Problems with windows register

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Problems with windows register, continuos warnig of register problems

Options

Mundo View Member Profile	Sep 2 2006, 04:18 PM Post #1
New Member Group: New Member Posts: 2 Joined: 2-September 06 Member No.: 61,020 Operating System: XP	My computer display continuosly from Messenger Service a warning seying that: "Windows has found nn critical system errors, To fix the errors please do the following 1. Dowload registry update from ...etc Failure to act now may lead to system failure" . I am sure that this is spyware or somthing like that, but I need to know how to remove it from my computer, I'll appreciate any help that I recive to do so. ¡VERY THANKS IN ADVANCE! Logfile of HijackThis v1.99.1 Scan saved at 17:30:55, on 02-09-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\EzButton\CplBTQ00.EXE C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe C:\Archivos de programa\ltmoh\Ltmoh.exe C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe C:\Archivos de programa\Toshiba Controls\CpRmtKey.EXE C:\Archivos de programa\TOSHIBA\Power Management\CePMTray.exe C:\WINDOWS\System32\ezSP_Px.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\VM303_STI.EXE C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\CTFMON.EXE C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\Maribel\Escritorio\HijackThis.exe C:\Archivos de programa\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gizmobar.com/searchie.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibalatino.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibalatino.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: GizmoBar - {7345F548-C9AC-46F7-A350-524964350D25} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CplBTQ00] C:\Archivos de programa\EzButton\CplBTQ00.EXE O4 - HKLM\..\Run: [TPNF] C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [CpRmtKey] "C:\Archivos de programa\Toshiba Controls\CpRmtKey.EXE" O4 - HKLM\..\Run: [CeEPOWER] C:\Archivos de programa\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Registry Rinse] C:\Archivos de programa\Registry Rinse\RegistryRinse.exe /scan O4 - Global Startup: Inicio rápido de Microsoft Office OneNote 2003.lnk = C:\Archivos de programa\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe This post has been edited by Mundo: Sep 2 2006, 05:05 PM

shelf life View Member Profile	Sep 2 2006, 05:03 PM Post #2
SuperMember Group: Malware Expert Posts: 3,066 Joined: 15-May 04 From: @localhost Member No.: 6,820 Operating System: Fedora Core, XP	hi Mundo, registry warnings? this maybe: [Registry Rinse] C:\Archivos de programa\Registry Rinse\RegistryRinse.exe /scan from there website: QUOTE Installation of the Registry Rinse product and scanning of your computer is free of charge. However, if and when the Registry Rinse product detects "Errors" as defined below, on your computer and you wish to use Registry Rinse to remove the unwanted software, application, or code, you must then purchase a copy of Registry Rinse, which includes the ability to clean your machine of the unwanted software, application, or code. shelf life

Mundo View Member Profile	Sep 2 2006, 05:13 PM Post #3
New Member Group: New Member Posts: 2 Joined: 2-September 06 Member No.: 61,020 Operating System: XP	thank you shelf life, and sorry for my english

shelf life View Member Profile	Sep 3 2006, 12:56 PM Post #4
SuperMember Group: Malware Expert Posts: 3,066 Joined: 15-May 04 From: @localhost Member No.: 6,820 Operating System: Fedora Core, XP	hi Mundo, i would uninstall RegistryRinse, it might be finding registry "problems" just so you buy it. get this which is free, has a registry cleaner and other options: http://www.ccleaner.com/ shelf life

shelf life View Member Profile	Sep 24 2006, 02:30 PM Post #5
SuperMember Group: Malware Expert Posts: 3,066 Joined: 15-May 04 From: @localhost Member No.: 6,820 Operating System: Fedora Core, XP	Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread. Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted. Make sure you use proper prevention to keep from having problems occur to your computer in the future. Coyote's Installed programs for prevention: http://forums.tomcoyote.org/index.php?showtopic=31418 The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Microsoft Windows™ how to get from C:\Windows to C:\ in DOS	3	Denise_M1	14	Today, 07:56 PM Last post by: Ztruker
Microsoft Windows™ Windows 7 Beta Goes public friday.	0	Micha'El	8	Today, 07:05 PM Last post by: Micha'El
Browsers, Internet and email Problems viewing webpages with Firefox	6	lxl	34	Today, 06:49 PM Last post by: tallin
HijackThis™ Logs and Infections Removal Several aspects of windows not running	1	tinytears	25	Today, 06:44 PM Last post by: oldman960