f c- - EE C C - no file O - Extra 'Tools' menuitem S amp end to OneNote - A- - f c- - EE C C - no file O - Extra button no name - d f - f - d - - c a - C WINDOWS bdoscandel exeO - Extra 'Tools' menuitem Uninstall BitDefender Online Scanner v - d f - f - d - - c a - C WINDOWS bdoscandel exeO - Extra button Research - B - CC- C -B BE- C C A - C PROGRA MICROS OFFICE REFIEBAR DLLO - Extra button Real com - CD F -D E - d - FE- C F AFE - C WINDOWS system Shdocvw dllO - Extra button no name - e e dd -d - - b -f ba - C WINDOWS Network Diagn... Read more

A:Virtumonde-win Antivirus Pop Up - Many Other Popups

Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.exeDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Download the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

http://www.bleepingcomputer.com/forums/t/99645/virtumonde-win-antivirus-pop-up-many-other-popups/
Relevancy 49.88%

Symptoms Computer is extremely slow popups Virtumonde / with infected and sluggish programs take or four times longer to open Popups appeared this evening It sounds infected with Virtumonde / popups like the processor is continually processing something I tried a few things including some of the free online scans in task manager - gt cpu usage is showing Spybot search infected with Virtumonde / popups and destroy can't seem to get rid of it Thanks for anyone who can help me as it is my main work PC K DDS Ver - - - NTFSx Run by Kelcey at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV AVG Anti-Virus Free On-access scanning enabled Updated Running Processes C WINDOWS system Ati evxx exe C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS Explorer EXE C WINDOWS system spoolsv exe C WINDOWS system dla tfswctrl exe C Program Files Apache Group Apache Apache exe C PROGRA AVG AVG avgwdsvc exe C PROGRA AVG AVG avgtray exe C Program Files Java jre bin jusched exe C Program Files Messenger msmsgs exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Bonjour mDNSResponder exe C Program Files Digital Line Detect DLG exe C WINDOWS system drivers CDAC BA EXE C WINDOWS SYSTEM WTablet TabUserW exe C mysql bin winmysqladmin exe C WINDOWS system inetsrv inetinfo exe C Program Files Apache Group Apache Apache exe C Program Files Java jre bin jqs exe C PROGRA AVG AVG avgrsx exe C PROGRA AVG AVG avgnsx exe C Program Files Common Files LightScribe LSSrvc exe C Program Files Alias Maya Personal Learning Edition docs wrapper exe C mysql bin mysqld-nt exe C Program Files Alias Maya Personal Learning Edition docs jre bin java exe C WINDOWS system PSIService exe C Program Files Common Files supportsoft bin sprtlisten exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system Tablet exe C PROGRA AVG AVG avgemc exe C Program Files AVG AVG avgcsrvx exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS system rundll exe C Program Files Opera opera exe C Program Files Prevx prevx exe C Program Files Prevx prevx exe C Program Files Microsoft Office OFFICE WINWORD EXE C Program Files AVG AVG avgcsrvx exe C Documents and Settings Kelcey Desktop dds scr Pseudo HJT Report uStart Page hxxp www yahoo com uSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo com uDefault Page URL hxxp www dell me com myway uSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html mDefault Search URL hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com mSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo com mSearch Bar hxxp us rd yahoo com customize ie defaults sb msgr http www yahoo com ext search search html uInternet Settings ProxyOverride local uSearchURL Default hxxp us rd yahoo com customize ie defaults su msgr http www yahoo com uURLSearchHooks Yahoo u C ef bd -c fb- d - f- d f - c progra yahoo companion installs cpn yt dll BHO amp Yahoo Toolbar Helper d -c f - efb- b - eca - c progra yahoo companion installs cpn yt dll BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dll BHO ContributeBHO Class c dc - - a a- d-c c - c program files adobe Adobe Contribute CS contributeieplugin dll BHO AVG Safe Search ca f - f e- b -a e- e e c c - c program files avg avg avgssie dll BHO Spybot-S amp D IE Protection - f - d - - d f - c progra spybot SDHelper dll BHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c program files yahoo common yiesrvc dll BHO Java Plug-In SSV Helper bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO e - a - - d f-d b bc d e - c windows system muvetuvo dll BHO Java Plug-In SSV Helper dbc -a -... Read more

