Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Changed Background To Warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer

  • Please log in to reply
1 reply to this topic

#1 kb1171


  • Members
  • 1 posts
  • Local time:06:35 PM

Posted 18 July 2008 - 01:30 PM

Hi all, my background changed to what is in the title saying Warning, spyware detected on yoru computer install antivirus or spyware to clean computer. I tried searching for solutions on google and already tried spyware doctor and spyware bot. When those didnt work I downloaded Hijackthis and ran it. The following is the long. Any help is greatly appreciated especially in layman's terms as I am not the most computer savvy. Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:22 PM, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\SafeGuard\SafeGuard Easy\SgeCtl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\program files\sim\simloader.exe
C:\SafeGuard\SafeGuard Easy\Ecview.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\SafeGuard\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mykcurve.pwcinternal.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PwCPlugin.PwCHighlighter - {aaa9f5f4-27f6-4f85-a879-7ea50b4322cd} - C:\WINDOWS\system32\mscoree.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Software Install Manager] c:\program files\sim\simloader.exe /auto /nodialog
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [gethdd] C:\CUSTOM\GETHDD\gethdd.exe /SETBYREG
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SgeEcView] C:\SafeGuard\SafeGuard Easy\Ecview.exe
O4 - HKLM\..\Run: [Heuristics] C:\WINDOWS\regedit.exe /s C:\WINDOWS\hibernate_off.reg
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Control] C:\Custom\Cfgfiles\devicntr03.exe -S -mode=disable -devid=1394 -inffl=1394.inf -pnffl=1394.pnf -add2run=1 -title="IEEE 1394 (Firewire)"
O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphcte8j0e9be] C:\WINDOWS\system32\lphcte8j0e9be.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: XPINST.lnk = C:\CUSTOM\XPINST.EXE (User 'Default user')
O4 - Global Startup: Assurance Toolbar.LNK = C:\Program Files\AtHoc\AtHoc.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: pwc.emotion.com
O15 - Trusted Zone: *.projectinvision.com
O15 - Trusted Zone: brandsite.pwc.com
O15 - Trusted Zone: http://invision.pwcinternal.com
O15 - Trusted Zone: mass-bw.nam.pwcinternal.com
O15 - Trusted Zone: http://project.nam.pwcinternal.com
O15 - Trusted Zone: usbw.nam.pwcinternal.com
O15 - Trusted Zone: http://usphi1gdcapp19.pwcinternal.com
O15 - Trusted Zone: http://ustpa3gtsap146.nam.pwcinternal.com
O15 - Trusted Zone: uxgfbwdv.nam.pwcinternal.com
O15 - Trusted Zone: uxgfbwqa.nam.pwcinternal.com
O15 - Trusted Zone: uxgfugd.nam.pwcinternal.com
O15 - Trusted Zone: uxgfugm.nam.pwcinternal.com
O15 - Trusted Zone: uxgfugq.nam.pwcinternal.com
O15 - Trusted Zone: pwc.emotion.com (HKLM)
O15 - Trusted Zone: *.projectinvision.com (HKLM)
O15 - Trusted Zone: brandsite.pwc.com (HKLM)
O15 - Trusted Zone: mass-bw.nam.pwcinternal.com (HKLM)
O15 - Trusted Zone: usbw.nam.pwcinternal.com (HKLM)
O15 - Trusted Zone: uxgfbwdv.nam.pwcinternal.com (HKLM)
O15 - Trusted Zone: uxgfbwqa.nam.pwcinternal.com (HKLM)
O15 - Trusted Zone: uxgfugd.nam.pwcinternal.com (HKLM)
O15 - Trusted Zone: uxgfugm.nam.pwcinternal.com (HKLM)
O15 - Trusted Zone: uxgfugq.nam.pwcinternal.com (HKLM)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {ACF93F61-9F60-4C1E-A015-E3B3812BD58C} (PVDMDocViewControls.PVDMDocView) - https://papervision.hphood.com/CABS/PVDMDocView400.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centra.pwcinternal.com/SiteRoots/ma...aDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.nam.ad.pwcinternal.com
O17 - HKLM\Software\..\Telephony: DomainName = us.nam.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.nam.ad.pwcinternal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = pwcinternal.com,nam.pwcinternal.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pwcinternal.com,nam.pwcinternal.com
O18 - Filter hijack: text/html - {eec00589-90e6-4a27-b81f-61c7b2616351} - C:\WINDOWS\system32\msiebbar.dll
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: PLMS32 - Unknown owner - C:\WINDOWS\system32\plms32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PWSSvc - Unknown owner - C:\Program Files\Colligo Networks\Colligo TeamSync 3.3\pwssvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\SafeGuard\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\SafeGuard\SafeGuard Easy\WksCfgSrv.exe

End of file - 15488 bytes

BC AdBot (Login to Remove)



#2 Metallica


    Spyware Veteran

  • Malware Response Team
  • 215 posts
  • Gender:Male
  • Location:Netherlands
  • Local time:11:35 PM

Posted 19 July 2008 - 10:26 AM

Hi kb1171,

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Registry Fix

Please open up an instance of Notepad.
  • Click on:
    • Start, then
    • All Programs, then
    • Accessories, then
    • Notepad
  • Copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad




  • Save it as "All Files" and name it RemoveFilter.reg. Let the location be your desktop.
  • Navigate to your desktop.
  • Double click RemoveFilter.reg
  • A window will prompt you to Merge RemoveFilter.reg with the Windows Registry, this is normal. Choose Yes/Ok.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
Then follow the instructions here to clear your Java cache.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
How can I be lost, if I've got nowhere to go?
My blog
MS-MVP Consumer Security 2003-2015

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users