Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mcafee sec.center finds files but cannot delete them [Solved]

Started by tjmk , Jun 11 2009 01:11 PM

  • This topic is locked This topic is locked

#16
tjmk
Posted 22 June 2009 - 10:34 AM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
hi
yeah, i thought to mbam, but did it again just now.

note: minibugtransporter and 180solutions seem to come up every scan, even though it says they are removed successfully.

also, even though webcom.webbar isn't shown in the log, it is still in my registry keys. :)

here is the mbam log:

Malwarebytes' Anti-Malware 1.38
Database version: 2322
Windows 5.1.2600 Service Pack 2

6/22/2009 9:28:57 AM
mbam-log-2009-06-22 (09-28-57).txt

Scan type: Quick Scan
Objects scanned: 105623
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#17
sage5
Posted 22 June 2009 - 04:36 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi tjmk,

Let's try a different scanner:
Please download the following & save to your Desktop:

Dr.Web CureIt

Run Dr.Web CureIt:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • This report will need to be renamed to Dr.Web.txt in order to post it on the forum.
  • Please post the Dr.Web.txt report in your next reply

  • 0

#18
tjmk
Posted 23 June 2009 - 02:58 AM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
hi, long scan...

here is the drweb results

CA2134ABd01;C:\Documents and Settings\tjmk\Local Settings\Application Data\Mozilla\Firefox\Profiles\cms4woew.default\Cache;Probably SCRIPT.Virus;;
mcvsescn.exe\mcvsescn.exe;C:\Program Files\McAfee.com\mcvsescn.exe;Probably BACKDOOR.Trojan;;
mcvsescn.exe;C:\Program Files\McAfee.com;Archive contains infected objects;Moved.;
A0000253.exe\mcvsescn.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0000253.exe;Probably BACKDOOR.Trojan;;
A0000253.exe;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6;Archive contains infected objects;Moved.;
ymsgrie.exe\data163;F:\Program Files\Internet Explorer\ymsgrie.exe;Probably DLOADER.Trojan;;
ymsgrie.exe;F:\Program Files\Internet Explorer;Archive contains infected objects;Moved.;
kazaa_lite_171_english.exe\data023;F:\zipperfiles\odd stuff\kazaa_lite_171_english.exe;Probably BACKDOOR.Trojan;;
kazaa_lite_171_english.exe;F:\zipperfiles\odd stuff;Archive contains infected objects;Moved.;
IPinsight.EXE\data008;F:\Documents and Settings\Michael\Local Settings\Temp\IPinsight.EXE;Adware.Ipinsight;;
IPinsight.EXE;F:\Documents and Settings\Michael\Local Settings\Temp;Archive contains infected objects;Moved.;
A0000271.exe\data163;F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0000271.exe;Probably DLOADER.Trojan;;
A0000271.exe;F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7;Archive contains infected objects;Moved.;
A0000272.exe\data023;F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0000272.exe;Probably BACKDOOR.Trojan;;
A0000272.exe;F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7;Archive contains infected objects;Moved.;
A0000273.EXE\data008;F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0000273.EXE;Adware.Ipinsight;;
A0000273.EXE;F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7;Archive contains infected objects;Moved.;
kazaa_lite_171_english.exe\data023;H:\zipperfiles\kazaa_lite_171_english.exe;Probably BACKDOOR.Trojan;;
kazaa_lite_171_english.exe;H:\zipperfiles;Archive contains infected objects;Moved.;
A0000274.exe\data023;H:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0000274.exe;Probably BACKDOOR.Trojan;;
A0000274.exe;H:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7;Archive contains infected objects;Moved.;
  • 0

#19
sage5
Posted 23 June 2009 - 08:31 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Now try to re-run Malwar3ebytes AntiMalware & see what results you get
  • 0

#20
tjmk
Posted 23 June 2009 - 01:16 PM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
hi again
here is the new mbam log

Malwarebytes' Anti-Malware 1.38
Database version: 2325
Windows 5.1.2600 Service Pack 2

6/23/2009 12:14:12 PM
mbam-log-2009-06-23 (12-14-12).txt

Scan type: Full Scan (C:\|F:\|G:\|H:\|)
Objects scanned: 343547
Time elapsed: 4 hour(s), 22 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\tjmk\local settings\application data\Mozilla\Firefox\Profiles\cms4woew.default\Cache\777BBF3Bd01 (Rogue.Installer) -> Quarantined and deleted successfully.
  • 0

#21
sage5
Posted 23 June 2009 - 05:19 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
OK let's do this the manual way.

Please download RegSearch and save it to your Desktop.
  • Extract the file to its own folder, like C:\RegSearch
  • Double click on regsearch.exe
  • Copy the following to the upper input box, 1 entry per line:
    minibugtransporter
    clientax
    webcom.webbar
    180Solutions
  • Leave the lower input box empty
  • Leave the ticks in there default configurations & click OK
  • The scan will appear to pause and then open a Notepad file.
  • This file is C:\RegSearch\RegSearch.txt

Edited by sage5, 23 June 2009 - 05:19 PM.