A:infected with Virtumonde / popups

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running.ComboFix will restart your computer if malware is fo... Read more

http://www.bleepingcomputer.com/forums/t/215188/infected-with-virtumonde-popups/
Relevancy 49.88%

Logfile of Trend Micro HijackThis v Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS system spoolsv exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC WINDOWS system CTsvcCDA EXEC Program Files McAfee Common Framework FrameworkService exeC Program Files McAfee VirusScan Enterprise mcshield exeC Program Files McAfee VirusScan Enterprise vstskmgr exeC WINDOWS system nvsvc exeC WINDOWS system MsPMSPSv exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC Program Files Java j re bin jusched exeC Program Files Dell Media Experience PCMService exeC WINDOWS system Rundll exeC Program Files MUSICMATCH Musicmatch Jukebox mm tray exeC Program Files MusicMatch MusicMatch Jukebox mmtask exeC Program Files Intel Modem Event Monitor IntelMEM exeC Program Files Hewlett-Packard HP Software Update HPWuSchd exeC Program Files HP hpcoretech hpcmpmgr exeC Program Files CyberLink PowerDVD DVDLauncher exeC Program Files Creative Sound Blaster Live -bit Surround Mixer CTSysVol exeC WINDOWS system spool drivers w x hpztsb exeC WINDOWS system dla tfswctrl exeC Program Files McAfee Common Framework UdaterUI exeC Program Files McAfee Common Framework McTray exeC Program Files iTunes iTunesHelper exeC Program Files Messenger msmsgs exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files iPod bin iPodService exeC Program Files Trend Micro HijackThis HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www psych uiuc edu home index phpR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - Infections Other Popups/virtumonde And HKLM Software Microsoft Internet Explorer Main Default Search URL http go Popups/virtumonde And Other Infections microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Popups/virtumonde And Other Infections Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localN - Netscape user pref quot browser startup homepage quot quot http www uiuc edu quot C Documents and Settings CHERYL Application Data Mozilla Profiles default vnhl gc slt prefs js N - Netscape user pref quot browser search defaultengine quot quot engine C A CProgram Files CNetscape CNetscape Csearchplugins CSBWeb src quot C Documents and Settings Popups/virtumonde And Other Infections CHERYL Application Data Mozilla Profiles default vnhl gc slt prefs js O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO no name - E E -BBB - CE- EC- C E C BA - no file O - BHO no name - FDCE - B - C-A - B E - C WINDOWS system ddaya dll file missing O - BHO no name - B B C-D C- -A BB- DD A B - C WINDOWS system jkkli dll file missing O - BHO no name - A - D - AD- - D B D FBC - C WINDOWS system geebb dll file missing O - BHO no name - F - F E- - BCE- B E C C - C WINDOWS system awvvu dll file missing O - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO no name - B - E D- E C- D -B F D BA - C WINDOWS system ddayv dll file missing O - BHO no name - BBB F -C FE- E - B -E F - C WINDOWS system gebca dll file missing O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan Enterprise... Read more

A:Popups/virtumonde And Other Infections

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply with a fresh HijackThis log.

http://www.bleepingcomputer.com/forums/t/132207/popupsvirtumonde-and-other-infections/
Relevancy 49.88%

