My son's computer is having problems. He gets annoying pop ups while browsing. At startup; iexplore.exe is running (taskbar) 2 to 3 copies without Internet Explorer being opened. When I end program, safebait.exe opens in its place and dissappears and another copy of iexplore.exe comes back. Also, at startup McAfee Security Center, always comes up with computer not protected and needs to fix. It fixes the problem and is protected, but the annoying problem persists. He plays a lot of online games. It's his computer and used for nothing else but games.
At shutdown iexplore.exe end program window comes up and can't end so you have to click end now.
I have uninstalled IE and installed Firefox and the pop ups still appear as a IE browser pop up.
I have been to several blogs and help sites with no help. I have run virus scans and Adaware and found nothing. The only thing that did find some thing was NOLOP.
I ran HijackThis and NOLOP and log files below. Please help.. :confused:
Thanks for your time looking in to this, Linda
-------------------------------------------------------------------------------------------
NoLop! Log by Skate_Punk_21
Fix running from: C:\Documents and Settings\Matthew\Desktop
[3/21/2008]
[3:32:10 AM]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\AE90D3ED909B4949.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Bigfishgamescache
C:\Documents and Settings\All Users\Application Data\Each New Axis Love
C:\Documents and Settings\All Users\Application Data\Genimo
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Iolo
C:\Documents and Settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Siteadvisor
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Wildtangent
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Application Data\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Gtek
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Iolo -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Siteadvisor
C:\Documents and Settings\Matthew\Application Data\Adobe
C:\Documents and Settings\Matthew\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Matthew\Application Data\Bitdownload
C:\Documents and Settings\Matthew\Application Data\Corel
C:\Documents and Settings\Matthew\Application Data\Cyberlink
C:\Documents and Settings\Matthew\Application Data\Getrighttogo
C:\Documents and Settings\Matthew\Application Data\Google
C:\Documents and Settings\Matthew\Application Data\Gtek
C:\Documents and Settings\Matthew\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Matthew\Application Data\Identities
C:\Documents and Settings\Matthew\Application Data\Imvu
C:\Documents and Settings\Matthew\Application Data\Iolo
C:\Documents and Settings\Matthew\Application Data\Jasc
C:\Documents and Settings\Matthew\Application Data\Jasc Software Inc
C:\Documents and Settings\Matthew\Application Data\Leadertech
C:\Documents and Settings\Matthew\Application Data\Macromedia
C:\Documents and Settings\Matthew\Application Data\Microsoft
C:\Documents and Settings\Matthew\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Matthew\Application Data\Move Networks
C:\Documents and Settings\Matthew\Application Data\Mozilla
C:\Documents and Settings\Matthew\Application Data\Myspace
C:\Documents and Settings\Matthew\Application Data\Participatory Culture Foundation
C:\Documents and Settings\Matthew\Application Data\Ping Less Surf
C:\Documents and Settings\Matthew\Application Data\Playfirst
C:\Documents and Settings\Matthew\Application Data\Reno 911 Paintball -- EMPTY Directory
C:\Documents and Settings\Matthew\Application Data\Siteadvisor
C:\Documents and Settings\Matthew\Application Data\Solsuite
C:\Documents and Settings\Matthew\Application Data\Sonic
C:\Documents and Settings\Matthew\Application Data\Sun
C:\Documents and Settings\Matthew\Application Data\Uniblue
C:\Documents and Settings\Matthew\Application Data\Ventrilo
C:\Documents and Settings\Matthew\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Matthew\Application Data\Yahoo!
C:\Documents and Settings\Networkservice\Application Data\Microsoft
------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:30 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - (no file)
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-1.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\ref default.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [type option] C:\DOCUME~1\Matthew\APPLIC~1\PINGLE~1\safebait.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {988E213A-89C7-4C4E-B15F-5B7EDA2C34C0} (GenimoWebGames Control) - http://www.shockwave.com/content/butterflyescape/sis/GenimoWebGamesControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
--
End of file - 9009 bytes