My Documents Keeps Opening Virus Windows Vista SP1...Solution?

My Documents opens about every 2 minutes and I can not figure out how to make it stop. I recently had the Internet Security 2010 Virus and got rid of it with Spyware Doctor. I am also running AVG Anit-Virus software, but neither program seems to help. I have also done alot of internet research to try and see if I could somehow resolve the problem. I have checked in the regedit



HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon



and



HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced

In RHS panel, change value of %26quot;PersistBrowsers%26quot; to 0



But nothing had been changed and the problem is persisting. I think it might have something to do with a program that is running at startup labeled Microsoft Windows host process (Rundll32), but I am not sure. I have read that this might be a legit file, and I really don't know how to tell, or what to do about it if it is a file the virus is using to open My Documents over and over. I have also ran %26quot;Hijackthis%26quot; in order to create a log to tell if my browser has been hijacked. Here is the log...



Running processes:

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\TOSHIBA\IVP\ISM\pinger.exe

C:\PROGRA~2\AVG\AVG8\avgam.exe

C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~2\AVG\AVG8\avgemc.exe

C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\Spyware Doctor\pctsTray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.e?br>
C:\Program Files (x86)\Spyware Doctor\pctsGui.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Heath\Downloads\HijackThis.ex?br>


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=5

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=5

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=6

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentV?Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper?br>
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exeMy Documents Keeps Opening Virus Windows Vista SP1...Solution?
For one, you do not have the SP2 which came out in May of 09 and you may want to check for malware, Try free of malwarebytes , get it here.http://www.malwarebytes.org/mbam.php ~



Edit : Post your log here and have it analyzed http://www.hijackthis.de/My Documents Keeps Opening Virus Windows Vista SP1...Solution?
Same problem here, it has popped up twice in the past week, both times after extended internetting. First time I had to fix it with a restore, running vista x64, comodo and AVG but it still got thru.

This time I tried Malawarebytes as mentioned above and it fixed the problem.

Report Abuse

My Documents Keeps Opening Virus Windows Vista SP1...Solution?
Malawarebytes also did the trick for me! Thank you for your postings. I picked up a virus after opening a UPS hoax that contained a virus. After opening the attachments in the email, my Document Folder kept opening up every 2 minutes.

Report Abuse