First of all I would Files Weird Internet Explorer / Windows Wmp Popups like to say thank you in advance for your help Before you get to my log let me inform you of the steps I have already taken Deleted temp files using CCleanerScaned computer with current McAfee found and deleted issuesScanned with Spybot S amp D only found registry issueRan Spysweeper off GeekSquad Internet Explorer Popups / Windows Weird Wmp Files MRI CD found only minor threatsRan CombofixRan Dss for log fileWindows Media player issue There is a hidden Internet Explorer Popups / Windows Weird Wmp Files dir in my user dir and it contains quot avi quot files that are only about k they open in Windows Media Player but then redirect to a website to download CODEC Internet Explorer Popups / Windows Weird Wmp Files exe Also there is an empty folder on the root of c called 'QooBox' i read some where last night that QooBox was malware and I dont know the truth to that i just thought i'd let you knowI attached virus scan results dss and combofix for your review Thank you again Below is the dss log as requested ------------------------------------------------------Deckard's System Scanner v Run by heyltjerose on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- HijackThis run as heyltjerose exe -----------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C Windows system taskeng exeC Windows system Dwm exeC Program Files Windows Defender MSASCui exeC Program Files Intel Intel Matrix Storage Manager IAAnotif exeC Program Files Common Files InstallShield UpdateService issch exeC Program Files Intel IntelDH CCU CCU TrayIcon exeC Program Files Common Files Intel IntelDH NMS Support IntelHCTAgent exeC Program Files Adobe Photoshop Album Starter Edition Apps apdproxy exeC Program Files iTunes iTunesHelper exeC Program Files Windows Media Player wmpnscfg exeC Program Files Intel IntelDH CCU CCU Engine exeC Windows explorer exeC Windows System mobsync exeC Program Files QuickTime QuickTimePlayer exeC Program Files Internet Explorer IEUser exeC Users heyltjerose Desktop dss exeC PROGRA TRENDM HIJACK HEYLTJ EXER - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localR - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhostO - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO McAntiPhishingBHO - C E- F E- D C- F-F BD D CF - C Program Files McAfee MSK mcapbho dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - c Program Files Java jre bin ssv dllO - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files McAfee VirusScan scriptsn dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hideO - HKLM Run IAAnotif quot C Program Files Intel Intel Matrix Storage Manager Iaanotif exe quot O - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run CCUTRAYICON C Program Files Intel IntelDH CCU CCU TrayIcon exeO - HKLM Run NMSSupport quot C Program Files Common Files Intel IntelDH NMS Support Inte... Read more

A:Internet Explorer Popups / Windows Weird Wmp Files

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A HijackThis LogThanks,Charles

http://www.bleepingcomputer.com/forums/t/145244/internet-explorer-popups-windows-weird-wmp-files/
Relevancy 49.88%

