Another Antivirus 2009 webscanner issue- Hijackthis log attached

Hi all, im fixing a mates PC running Xp (i know its not vista..lol) an
it got that webscanner antivirus 2009 on it, i know it is a fake progg
and for the life of me i cant get rid of it and the stupid little sheil
on the taskbar that pops up all the time, opens IE and sits ther
flashing at me..please help remove i

I have run combofix and it got rid of a heap of viruses but this one i
still there

I have attached the hijack this log

Thanks Ja

EDIT

It wont let me attached log file..so here it is

Logfile of HijackThis v1.99.
Scan saved at 9:59:22 AM, on 10/15/200
Platform: Windows XP SP2 (WinNT 5.01.2600
MSIE: Internet Explorer v8.00 (8.00.6001.18241

Running processes
C:\WINDOWS\System32\smss.ex
C:\WINDOWS\system32\csrss.ex
C:\WINDOWS\system32\winlogon.ex
C:\WINDOWS\system32\services.ex
C:\WINDOWS\system32\lsass.ex
C:\WINDOWS\system32\Ati2evxx.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\System32\svchost.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\system32\svchost.ex
C:\WINDOWS\system32\Ati2evxx.ex
C:\WINDOWS\system32\spoolsv.ex
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.ex
C:\Program Files\Synaptics\SynTP\SynTPLpr.ex
C:\Program Files\Synaptics\SynTP\SynTPEnh.ex
C:\Program Files\HP\HP Software Update\HPWuSchd2.ex
C:\Program Files\HP\QuickPlay\QPService.ex
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.ex
C:\Program Files\Java\jre1.5.0_06\bin\jusched.ex
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.ex
C:\Program Files\Spyware Doctor\pctsTray.ex
C:\WINDOWS\system32\ctfmon.ex
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.ex
C:\Program Files\Common Files\LightScribe\LSSrvc.ex
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.ex
C:\Program Files\Spyware Doctor\pctsAuxs.ex
C:\Program Files\Spyware Doctor\pctsSvc.ex
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.ex
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.ex
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.ex
C:\WINDOWS\system32\wdfmgr.ex
C:\Program Files\Trend Micro\BM\TMBMSRV.ex
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.ex
C:\WINDOWS\System32\alg.ex
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.ex
C:\Program Files\Trend Micro\Internet Security\TmProxy.ex
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.ex
C:\WINDOWS\explorer.ex
F:\hijackthis_sfx.ex
C:\Program Files\HijackThis\HijackThis.ex

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL
'http://windiwsfsearch.com' (http://windiwsfsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL
'http://windiwsfsearch.com' (http://windiwsfsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_UR
= 'http://windiwsfsearch.com' (http://windiwsfsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_UR
= 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 'Liv
Search' (http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dl
O2 - BHO: Google Toolbar Helper
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\progra
files\google\googletoolbar2.dl
O2 - BHO: TransactionProtector BHO
{C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Tren
Micro\TrendSecure\TransactionProtector\TSToolbar.d l
O3 - Toolbar: Transaction Protector
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Tren
Micro\TrendSecure\TransactionProtector\TSToolbar.d l
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\AT
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Progra
Files\Synaptics\SynTP\SynTPLpr.ex
O4 - HKLM\..\Run: [SynTPEnh] C:\Progra
Files\Synaptics\SynTP\SynTPEnh.ex
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP
Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program
Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
Settings\cpqset.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet
Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware
Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
C:\Program Files\Common Files\Microsoft Shared\Encarta Search
Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF:
START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q106&bd=presar io&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo
Uploader 5) - 'http://upload.facebook.com/controls/...oUploader5.cab'
(http://upload.facebook.com/controls/...oUploader5.cab)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development
Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend
Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service
(TMBMServer) - Unknown owner - C:\Program Files\Trend
Micro\BM\TMBMSRV.exe" /service (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc.
- C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe


--
jaskel

http://www.microsoft.com/communities...&lang=en&cr=us

microsoft.public.windowsxp.general
--
Mad Mike


"jaskel" wrote:

