Iexplorer.exe leading to popups in the background

[asuma]

Basically I've seen a post or two that have similar problems to this, but I'm going to fire away anyway because I still havent been able to completely cure it. At the bottom you will see the three requested logs from the 8 step method. What this problem consists of is a popup that doesn't necessarily popup but that minimizes anything you're doing (word, games, music, etc), and will run a process under "SYSTEM" called "iexplorer.exe" At times when this problem is peaked there are 3-4 "iexplorer.exe" system applications running in the background, with zero iexplorer windows up (I use firefox anyway!!). Now, it's important to note that when I'm not doing anything on my computer, neither is it, but it's often when I'm on the internet or playing a game that It will minimize me and pop one up. Before I used the 8 step method it used to try to install "antivirus 2009", a known virus, and popup random other windows like "gladius". I thought it was cured after the last scan, but as I was checking my hockey pool I got minimized and saw an iexplorer.exe system application!! I feel like it's almost gone, but hopefully you guys can help me completely destroy it.

When the problem was very bad before the 8 step thing, I wasn't even able to use facebook and my entire computer was heavily bogged, saying I had not enough virtual memory, etc, but it ran MUCH faster after the spyware scan etc. Here are the logs, any help would be much appreciated!!

 

[asuma]

Bump.. if someone could help me it'd be much appreciated.

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log


Please also advise me if you have had any PM solicitation to go elsewhere other than TechSpot
Any PM like this should be ignored and taken extremely suspiciously

 

[Bobbye]

asuma, something to check along the line:

It looks like you may have had the Norton Internet Security Suite at some time. The following Services is still loading for it. The Service needs to be disabled and the removal tool used:

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

To disable the Service
Start> Run> services.msc> right click on symlcsvc.exe> Properties> change the Startup type to Disabled> Stop the Service.

Run the removal tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

You can also prevent all those Tracking Cookie seen in SuperAntispyware:
Reset Cookies:

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

NOTE: handle the cleaning first.

 

[asuma]

Sorry about the delayed response, just got back from a trip!! Okay, I'm running the scan again right now, and I'll post the new HJT log and the results when I get back from work !

 

[asuma]

Alrighty, so I ran the malwarebyte's Anti-malware program again after a restart and it said that it detected no malicious activity : (. The popups are still present, every now and then I get a popup that tries to install some sort of Adobe-related program to my computer, and I just exit this. It still is under iexplorer.exe. Here is my new HJT log . Thanks again for the help - I also disabled the symantec service.

 

[Bobbye]

What happened to Avira? You have no antivirus program running!

It won't do much good tor remove anything without this protection. You can rescan with HijackThis again, check the following if you want-but- I wouldn't waste the time until you get an AV program on the system.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = googe.ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=mvjnrEHTuCjQlieSBRUR8tjDtn8
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll>> from Dell
O4 - HKUS\S-1-5-20\..\Run: [higetibegi] Rundll32.exe "C:\WINDOWS\system32\bafepugi.dll",s (User 'NETWORK SERVICE')>>Fraudulent Security Program
O20 - AppInit_DLLs:

Close all Windows except HijackThis and click on FixChecked. Reboot.

You need to run another program. I will instruct you on that AFTER you get the AV back.

 

[asuma]

Okay, I re-installed Avira - The reason why I took it off is that it wouldn't let me connect to an online game I was trying to play, no matter what I tried to do! In addition, every 3 seconds I was hearing that beep sound in regards to the same virus my system apparently had, and no matter which option I chose, it wouldn't stop beeping! Since you're helping me now I have no problems with having it reinstalled and hopefully that will help along the process. Here is another HJT log after the requested items were deleted and my system rebooted.

 

[Bobbye]

Nothing is showing up in the HijackThis log. That does not mean your system is clean. Please UPDATE and scan with Malwarebytes and SuperAntispyware and follow with new scan with HijackThis. Attach all three logs. Depending on what shows, I may have you run the Vundo Fix.

 

[asuma]

well it would appear I'm clear of this so-called iexplorer.exe virus, and avira isn't interfering with anything I'm running, so I much appreciate the help. I was going to ask if I should still run the requested programs to make sure this isn't just a temporary fix or not since I no longer have any symptoms, but I'm sure your answer will be yes, so I'll do them asap and post the results! Thanks again

 

[Bobbye]

so I'll do them asap and post the results!

That would be a good idea.

Re turning off the antivirus program to play games. Not recommended. It could be the site, it could be the game, it could be script on the page with malware. Did you get any message when you tried to load and failed?