Iexplore.exe... about to wipe entire system

[Ferret1972]

1. i use firefox. uninstalled internet exploder through add/remove <though i'm sure it's still there.>

2. iexplore.exe appears in my task manager on its own, preceded by several <clicks> as though i'm browsing the web, no visual, though sometimes audio of an advert.

3. tried avg, mccafee, trojanhunter,spybotblaster, and addaware...to no avail.

4. Can not enter safe mode through windows, starts safemode text cascade, then warmboots back to initial boot sequence...

searched multiple forums and found several posts in regards to this malware/spyware/megapain and nothing has yet to work, anyone willing to give it a wack, it would be much appreciated, thank you in advance.

Ferret

 

[Ferret1972]

log files

Apparently in my haste to alleviate my annoyance, i missed the preliminary 8 step program >.<

here r the logs

Ferret

 

[Tmagic650]

IE8 provides additional Windows security and is part of Windows core files. If you have removed it, you have crippled Windows security... It is partially because you use Firefox without some security add-ons and cookie handlers that you are in this mess. Please fix or delete these entries in the hijackthis log, and we will continue from there:

"C:\Program Files\Search Settings\SearchSettings.exe"
"R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll"
"F3 - REG:win.ini: load=C:\WINDOWS\system\svchost.exe"
"O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)"
"O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll"
"O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll"
"O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe"
"O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe"
"O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll"
"O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll"

You have been infected by some serious virus/malware that were caught or detected, but there is no guarantee that they are totally gone. So we may require more serious cleaning help

 

[Bobbye]

DealioAu.exe, "Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products" . this should be an optional removal.

Reference: http://blog.auctiontips.com/ebay_community/

The Search Setting is 'foistware' installed without the users knowledge or permission. Viewpoint is also considered 'foistware'.

I would rather have you run Combofix for this and some of the other entries, including
F3 - REG:win.ini: load=C:\WINDOWS\system\svchost.exe

You also have restrictions placed as follows:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
This can be a result of the malware.

Please disable TeaTimer temporarily:

• Right click the TeaTimer icon in the system Tray
  
• Then click Exit Spybot-S&D Resident
• (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

It would be safer to have Combofix fix it:
Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
• Run Combo-Fix.exe and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attach the Combofix report to your next reply.

Rescan with HijackThis and paste that log into the next reply.

Tmagic, I think this is a safer way to go.

 

[Tmagic650]

DealioAu.exe, "Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products"...

and it is a great spyware and malware magnet. Just what keeps Bobbye in business

"Tmagic, I think this is a safer way to go"...

No argument here

 

[Ferret1972]

ok

alrighty then ~.<

b4 tmagic reposted i followed through...i ran combofix, log attached, then ran hijack and cleaned out the rest tmagic suggested....log attached...also attached was an error message that occurred when i ran HJT..don't know relevevance..and while running combofix..i explore opened itself and an advert popped into my headset... >.>

restarted comp and hung on shutdown....warm booted back and here i am...i await your wisdom

Ferret

 

[Tmagic650]

"i explore opened itself and an advert popped into my headset... >.>

An audio popup? How is the system running now? Your Hijackthis log looks much better

 

[Ferret1972]

reply

after the reboot...iexplorer almost immediatly opened itself up...this is what alerted me to a problem..and it still exists...

Ferret

 

[Ferret1972]

some steps

i've even gone into the registry and did a search for "iexplore.exe" and nothing of note....my deletion or add/remove of IE was in an attempt to eliminate the problem <ergo no ie..no explorer to open> yet it still does...there is no apparent tie to my internet connection as if i unplug my modem it will still self start...there hasn't been a scan/deletion yet that has had an effect on it, and even more, it will even pop open while i'm running a diagnostic/scanning tool...i'm at a loss..

Ferret

 

[Tmagic650]

Reinstall IE8 and apply all the waiting updates using Windows Update with the Custom option

 

[Ferret1972]

ok..thanx for your patience

i tried to do updates...over 50% were failing, so i cancelled..and on reboot windows froze. went to windows cd and 'repaired' windows. ran combofix and HJT and logs are attached. also iexplorer has yet to rear it's ugly head. please scan logs and i await further assistance. in the meantime, i might try to do the windows updates again, but anything else i'll wait for u to pervue the logs. thanx again

Ferret