Upon startup as soon as the desktop appears a Windows Explorer window opens which points to C Dell Startup pauses at that point until the window is closed This machine is at least issue popups causing Explorer Windows Unknown years old and has been infected Unknown issue causing Windows Explorer popups numerous times through those years Auto-scan and cleaning programs have always been used to remove Unknown issue causing Windows Explorer popups them but I'm not confident about their thoroughness As my wife uses this computer to make online purchases from time to time I'd like to be sure that there Unknown issue causing Windows Explorer popups is no malware on it sharing our information freely with others Thanks much in advance for any help ---Begin DDS Log--- DDS Ver - - - NTFSx Run by Owner at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT - AV avast antivirus VPS - On-access scanning enabled Updated Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost exe svchost exe C Program Files Alwil Software Avast aswUpdSv exe C Program Files Alwil Software Avast ashServ exe C WINDOWS Explorer EXE C Program Files Dell Photo AIO Printer dlbubmgr exe C PROGRA ALWILS Avast ashDisp exe C Program Files iTunes iTunesHelper exe C Program Files Java jre bin jusched exe C Program Files Dell Photo AIO Printer dlbubmon exe C Program Files Common Files Ahead Lib NMBgMonitor exe C Program Files Palm Hotsync exe C Program Files Common Files Ahead Lib NMIndexStoreSvr exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files Java jre bin jqs exe C Program Files Alcohol Soft Alcohol StarWind StarWindService exe C WINDOWS system svchost exe -k imgsvc C Program Files chatsupport palm com bin tgsrvc exe C Program Files Viewpoint Common ViewpointService exe C Program Files Alwil Software Avast ashMaiSv exe C Program Files Alwil Software Avast ashWebSv exe C Program Files iPod bin iPodService exe C Program Files Common Files Ahead Lib NMIndexingService exe C Program Files Internet Explorer iexplore exe C WINDOWS system wuauclt exe C WINDOWS system WBEM WMIADAP EXE C Documents and Settings Owner Desktop dds scr Pseudo HJT Report uStart Page hxxp www google com uInternet Settings ProxyOverride local BHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files adobe acrobat activex AcroIEHelper dll BHO Java Plug-In SSV Helper dbc -a - b-bc - c c c a - c program files java jre bin jp ssv dll BHO JQSIEStartDetectorImpl Class e e f - ce- c -bc -eabfe f c - c program files java jre lib deploy jqs ie jqs plugin dll TB B EAC - D - B E- B -A C A A - No File EB - a - b-a - c a a - No File uRun BgMonitor E - C C- d f- C - D A B AA quot c program files common files ahead lib NMBgMonitor exe quot mRun IgfxTray c windows system igfxtray exe mRun Dell Photo AIO Printer quot c program files dell photo aio printer dlbubmgr exe quot mRun DellMCM c program files dell photo aio printer memcard exe mRun avast c progra alwils avast ashDisp exe mRun NeroFilterCheck c program files common files ahead lib NeroCheck exe mRun iTunesHelper quot c program files itunes iTunesHelper exe quot mRun SunJavaUpdateSched quot c program files java jre bin jusched exe quot mRun QuickTime Task quot c program files quicktime qttask exe quot -atboottime mRun MSConfig c windows pchealth helpctr binaries MSConfig exe auto StartupFolder c docume alluse startm programs startup hotsyn lnk - c program files palm Hotsync exe IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D - c progra micros office REFIEBAR DLL Trusted Zone microsoft com download windowsupdate Trusted Zo... Read more

A:Unknown issue causing Windows Explorer popups

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

http://www.bleepingcomputer.com/forums/t/219224/unknown-issue-causing-windows-explorer-popups/
Relevancy 49.45%

G'day--hope like the dickens you can help System's been slow for several weeks with no clear reason Worsened a few days ago I had only Firefox open and it took - seconds to load a page Up to Too? Popups/smitfraud, Virtumonde/winantivirus that point Norton never picked up a thing while I was Virtumonde/winantivirus Popups/smitfraud, Too? logged in Popups started in earnest yesterday Finally found hard evidence of the virus and left Housecall's online scan overnight to see what it found This morning the browser was closed Moved on now hours into diagnosis and repair and still getting a bunch of crud popping up A number of trojans viruses and rootkits have been found by Norton AVG and Panda Anti-Virus Online scans Each detector has been successful on some level at cleaning the problems but the problems keep propagating Tried the online scan with Housecall again about two hours ago and my browser was shut down again Just finished scanning deleting and destroying with Ad-Aware Spybot Panda and Stinger Haven't restarted yet nor did I restart in between That just seems to make trouble HiJackThis log looks like this Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Symantec AntiVirus DefWatch exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC WINDOWS System svchost exeC WINDOWS Explorer EXEC Program Files Common Files Symantec Shared ccApp exeC WINDOWS system hkcmd exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system dla tfswctrl exeC Program Files Common Files Real Update OB realsched exeC Program Files Hewlett-Packard HP Software Update HPWuSchd exeC WINDOWS system ctfmon exeC WINDOWS system taskmgr exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Internet Explorer iexplore exeC WINDOWS system wuauclt exeC Fixers HijackThis exeR - HKCU Software Microsoft Internet Explorer Main Default Page URL http www dell me com mywayR - HKCU Software Microsoft Internet Explorer Main Start Page http news google com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Toolbar Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dllO - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exeO - HKLM Run ISUSScheduler quot C Program Files Common Files InstallShield UpdateService issch exe quot -startO - HKLM Run IgfxTray C WINDOWS system igfxtray exeO - HKLM Run dla C WINDOWS system dla tfswctrl exeO - HKLM Run ISUSPM Startup c progra common instal update isuspm exe -startupO - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osbootO - HKLM Run HP Software Update C Program Files Hewlett-Packard HP Software Update HPWuSchd exeO - HKLM Run DllRunning rundll exe quot C WINDOWS system ltvdxbqd dll quot setvmO - HKCU Run ctfmon exe C WINDOWS system ctfmon exeO - HKCU Run SpybotSD TeaTimer C Program Files Spybot - Search amp Destroy TeaTimer exeO ... Read more

