Previous Topic Next Topic

Internet explorer 2010 scam

Solved/Closed
Ashley - May 23, 2010 at 01:03 AM
 bourza - May 28, 2010 at 06:10 PM
Hi there

I'm having a huge problem and its becoming a pain in the ass. Sorry for my language but this is very annoying. Recently I was having pc problems and i had malware on my computer. One day my computer pops up and ad it said internet explorer 2010 security I clicked on it like can idiot. My whole freakin desktop was gone popping up the security scam every five min. Now i have gotten rid of the fake security but i still dont have a desktop. I cant acess task manager. i can on the internet because i i have a invalid geinuane windows thingy and i hit reslove now and im able to get on mozilla firefox. I have downloaded combofix but it says i have a rookit and tells me to reboot after that no sight of combofix. I did a scan with highjack this which are bad I will show u my scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:41 PM, on 5/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SUPERAntiSpyware\63e28295-aa8f-4774-91ef-c8ab66430184.exe
C:\Program Files\Trend Micro\HijackThis\DoIt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Softonic-Eng46 Toolbar - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files\Softonic-Eng46\tbSof1.dll
F2 - REG:system.ini: Shell=C:\WINDOWS\system32\aqce5878k.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1ECE285A-E97B-409B-BF37-6F4CD0E4C8B8} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dm33.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {79AD4E0B-7923-4476-831D-F0658ADDE93A} - c:\windows\system32\rpnxzkj.dll (file missing)
O2 - BHO: Softonic-Eng46 Toolbar - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files\Softonic-Eng46\tbSof1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic-Eng46 Toolbar - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files\Softonic-Eng46\tbSof1.dll
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] "C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eaofwkoy] C:\Documents and Settings\ROFL\Local Settings\Application Data\bjgybxwos\msllwyltssd.exe
O4 - HKLM\..\Run: [PrevxRootkitRemovalTool] "C:\Documents and Settings\ROFL\My Documents\Downloads\5C8FCT6.exe" -scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ROFL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\ROFL\LOCALS~1\Temp\Dzc.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QZAIB7KITK] C:\WINDOWS\Drukea.exe
O4 - HKCU\..\Run: [PMA_ENT] "C:\Program Files\AntiMalware Pro\AntiMalwarePro.exe"
O4 - HKCU\..\Run: [My Security Engine] "C:\Documents and Settings\All Users\Application Data\27a8db7\MS27a8.exe" /s /d
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.azlyrics.com
O15 - Trusted Zone: http://*.gretchen.com
O15 - Trusted Zone: *.http;evanescence.com
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://*.trollz wold.com
O15 - Trusted Zone: https://www.wildbrain.com/
O15 - Trusted Zone: http://*.vampirefreaks.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1B2207B-5DB9-43AA-9A94-E7718EDD4F38}: NameServer = 93.188.162.181,93.188.161.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1147D1C-6377-4674-91B9-1FF7FD483434}: NameServer = 93.188.162.181,93.188.161.139
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.181,93.188.161.139
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.162.181,93.188.161.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.181,93.188.161.139
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jxzwhkua - rpnxzkj.dll (file missing)
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
Related:

3 responses

Answer 1 / 3
ashley
May 23, 2010 at 01:05 AM
ohhh and plus it says i still have a virus this is absurd . I cannot believe people can get away with this pure stupidity. so i would apperciate some assistance please i ask of you.
0
Answer 2 / 3
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,172
May 23, 2010 at 05:32 PM
Greetings Ashley,

You sure have a way to get into trouble, but have no fear, Kioskea is here to fix your sticky wicket!

1. Boot into safemode with Networking

2. Please request a Hyjackthis scan, just the scan no log and check the following items:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R3 - URLSearchHook: Softonic-Eng46 Toolbar - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files\Softonic-Eng46\tbSof1.dll

O2 - BHO: (no name) - {1ECE285A-E97B-409B-BF37-6F4CD0E4C8B8} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dm33.dll (file missing)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
Sûr Windows Live Toolbar beta Search Enhancement Pack

O2 - BHO: (no name) - {79AD4E0B-7923-4476-831D-F0658ADDE93A} - c:\windows\system32\rpnxzkj.dll (file missing)

O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.181,93.188.161.139

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.162.181,93.188.161.139

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.181,93.188.161.139

O20 - Winlogon Notify: jxzwhkua - rpnxzkj.dll (file missing)

3. Once checked, please click on Fix checked and close Hyjackthis

4. Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

5. Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

6. This was a lot of typing, so please give me feedback for, if you don't, I may throw a curse on your system which will cause to ask for chewing gum all of the time.:)))

Good luck
0
Ashley
May 24, 2010 at 02:37 PM
Thank You so much I will do as you ask and give you feedback when, this is all complete. Appreciate your help thank you. I will do something in the meanwhile watch WWE will the scan is running lol. Have a wonderful day:))))) and thank you again.
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,172
May 28, 2010 at 05:44 PM
Thank you very much for your message it is well appreciated.
0
Answer 3 / 3
bourza
May 28, 2010 at 06:10 PM
Plus one for malwarebytes - its the best programme out and free.

Anyone who doesnt have it is nuts.
0

Similar discussions

DNS probe finished no internet on Mac
garymota -
Kelly -

17 responses