Windows Vista Another Antivirus 2009 webscanner issue- Hijackthis log attached

  • Thread starter Thread starter jaskel
  • Start date Start date
J

jaskel

Guest
Hi all, im fixing a mates PC running Xp (i know its not vista..lol) and
it got that webscanner antivirus 2009 on it, i know it is a fake proggy
and for the life of me i cant get rid of it and the stupid little sheild
on the taskbar that pops up all the time, opens IE and sits there
flashing at me..please help remove it

I have run combofix and it got rid of a heap of viruses but this one is
still there.

I have attached the hijack this log.

Thanks Jas

EDIT:

It wont let me attached log file..so here it is:

Logfile of HijackThis v1.99.1
Scan saved at 9:59:22 AM, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\explorer.exe
F:\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= 'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 'Live
Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: TransactionProtector BHO -
{C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend
Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector -
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend
Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP
Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program
Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
Settings\cpqset.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet
Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware
Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
C:\Program Files\Common Files\Microsoft Shared\Encarta Search
Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF:
START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo
Uploader 5) - 'http://upload.facebook.com/controls/...oUploader5.cab'
(http://upload.facebook.com/controls/FacebookPhotoUploader5.cab)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development
Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend
Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service
(TMBMServer) - Unknown owner - C:\Program Files\Trend
Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc.
- C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe


--
jaskel
 
RE: Another Antivirus 2009 webscanner issue- Hijackthis log attached

http://www.microsoft.com/communitie...ed7-e23e-4264-97e8-eb7d5a162b12&lang=en&cr=us

microsoft.public.windowsxp.general
--
Mad Mike


"jaskel" wrote:

>
> Hi all, im fixing a mates PC running Xp (i know its not vista..lol) and
> it got that webscanner antivirus 2009 on it, i know it is a fake proggy
> and for the life of me i cant get rid of it and the stupid little sheild
> on the taskbar that pops up all the time, opens IE and sits there
> flashing at me..please help remove it
>
> I have run combofix and it got rid of a heap of viruses but this one is
> still there.
>
> I have attached the hijack this log.
>
> Thanks Jas
>
> EDIT:
>
> It wont let me attached log file..so here it is:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 9:59:22 AM, on 10/15/2008
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18241)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
> C:\Program Files\HP\QuickPlay\QPService.exe
> C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
> C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
> C:\Program Files\Spyware Doctor\pctsTray.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
> C:\Program Files\Common Files\LightScribe\LSSrvc.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
> C:\Program Files\Spyware Doctor\pctsAuxs.exe
> C:\Program Files\Spyware Doctor\pctsSvc.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
> C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
> C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
> C:\WINDOWS\system32\wdfmgr.exe
> C:\Program Files\Trend Micro\BM\TMBMSRV.exe
> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
> C:\WINDOWS\System32\alg.exe
> C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
> C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
> C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
> C:\WINDOWS\explorer.exe
> F:\hijackthis_sfx.exe
> C:\Program Files\HijackThis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
> 'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
> R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
> 'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = 'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> 'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 'Live
> Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O2 - BHO: TransactionProtector BHO -
> {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend
> Micro\TrendSecure\TransactionProtector\TSToolbar.dll
> O3 - Toolbar: Transaction Protector -
> {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend
> Micro\TrendSecure\TransactionProtector\TSToolbar.dll
> O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI
> Control Panel\atiptaxx.exe"
> O4 - HKLM\..\Run: [SynTPLpr] C:\Program
> Files\Synaptics\SynTP\SynTPLpr.exe
> O4 - HKLM\..\Run: [SynTPEnh] C:\Program
> Files\Synaptics\SynTP\SynTPEnh.exe
> O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP
> Wireless Assistant\HP Wireless Assistant.exe
> O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
> Update\HPWuSchd2.exe
> O4 - HKLM\..\Run: [QPService] "C:\Program
> Files\HP\QuickPlay\QPService.exe"
> O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
> Buttons\EabServr.exe /Start
> O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
> Settings\cpqset.exe
> O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\jre1.5.0_06\bin\jusched.exe
> O4 - HKLM\..\Run: [MSPY2002]
> C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
> O4 - HKLM\..\Run: [PHIME2002ASync]
> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
> O4 - HKLM\..\Run: [PHIME2002A]
> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
> O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet
> Security\UfSeAgnt.exe"
> O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware
> Doctor\pctsTray.exe"
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
> Files\HP\Digital Imaging\bin\hpqtra08.exe
> O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
> Files\HP\Digital Imaging\bin\hpqthb08.exe
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
> C:\Program Files\Common Files\Microsoft Shared\Encarta Search
> Bar\ENCSBAR.DLL
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International
> O14 - IERESET.INF:
> START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q106&bd=presario&pf=laptop
> O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo
> Uploader 5) - 'http://upload.facebook.com/controls/...oUploader5.cab'
> (http://upload.facebook.com/controls/FacebookPhotoUploader5.cab)
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development
> Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
> O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common
> Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
> O23 - Service: LightScribeService Direct Disc Labeling Service
> (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
> Files\LightScribe\LSSrvc.exe
> O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
> C:\Program Files\Spyware Doctor\pctsAuxs.exe
> O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
> C:\Program Files\Spyware Doctor\pctsSvc.exe
> O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend
> Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
> O23 - Service: Trend Micro Unauthorized Change Prevention Service
> (TMBMServer) - Unknown owner - C:\Program Files\Trend
> Micro\BM\TMBMSRV.exe" /service (file missing)
> O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc.
> - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
> O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
> C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
>
>
> --
> jaskel
>
 