A:Virtumonde/winantivirus Popups/smitfraud, Too?

Welcome to BC Fursty Go to:C:\Fixers\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

http://www.bleepingcomputer.com/forums/t/81837/virtumondewinantivirus-popupssmitfraud-too/
Relevancy 49.45%

After moving back home and setting up my PC I started getting constant and annoying popups I believe it may have something I have installed myself The popups occur with IE as the browser I use Firefox by Default and I typically have no issue removing spyware myself but this has been giving me some troubles I apologize in advance if I - Constant Popups IE Spyware/Virtumonde posted this Constant IE Popups - Spyware/Virtumonde improperly The following is my Pandascan Results and my Main txt Thanks in advance Incident Status Location Virus Trj Downloader PJT Constant IE Popups - Spyware/Virtumonde Disinfected Operating system Spyware Spyware Virtumonde Not disinfected C WINDOWS system wvuvtsr dll Spyware Cookie Com Constant IE Popups - Spyware/Virtumonde com Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt com com Spyware Cookie Atlas DMT Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt atdmt com Spyware Cookie Reliablestats Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt stats reliablestats com Spyware Cookie Systemdoctor Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt systemdoctor com Spyware Cookie Reliablestats Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt stats reliablestats com Spyware Cookie Systemdoctor Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt www systemdoctor com Spyware Cookie Reliablestats Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt stats reliablestats com Spyware Cookie Systemdoctor Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt systemdoctor com Spyware Cookie Systemdoctor Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt systemdoctor com Spyware Cookie Winantivirus Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt winantivirus com Spyware Cookie Advertising Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt advertising com Spyware Cookie Doubleclick Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt doubleclick net Spyware Cookie Advertising Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt advertising com Spyware Cookie Adrevolver Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt adrevolver com Spyware Cookie Serving-sys Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt serving-sys com Spyware Cookie Serving-sys Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt bs serving-sys com Spyware Cookie Mediaplex Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt mediaplex com Spyware Cookie YieldManager Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt ad yieldmanager com Spyware Cookie Casalemedia Not disinfected C Documents and Settings Administrator Application Data Mozilla Firefox Profiles xbkhg ni default cookies txt casalemedia com Spyware Cookie Traffi... Read more

A:Constant IE Popups - Spyware/Virtumonde

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Open HijackThis (not DSS) and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

http://www.techsupportforum.com/forums/f100/constant-ie-popups-spyware-virtumonde-170504.html
Relevancy 49.45%

