Lavasoft Support Forums > spyware from registry cleaner site won't go away

Full Version: spyware from registry cleaner site won't go away

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues

safetyglass

Jul 20 2006, 03:02 AM

I picked up spyware that constantly brings up messages telling me my registry is damaged and directing me to down load software from various sites to fix problem. Ad-Aware SE does not remove this spyware and repeated attempts to contact support at the web sites in the pop ups were ignored. I have included my logfile and I believe the messages are initiating from a file regsvc.exe (process #10 in the log file). What I get is a typical windows box that says Messenger service on top, then a message like this

"Message from SYSTEM to ALERT on 7/19/2006 9:38:37 PM
STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found CRITICAL SYSTEM ERRORS.
Run Registry Repair from: http://fixwin32.com
FAILURE TO ACT NOW MAY CAUSE DATA LOSS AND CORRUPTION!"

I get 15 to 20 variations of this message all with different web addresses where I can buy software to fix my registry. At times these messeges will pop up every few seconds so it is a very big problem. Please help me, I am afraid I will have to wipe my hard drive and start all over. Below is my log file.

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, July 19, 2006 9:13:09 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R115 17.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

7-19-2006 9:13:09 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 136
ThreadCreationTime : 7-19-2006 2:58:08 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 160
ThreadCreationTime : 7-19-2006 2:58:14 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 156
ThreadCreationTime : 7-19-2006 2:58:16 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 208
ThreadCreationTime : 7-19-2006 2:58:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 220
ThreadCreationTime : 7-19-2006 2:58:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 400
ThreadCreationTime : 7-19-2006 2:58:19 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 424
ThreadCreationTime : 7-19-2006 2:58:20 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 452
ThreadCreationTime : 7-19-2006 2:58:20 PM
BasePriority : Normal

#:9 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 468
ThreadCreationTime : 7-19-2006 2:58:20 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:10 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 512
ThreadCreationTime : 7-19-2006 2:58:20 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:11 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 540
ThreadCreationTime : 7-19-2006 2:58:21 PM
BasePriority : Normal
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:12 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 636
ThreadCreationTime : 7-19-2006 2:58:22 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:13 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 784
ThreadCreationTime : 7-19-2006 2:58:30 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:14 [atiptaxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 888
ThreadCreationTime : 7-19-2006 2:58:36 PM
BasePriority : Normal
FileVersion : 4.12.2470
ProductVersion : 4.12.2470
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Task Icon
InternalName : ATIPDSXX
LegalCopyright : Copyright © 1998-2000 ATI Technologies Inc.
OriginalFilename : ATIPTAXX.DLL

#:15 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 940
ThreadCreationTime : 7-19-2006 2:58:37 PM
BasePriority : Normal

#:16 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 956
ThreadCreationTime : 7-19-2006 2:58:37 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:17 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 896
ThreadCreationTime : 7-19-2006 2:58:37 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:18 [qbdagent.exe]
FilePath : C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\
ProcessID : 948
ThreadCreationTime : 7-19-2006 2:58:38 PM
BasePriority : Normal
FileVersion : 8, 1, 0, 0
ProductVersion : 8, 1, 0, 0
ProductName : QuickBooks
FileDescription : QBDAgent Module
InternalName : QBDAgent
LegalCopyright : Copyright © 1999 by Intuit
LegalTrademarks : QuickBooks® and Quicken® are registered trademarks of Intuit Inc.
OriginalFilename : QBDAgent.EXE

#:19 [iam.exe]
FilePath : C:\Program Files\CallWave\
ProcessID : 932
ThreadCreationTime : 7-19-2006 2:58:39 PM
BasePriority : Normal
FileVersion : 3.09.8 (9-February-2006)
ProductVersion : 3.09.8 (9-February-2006)
ProductName : CallWave Service
CompanyName : CallWave, Inc.
FileDescription : Internet Answering Machine
InternalName : CallApp
LegalCopyright : Copyright © 1999-2003 CallWave, Inc.
OriginalFilename : CallApp.exe

#:20 [mrv8000x.exe]
FilePath : C:\Program Files\Marvell\CB35P 11g Cardbus\
ProcessID : 920
ThreadCreationTime : 7-19-2006 2:58:39 PM
BasePriority : Normal
FileVersion : 2.04.00.030
ProductVersion : 2.04.00.030
ProductName : Marvell® Wireless Client Card Configuration Utility
CompanyName : Marvell®
FileDescription : Marvell® Wireless Client Card Configuration Utility
InternalName : Mrv8000x
LegalCopyright : Copyright © 2004
OriginalFilename : Mrv8000x.EXE

#:21 [mrtmngr.exe]
FilePath : C:\WINNT\system32\
ProcessID : 984
ThreadCreationTime : 7-19-2006 2:58:41 PM
BasePriority : Normal
FileVersion : 2.01
ProductVersion : 1.00
ProductName : Rate Sensing Manager
CompanyName : Marimba Inc.
FileDescription : Rate Sensing Manager
InternalName : mrtMngr.exe
LegalCopyright : Copyright © 1999, Marimba, Inc.
OriginalFilename : mrtMngr.exe

#:22 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1080
ThreadCreationTime : 7-20-2006 1:07:43 AM
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : IEXPLORE.EXE

#:23 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1140
ThreadCreationTime : 7-20-2006 1:08:50 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:24 [hh.exe]
FilePath : C:\WINNT\
ProcessID : 560
ThreadCreationTime : 7-20-2006 1:09:06 AM
BasePriority : Normal
FileVersion : 5.2.3644.0
ProductVersion : 5.2.3644.0
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.4
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 0

9:13:39 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:29.632
Objects scanned:46937
Objects identified:0
Objects ignored:0
New critical objects:0

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.