Re: Another Antivirus 2009 webscanner issue- Hijackthis log attached

jaskel wrote:

>
> Hi all, im fixing a mates PC running Xp (i know its not vista..lol) and
> it got that webscanner antivirus 2009 on it, i know it is a fake proggy
> and for the life of me i cant get rid of it and the stupid little sheild
> on the taskbar that pops up all the time, opens IE and sits there
> flashing at me..please help remove it
>
> I have run combofix and it got rid of a heap of viruses but this one is
> still there.
>
> I have attached the hijack this log.

(snip HJT log)

We don't analyze HJT logs here in the MS newsgroups. It takes a great deal
of time and expertise to analyze these logs and you will not get the
attention you need here. Instead, choose one of the specialty forums listed
below, register, read its FAQ, and post there.

If you are infected with XP Antivirus or Antivirus 2009/10, here are removal
steps:

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009
http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions)

Removal instructions for Antivirus 2010:
http://www.malwarebytes.org/forums/index.php?showtopic=6703

Removal instructions for Antivirus 2009:
http://www.malwarebytes.org/forums/index.php?showtopic=5178

These may work for you and all may be well. However, in many cases the
computer will also be infected with Zlob and/or Vundo trojans and protected
by a rootkit. These machines are extremely difficult to clean. It is
recommended that you get guided help at one of the specialty forums.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ
 
Re: Another Antivirus 2009 webscanner issue- Hijackthis log attached


thanks m8 but i got it fixed just a few mins ago, use malbytes malware
and cleaned it out.

cheers


--
jaskel
 

Similar threads

R
Malware or Hardware Defect or both?
Replies
0
Views
425
RobertBantele
R
B
Docker build fails when deploying to Service Fabric Local Cluster
Replies
0
Views
71
Ben Geerdes
B
M
The ultimate roundup of Prime Day 2019’s best deals
Replies
0
Views
137
Maren Estrada
M
EDN Admin
Antivirus installation troubles due to Visual C++ error
Replies
0
Views
241
EDN Admin
EDN Admin
T
Can't download updates! I keep getting error 80244019
Replies
4
Views
247
Engel
E
Back
Top