Hi to all from hopeful newbie I've been removing Trojans worms and pop ups since May I thought I had won the war until I Trojan/winfixer Popups Virtumonde noticed Avast was disabled and the Firewall was Virtumonde Trojan/winfixer Popups down I have them back for now but need expert advice I've run Ad-Aware Virtumundo Spybot and Avast in safe mode and in normal mode I check CodeStuff Starter every time I boot and there aren't any new items in the start up I'm posting my HijackThis log and DSS in case anyone can find where the bugger is hiding and can tell me how to remove it Thank you Really Thank you Kindest regards KristineDeckard's System Scanner v Run by Kristine on - - Computer is in Normal Mode ---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point -- Last Restore Point s -- - - UTC - RP - Deckard's System Scanner Restore Point - - UTC - RP - Software Distribution Service - - UTC - RP - Software Distribution Service - - UTC - RP - Software Distribution Service - - UTC - RP - Software Distribution Service -- First Restore Point -- - - UTC - RP - System CheckpointBacked up registry hives Performed disk cleanup -- HijackThis run as Kristine exe --------------------------------------------Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files Intel Wireless Bin EvtEng exeC Program Files Intel Wireless Bin S EvMon exeC Program Files Lavasoft Ad-Aware aawservice exeC Program Files Alwil Software Avast aswUpdSv exeC Program Files Alwil Software Avast ashServ exeC WINDOWS system spoolsv exeC WINDOWS Explorer EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS system drivers CDAC BA EXEC Program Files TOSHIBA ConfigFree CFSvcs exeC WINDOWS system DVDRAMSV exeC Program Files Google Common Google Updater GoogleUpdaterService exeC Program Files Intel Wireless Bin RegSrvc exeC WINDOWS system svchost exec TOSHIBA IVP swupdate swupdtmr exeC Program Files Alwil Software Avast ashMaiSv exeC Program Files Alwil Software Avast ashWebSv exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC WINDOWS eHome ehSched exeC WINDOWS eHome ehRecvr exeC WINDOWS system dllhost exeC Program Files Internet Explorer iexplore exeC Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exeC Documents and Settings Kristine Desktop dss exeC PROGRA Kristine exeO - BHO no name - D F A- D - D- BE -FA C A B F - no file O - BHO no name - D F - C- -A D-D E - C WINDOWS system rqRLfdEv dll file missing O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dllO - BHO d b cd- f -f a- c - a df - fd - a - c -a f- f dc b d - C WINDOWS system yqyuoigu dllO - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO no name - B F CF- D - A - ACE- C A - no file O - BHO no name - E D A - F - B D-A BE- F C F - C WINDOWS system awttttRl dll file missing O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar dllO - HKCU Run swg C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeO - HKUS S- - - Run TOSCDSPD C Program Files TOSHIBA TOSCDSPD toscdspd exe User 'LOCAL SERVICE' O - HKUS S- - - Run ctfmon exe C WINDOWS system ctfmon exe User 'LOCAL SERVICE' O - HKUS S- - - Run MSMSGS quot C Program Files Messenger msmsgs exe quot background User 'LOCAL SERVICE' O - HKUS S- - - Run ... Read more

A:Virtumonde Trojan/winfixer Popups

Hello Kristine,I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove one of these. AVAST Antivirus or AVG Antivirus We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. You need to disable your Antivirus before running ComboFix, as it will prevent it from running. I dont know what antivirus you chose to uninstall, so here how you disable both of them. to disable avast antivirus: Right click on the avast! icon in system tray (looks like this: ) and choose (Stop On-Access Protection)To disable AVG antivirus: Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: ) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.When you need to enable the AVG Resident Shield, ( I???ll let you know when) just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix To work properly, you must install ComboFix on the Desktop. When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT It is a simple procedure that will only take a few moments of your time. You DO NOT need to have the Windows CD to install Recovery Console! Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console. Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well. Don't select to run the Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. A caution - Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, ... Read more

http://www.bleepingcomputer.com/forums/t/152511/virtumonde-trojanwinfixer-popups/
Relevancy 49.45%

