'Adware.180Solutions detected' - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 12-07-2009, 05:06 PM   #1 (permalink)
True Techie
 
Join Date: Oct 2007
Posts: 238
Default 'Adware.180Solutions detected'

I ran a malwarebytes' scan today, just to check for consistency and it found 4 problems. All 4 being ''Adware.180Solution'. If it had been detected in say a folder, i would've probably done a manual cleanup, but it's detected as a registry key so i figured i'd better get this removed properly from professionals

Malwarebytes' log: (Also, dont worry about the Security Center registry key, i manually uninstalled that service.)

Quote:
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/7/2009 2:56:08 PM
mbam-log-2009-12-07 (14-55-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157632
Time elapsed: 1 hour(s), 1 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sai.instantiator (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\sai.instantiator.1 (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
And here's a Hijackthis log:

Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:43 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\WinPatrol\winpatrol.exe
E:\Program Files\ClamWin\ClamWin\bin\ClamTray.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Program Files\Rainlendar\Rainlendar2.exe
C:\Program Files\Rosewill\Common\RaUI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Rosewill\Common\RegistryWriter.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
E:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Program Files\Winamp\winamp.exe
E:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nagahama\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Office12\GrooveShellExtensions.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] E:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ClamWin] "E:\Program Files\ClamWin\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nagahama\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Rainlendar2] E:\Program Files\Rainlendar\Rainlendar2.exe
O4 - Global Startup: Rosewill Wireless Utility.lnk = C:\Program Files\Rosewill\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194218864002
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A3E88C2-3F75-449C-BEB9-1BFB2463414F}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Rosewill\Common\RegistryWriter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7965 bytes
__________________

__________________
blue4paper is offline  
Old 12-07-2009, 05:19 PM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: 'Adware.180Solutions detected'

You need to let malwarebytes remove those infections
__________________
Osiris is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Please analyze my hijacklog. mingming12 HijackThis Logs (finished) 49 11-20-2009 10:24 PM
some type of worm or something? randyjcrouse Viruses, Spyware and Malware 18 09-25-2009 03:08 PM
trojans detected on new computer, false pos? edteach Viruses, Spyware and Malware 1 09-15-2009 10:45 PM
crashing pc daz6215 Overclocking and Modding 6 02-29-2008 11:35 AM
seagate 80gigs failing.. acuariano Hardware Repairs and Troubleshooting 27 08-27-2007 09:43 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 09:20 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.