>
> Hi all, im fixing a mates PC running Xp (i know its not vista..lol) and
> it got that webscanner antivirus 2009 on it, i know it is a fake proggy
> and for the life of me i cant get rid of it and the stupid little sheild
> on the taskbar that pops up all the time, opens IE and sits there
> flashing at me..please help remove it
>
> I have run combofix and it got rid of a heap of viruses but this one is
> still there.
>
> I have attached the hijack this log.
>
> Thanks Jas
>
> EDIT:
>
> It wont let me attached log file..so here it is:
>
> Logfile of HijackThis v1.99.1
> Scan saved at 9:59:22 AM, on 10/15/2008
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18241)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
> C:\Program Files\HP\QuickPlay\QPService.exe
> C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
> C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
> C:\Program Files\Spyware Doctor\pctsTray.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
> C:\Program Files\Common Files\LightScribe\LSSrvc.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
> C:\Program Files\Spyware Doctor\pctsAuxs.exe
> C:\Program Files\Spyware Doctor\pctsSvc.exe
> C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
> C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
> C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
> C:\WINDOWS\system32\wdfmgr.exe
> C:\Program Files\Trend Micro\BM\TMBMSRV.exe
> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
> C:\WINDOWS\System32\alg.exe
> C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
> C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
> C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
> C:\WINDOWS\explorer.exe
> F:\hijackthis_sfx.exe
> C:\Program Files\HijackThis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
> 'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
> R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
> 'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = 'http://windiwsfsearch.com' (http://windiwsfsearch.com/)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> 'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 'Live
> Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar2.dll
> O2 - BHO: TransactionProtector BHO -
> {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend
> Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
> O3 - Toolbar: Transaction Protector -
> {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend
> Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
> O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI
> Control Panel\atiptaxx.exe"
> O4 - HKLM\..\Run: [SynTPLpr] C:\Program
> Files\Synaptics\SynTP\SynTPLpr.exe
> O4 - HKLM\..\Run: [SynTPEnh] C:\Program
> Files\Synaptics\SynTP\SynTPEnh.exe
> O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP
> Wireless Assistant\HP Wireless Assistant.exe
> O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
> Update\HPWuSchd2.exe
> O4 - HKLM\..\Run: [QPService] "C:\Program
> Files\HP\QuickPlay\QPService.exe"
> O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
> Buttons\EabServr.exe /Start
> O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
> Settings\cpqset.exe
> O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\jre1.5.0_06\bin\jusched.exe
> O4 - HKLM\..\Run: [MSPY2002]
> C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
> O4 - HKLM\..\Run: [PHIME2002ASync]
> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
> O4 - HKLM\..\Run: [PHIME2002A]
> C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
> O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet
> Security\UfSeAgnt.exe"
> O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware
> Doctor\pctsTray.exe"
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
> Files\HP\Digital Imaging\bin\hpqtra08.exe
> O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program
> Files\HP\Digital Imaging\bin\hpqthb08.exe
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.5.0_06\bin\ssv.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
> C:\Program Files\Common Files\Microsoft Shared\Encarta Search
> Bar\ENCSBAR.DLL
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International
> O14 - IERESET.INF:
> START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q106&bd=presar io&pf=laptop
> O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo
> Uploader 5) - 'http://upload.facebook.com/controls/...oUploader5.cab'
> (http://upload.facebook.com/controls/...oUploader5.cab)
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development
> Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
> O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -
> C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common
> Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
> O23 - Service: LightScribeService Direct Disc Labeling Service
> (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
> Files\LightScribe\LSSrvc.exe
> O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
> C:\Program Files\Spyware Doctor\pctsAuxs.exe
> O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
> C:\Program Files\Spyware Doctor\pctsSvc.exe
> O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend
> Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
> O23 - Service: Trend Micro Unauthorized Change Prevention Service
> (TMBMServer) - Unknown owner - C:\Program Files\Trend
> Micro\BM\TMBMSRV.exe" /service (file missing)
> O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc.
> - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
> O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
> C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
>
>
> --
> jaskel
>

jaskel wrote:

>
> Hi all, im fixing a mates PC running Xp (i know its not vista..lol) and
> it got that webscanner antivirus 2009 on it, i know it is a fake proggy
> and for the life of me i cant get rid of it and the stupid little sheild
> on the taskbar that pops up all the time, opens IE and sits there
> flashing at me..please help remove it
>
> I have run combofix and it got rid of a heap of viruses but this one is
> still there.
>
> I have attached the hijack this log.

(snip HJT log)

We don't analyze HJT logs here in the MS newsgroups. It takes a great deal
of time and expertise to analyze these logs and you will not get the
attention you need here. Instead, choose one of the specialty forums listed
below, register, read its FAQ, and post there.

If you are infected with XP Antivirus or Antivirus 2009/10, here are removal
steps:

http://www.bleepingcomputer.com/malw...antivirus-2009
http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions)

Removal instructions for Antivirus 2010:
http://www.malwarebytes.org/forums/i...showtopic=6703

Removal instructions for Antivirus 2009:
http://www.malwarebytes.org/forums/i...showtopic=5178

These may work for you and all may be well. However, in many cases the
computer will also be infected with Zlob and/or Vundo trojans and protected
by a rootkit. These machines are extremely difficult to clean. It is
recommended that you get guided help at one of the specialty forums.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

thanks m8 but i got it fixed just a few mins ago, use malbytes malwar
and cleaned it out

cheer

--
jaskel