I am running this log on my wife's laptop For the last couple of days she started to get popupads when she opens her hotmail account and sometimes when working in Firefox I ran adaware and it told me we had a virtumonde infection I told it to remove it Then ran a scan with the norton VIRTUMONDE removal tool and with vundofix Both came up clean She still has those annoying popups though Also looked around the registry for signs of a virtumonde infection but couldn't find anything there Hope someone can rid us of these popups -------------------------------------------------------------------------------------------------------- DDS Ver Virtumonde Constant infection popups-possible - - - NTFSx Run by Candace at on Sat Internet Explorer BrowserJavaVersion Microsoft Windows XP Professional GMT FW ZoneAlarm Firewall enabled Running Processes C WINDOWS system svchost -k DcomLaunch svchost exe C WINDOWS System svchost exe -k netsvcs svchost Constant popups-possible Virtumonde infection exe svchost exe C WINDOWS system ZoneLabs vsmon exe C Program Files Lavasoft Ad-Aware aawservice exe C WINDOWS system spoolsv exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exe C Program Files Bonjour mDNSResponder exe C Program Files TOSHIBA ConfigFree CFSvcs exe C WINDOWS system svchost exe -k imgsvc C WINDOWS system TCtrlIOHook exe C Program Files TOSHIBA ConfigFree NDSTray exe C Program Files TOSHIBA ConfigFree CFSServ exe C Program Files TOSHIBA TOSHIBA Controls TFncKy exe C WINDOWS system TDispVol exe C WINDOWS RTHDCPL EXE C Program Files TOSHIBA E-KEY CeEKey exe C Program Files TOSHIBA TouchPad TPTray exe C Program Files Synaptics SynTP SynTPEnh exe C Program Files Java jre bin jusched exe C WINDOWS system igfxtray exe C WINDOWS system igfxpers exe C WINDOWS vsnpstd exe C WINDOWS System svchost exe -k HTTPFilter C Program Files Zone Labs ZoneAlarm zlclient exe C Program Files iTunes iTunesHelper exe C Program Files Synaptics SynTP SynToshiba exe C WINDOWS adobeupd exe C Program Files TOSHIBA TOSCDSPD toscdspd exe C Program Files Windows Live Messenger MsnMsgr Exe C Program Files Yahoo Messenger YahooMessenger exe C WINDOWS system ctfmon exe C Program Files DAEMON Tools daemon exe C Program Files iPod bin iPodService exe C Program Files Windows Live Messenger usnsvc exe C WINDOWS system rundll exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C WINDOWS explorer exe C Program Files Mozilla Firefox firefox exe C Documents and Settings Candace Desktop dds scr Pseudo HJT Report uStart Page hxxp ca msnusers com sPlayground sigpickup msnw all topics uInternet Settings ProxyOverride local uURLSearchHooks Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll BHO Yahoo Toolbar Helper d -c f - efb- b - eca - c program files yahoo companion installs cpn yt dll BHO NoExplorer - No File BHO Yahoo IE Services Button bab b b- bc- b - d - fc de a - c program files yahoo common yiesrvc dll BHO d cb -c cd- c f-bfdc- b afbdc c - c windows system khfGvurO dll BHO SSVHelper Class bb-d f - c-b eb-d daf d d - c program files java jre bin ssv dll BHO Windows Live Sign-in Helper d - c - abf- ecc- c - c program files common files microsoft shared windows live WindowsLiveLogin dll BHO f - c -abb - - a f c ea a a ae c f- a - - bba- c f - c windows system pyffll dll BHO ae eb e -bd - d - dc - ed ae f - c windows system ddcBQGWP dll TB Yahoo Toolbar ef bd -c fb- d - f- d f - c program files yahoo companion installs cpn yt dll uRun TOSCDSPD c program files toshiba toscdspd toscdspd exe uRun MsnMsgr quot c program files windows live messenger MsnMsgr Exe quot background uRun Yahoo Pager quot c program files yahoo messenger YahooMessenger exe quot -quiet uRun ctfmon exe c windows system ctfmon exe uRun DAEMON Tools Lite quot c program files daemon tools daemon exe quot -autorun mRun TCtryIOHook TCtrlIOHook exe mRun NDSTray ... Read more

A:Constant popups-possible Virtumonde infection

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GMER result..