  • 0

#22
tjmk
Posted 23 June 2009 - 10:22 PM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
here is the regsearch log
i don't see webcom, but i believe that webcom.webbar is in hkcr
gohip is in f: system volume information\restore


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/23/2009 9:09:05 PM for strings:
; 'minibugtransporter'
; 'clientax'
; 'webcom.webbar'
; '180solutions'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\bis]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\config]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\cts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\downloads]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\installs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\nowhere]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\ping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\tv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\uploads]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\bis]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\config]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\cts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\downloads]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\installs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\nowhere]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\ping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\tv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\uploads]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\bis]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\config]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\cts]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\downloads]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\installs]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\nowhere]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\ping]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\tv]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\uploads]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\bis]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\config]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\cts]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\downloads]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\installs]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\nowhere]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\ping]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\tv]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\uploads]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\www]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\bis]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\config]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\cts]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\downloads]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\installs]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\nowhere]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\ping]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\tv]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\uploads]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\www]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bis.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\config.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cts.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloads.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\installs.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nowhere.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ping.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tv.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uploads.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\bis]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\config]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\cts]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\downloads]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\installs]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\nowhere]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\ping]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\tv]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\uploads]

[HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\bis]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\config]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\cts]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\downloads]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\installs]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\nowhere]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\ping]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\tv]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\uploads]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\bis]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\config]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\cts]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\downloads]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\installs]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\nowhere]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\ping]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\tv]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\uploads]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com\www]

; End Of The Log...
  • 0

#23
sage5
Posted 24 June 2009 - 08:04 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bis.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\config.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cts.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloads.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\installs.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nowhere.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ping.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tv.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uploads.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.180solutions.com]

[-HKEY_USERS\S-1-5-21-2102879141-4269503986-2857571523-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\180solutions.com]
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry

Because of the structure & function of the Registry, if webcom.webbar were still in the HKCR section, they would have also showed up in HKLM\Software\Classes, so no longer present.
  • 0

#24
tjmk
Posted 24 June 2009 - 09:02 AM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
ok, fixreg is done.

here is a snapshot showing webcom in the registry listing.

Attached Thumbnails

  • regedit_snap.JPG

  • 0

#25
sage5
Posted 24 June 2009 - 06:15 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Well that is a surprise.
Let's see if we can get rid of them.
First delete the Fixreg.reg file wwe made earlier from the Desktop, then create a new one:
  • Please open a new Notepad file.
  • Copy the text from the following Code box

Windows Registry Editor Version 5.00

[-HKEY_CLASSES\ROOT\WebCom.WebBar]

[-HKEY_CLASSES\ROOT\WebCom.WebBar.1]

  • Paste it into the Notepad file.
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry

Let me know if you get any error messages.
  • 0

Advertisements

#26
tjmk
Posted 24 June 2009 - 06:30 PM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
hi, made new fixreg.reg and applied it. it claimed to be successfully applied. but when i went into regedit, it is still there, with the same error message shown in the jpeg i submitted last post.
  • 0

#27
sage5
Posted 24 June 2009 - 07:06 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Please download SWReg and save it to your C:\Windows\System32 folder.


Clean up Registry:
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the code box to Notepad.
Save it to your desktop, make sure the file type is All File and name it FixServices.bat

@echo off
SWReg ACL HKCR\WebCom.WebBar /GM:F
SWReg ACL HKCR\WebCom.WebBar.1 /GM:F
reg delete "HKCR\WebCom.WebBar" /f
reg delete "HKCR\WebCom.WebBar.1" /f
exit
Double click FixServices.bat. A window will open and close. This is normal.
  • 0

#28
tjmk
Posted 24 June 2009 - 07:20 PM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
downloaded swreg and verified that it is in c:\windows\system32 folder.
created fixservices.bat saved to desktop as instructed
double-clicked and watched window open/close.
checked regedit. both are still listed there.
  • 0

#29
sage5
Posted 24 June 2009 - 08:52 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Now that makes me think that they are some leftover "anomaly" from the malware infection.
I am guessing that both keys are listed as empty?
If so, I wouldn't worry about them, most registries have plenty of "left-overs" like those hanging around.
You would need to have a huge amount of those type of "dead links" before they would cause functional issues in your Registry.
I would NOT recommend that you try a registry cleaner, to remove those.
Cleaner apps, tend to either:
Not remove what you want, or,
Remove more than what you wanted, crippling applications or worse, your Operating System.

Any other issues?
  • 0

#30
tjmk
Posted 24 June 2009 - 10:14 PM

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
yes, it appears to be empty. there is nothing under in the name/type/data headers in regedit.

so when it shows up on the weekly scan by mcafee, i shouldn't be alarmed. ??

the minibug and 180 still come up when i run mbam. but i guess they are persistant as well. ??


Malwarebytes' Anti-Malware 1.38
Database version: 2332
Windows 5.1.2600 Service Pack 2

6/24/2009 9:09:00 PM
mbam-log-2009-06-24 (21-09-00).txt

Scan type: Quick Scan
Objects scanned: 106176
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP