Explorer.exe keeps crashing and keeps rebooting. No viruses showing up i am completely stumped on this one. my hijack this log is attached at the bottom if u could help me rid my comp of this id be forever grateful.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:21 PM, on 11/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O3 - Toolbar: BizForm Bar - {C46CED39-05C9-40C3-88D1-E07AB8128E02} - C:\Program Files\BizForm Bar\Toolbar\BizFormBar.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe  /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Windows Home Server.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - (no file)
O9 - Extra button: (no name) - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197757395218
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - http://earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

End of file - 8428 bytes
9 Years
Discussion Span
Last Post by hotmatrixx

We would prefer that you copy/paste logs rather than attach them.
Since you are not running an anti-virus program and I see several entries for Bitcomet you are taking a real chance not running an anti-virus program.
Please do the following;
Please Download ATF-Cleaner.exe by Atribune

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the Computer.
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run a new HJT full system scan and save the log.
Post back here and Copy/Paste all logs saved here.


he the whole thing just reboots without warning real often it could be a cpu overheating. Google download and run hdd health or check in your bios if you know how. Let me know how it turns out.


thanks hotmatrixxx it wasnt that. i ran that antimalware
Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/18/2008 7:52:45 PM
mbam-log-2008-11-18 (19-52-40).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|I:\|)
Objects scanned: 51584
Time elapsed: 29 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccaWMeF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkHwTKB.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21475d51-3c43-4e70-a6bb-8726de4084bf} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21475d51-3c43-4e70-a6bb-8726de4084bf} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkhwtkb (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49e0e0f0-5c30-11d4-945d-000000000000} (Spyware-Logger.Unknown) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e6280729-9251-41d7-bc1c-572c9548c962} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccawmef -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccawmef -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fccaWMeF.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FeMWaccf.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\FeMWaccf.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jkkHwTKB.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\QU44IT3E\upd[1] (Trojan.Vundo) -> No action taken.

i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back


How did you delete them all? Your log shows

No action taken.

on ALL listed.
Did you run the program again and have it fix or did you manually do it? You should use the MBA-M program to do the fixing as instructed

* Be sure that everything is checked, and click Remove Selected.


excellent. just hit the "mark as solved" button on the thread so that others know you fixed it, and can either come here for help or know you don't need help at the moment.


excellent. just hit the "mark as solved" button on the thread so that others know you fixed it, and can either come here for help or know you don't need help at the moment.

Who are you replying to? The original poster has NOT returned for 8 days to respond to my question asking him if he DID tell the MBA-M program to apply the fixes or if he has run the program again. This thread is NOT solved, we don't know the outcome.


"i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back",

AND he hasn't been back for over a week?...

These were his only posts.(newbe poster, 2 posts total) he has been, got his help, and gone. logic dictates the suggestion, but don't quote me on that.


I am not going to get into a contest here. But doesn't matter if he is a new poster or how many posts he has. Since I was the one working with him, I cannot, in all good conscience say this thread is solved. This is NOT for him, but for others with the same problem who search this out, and end up clicking on this thread and decide since somebody says the thread is solved will then take the same incorrect route as this original poster. To all those people, it is not solved.
His last post showed an MBA-M log without any action taken. He said at the bottom;

"i had 30 dang viruses got rid of em all deleted them from quaritene i will do the online scanner now. and btw the problem has stopped but im gunna make sure they wont come back",

He does NOT state what quarantine...MBA-M, an anti-virus program, some other program he ran...nothing. He also does not state how he is going to make sure they don't come back. But since his logs do NOT show an anti-virus program nor a firewall on the computer BUT does show BitComet, a P2P file sharing program, then the place to start was as I had him do, not assuming the cpu was overheating. He did check what you suggested and that was not the case. He DID run MBA-M which found 13 instances of the Vundo Trojan and various Adware, a Trojan dialer, a Spyware Logger which can be getting his passwords, bank account numbers, etc, not viruses as he states. So we cannot be certain that he removed the same things as noted in that MBA-M log. Those would have been removed IF he selected Remove Selected. But we do not know that he did that. Many times additional fixes must be applied AFTER fixes are completed with MBA-M to be certain the Vundo infection is completely gone, depends how badly the computer was infected. But we DON'T know if these would have been necessary because the original poster did not return.
We cannot assume that he did not return because the problem was fixed. He may not have returned because of incorrect or incomplete fixing which caused damage to the computer.
I for one won't give the poster the notification that the problem is solved until I can see all those logs CLEAN. There are many, many times that after running one or two clean up programs the original problem seems to disappear but this doesn't say the infection is 100% cleaned out. We have to see those logs to be assured enough to say, yes it is clean. So for me, no, until I can see those I won't say the problem is solved. Partially maybe but I can't say that with complete assurance, so I won't. And until the poster installs some security programs on his computer, an anti-virus program and a firewall at the very least, then there is no way for him to

make sure they wont come back




Thanks for not closing this yet.
I am having the same issue.
I am following your instructions to Mr_Onyx69 & will post my log from the ESET Online Scanner as well as a new HJT log.


Hi jistoj and welcome to daniweb.
Once you have completed all the steps you should create your OWN thread, by clicking the Start New Thread button on the upper left side of the page just above the thread list, (see attachment) with a title that will convey to others what your problem is, like Crashing Explorer.exe and then give us the full information on what happens, when it happens, etc. Then list the steps you have taken and post the logs in your new thread. I will keep my eye out for it and take a look.
Just makes it easier on all if only one person's problems are worked on per thread.

Attachments Start_New_Thread_Button.jpg 2.54 KB

I appologize that i never returned. The problem went away but my computer got super slow and etc. etc. So we wiped the drive and everything (thus loosing my link to this site but i found it today). And i did delete those things i had just got the log before i did it. I now have Bitdefender 2009 and it works great for protection but i usually turn it off when im gaming or something of that sort due to lag ingame. And i happened to get viruses again which come to find out came from the game and now computer is doing it again its same viruses that got me vundo mainly and one called Win32.zafi.b which a thing keeps popping up saying your computer needs protection or something like that from Win32.zafi.b and click here for protection which leads to a product called Defender. Which means Bitdefender. And i still had malwarebytes anti-malware still on isnt able to get rid of this thing i dont know what to do. My computer is fine now just this thing keeps popping up and its slowing my computer.


Nevermind got rid of it.. All is well and the instructions to fix this problem work. If you restart your computer all is well again or just go open task manager and click run and explorer.exe and baam it doesnt flicker on and off.


Nevermind got rid of it.. All is well and the instructions to fix this problem work. If you restart your computer all is well again or just go open task manager and click run and explorer.exe and baam it doesnt flicker on and off.

Yeah, but that is a painful thing to do all of the time...

So i think you would want to get it fixed.



click here for protection which leads to a product called Defender. Which means Bitdefender.

Sorry, don't agree here, if it meant BitDefender it would say BitDefender.
You haven't removed the problem if you keep having to end it in taskmanager.
Turning off BitDefender is never a good idea. You are taking a real chance by not actually trying to remove this infection. Update BitDefender and run a scan with it and see if it will remove it.


Bit defender HAS an in-game mode that lowers the firewall settings but maintains AV protection. It's a one-click, too. (rightclick the taskbar icon, it's in that menu)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.