http://www.bleepingcomputer.com/forums/t/193901/constant-popups-possible-virtumonde-infection/
Relevancy 49.45%

hello i keep getting multiple popups and would like some help in removing them thanks in popups Virtumonde infection i multiple think, advance for any help offered posted below are the resit hjt and kaspersky reports Logfile of random's system information tool written by random random Run by bigdadie at - - Microsoft Windows Virtumonde infection i think, multiple popups XP Professional Service Pack System drive C has GB free of GBTotal RAM MB free Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS System Ati evxx exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC WINDOWS System svchost exeC WINDOWS system Ati evxx exeC WINDOWS System svchost exeC WINDOWS Explorer EXEC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Google Common Google Updater GoogleUpdaterService exeC WINDOWS System svchost exeC WINDOWS System wdfmgr exeC WINDOWS System alg exeC WINDOWS SOUNDMAN EXEC Program Files BroadJump Client Foundation CFD exeC Program Files QuickTime qttask exeC Program Files ATI Technologies ATI ACE CLI EXEC Program Files Lexmark Series lxczbmgr exeC WINDOWS system rundll exeC Program Files Messenger msmsgs exeC Program Files GetModule GetModule exeC Documents and Settings bigdadie Application Data gadcom gadcom exeC WINDOWS system wscntfy exeC Virtumonde infection i think, multiple popups Program Files Lexmark Series lxczbmon exeC PROGRA Yahoo MESSEN ymsgr tray exeC Program Files ATI Technologies ATI ACE cli exeC Program Files ATI Technologies ATI ACE cli exeC Program Files Mozilla Firefox firefox exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS System msiexec exeC Program Files Java jre bin jusched exeC Program Files Java jre bin jqs exeC Documents and Settings bigdadie Desktop RSIT exeC WINDOWS System wbem wmiprvse exeC Program Files Trend Micro HijackThis bigdadie exeR - HKCU Software Microsoft Internet Explorer Main Start Page http hometab bellsouth net O - BHO no name - F-DA F- -A F- FE E - C WINDOWS system geBuUmjH dllO - BHO ee - edb-ee -ae - c c e - e c - c - ea- ee-bde ee - C WINDOWS system ypsquq dllO - BHO no name - D CB -C CD- c f-BFDC- B AFBDC C - C WINDOWS system khfGxWoO dllO - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dllO - BHO Google Toolbar Notifier BHO - AF DE - D - -B FA-CE B AD D - C Program Files Google GoogleToolbarNotifier swg dllO - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dllO - BHO JQSIEStartDetectorImpl - E E F - CE- C -BC -EABFE F C - C Program Files Java jre lib deploy jqs ie jqs plugin dllO - HKLM Run SiSUSBRG C WINDOWS SiSUSBrg exeO - HKLM Run SoundMan SOUNDMAN EXEO - HKLM Run BJCFD C Program Files BroadJump Client Foundation CFD exeO - HKLM Run ATICCC quot C Program Files ATI Technologies ATI ACE CLIStart exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottimeO - HKLM Run NeroFilterCheck C WINDOWS system NeroCheck exeO - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run Adobe Reader Speed Launcher quot C Program Files Adobe Reader Reader Reader sl exe quot O - HKLM Run Lexmark Series quot C Program Files Lexmark Series lxczbmgr exe quot O - HKLM Run b rundll exe quot C WINDOWS system ybvmiutt dll quot bO - HKCU Run MSMSGS quot C Program Files Messenger msmsgs exe quot backgroundO - HKCU Run Yahoo Pager quot C PROGRA Yahoo MESSEN YAHOOM EXE quot -quietO - HKCU Run GetModule C Program Files GetModule GetModule exeO - HKCU Run gadcom quot C Documents and Settings bigdadie Application Data gadcom gadcom exe quot A B BBF B B E C C A E C AO - Global Startup Adobe Gamma Loader exe lnk C Program ... Read more

A:Virtumonde infection i think, multiple popups

Hello Bigdadie,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

http://www.bleepingcomputer.com/forums/t/188418/virtumonde-infection-i-think-multiple-popups/