180search Assistant HKEY_LOCAL_MACHINE

Question

Total NONgeek 0 Junior Poster in Training

19 Years Ago

I found 180search Assistant in my programs. I went to uninstall it and it required going on the internet to do so. I ran a google search to find out about it. Instructions were given here http://www.iamnotageek.com/a/394-p1.php for it's removal.

How do I find these things to remove them?
Destroy Autorun:
Delete the following keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lgbibsn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msbb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tov
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sais
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\saie
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\180ax

I am so nongeeky :sad: :o :sad: :rolleyes:

windows-virus

3 Contributors
5 Replies
164 Views
1 Day Discussion Span
Latest Post 19 Years Ago Latest Post by Total NONgeek

All 5 Replies

dlh6213 27 Posting Maven

19 Years Ago

To delete those keys, you need to use the Registry Editor.

To get to the Registry Editor, go to Start, Run, and type in regedit; click OK and the Registry Editor will open.

Before you edit the registry, you should make a backup. At the top of the Registry window, click on the Registry menu, click Export Registry File. In the Export range panel, click All, then save your registry as Backup.

Make the changes you want, then exit the Registry Editor.

In terms of the 180Search Assistant, don't even bother trying to use Add/Remove Programs to uninstall it. Even if you went through all of the (intentionally difficult) uninstallation process, it wouldn't remove all traces of the programs anyway.

See if these two utilities can remove the offending programs:

Download and run Ad Aware and SpyBot Search & Destroy. Download links are in the "Helping Yourself" sticky thread near the beginning of this forum.

Follow these directions for configuring Ad Aware (directions courtesy of "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile

5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window. Select all found items and have Ad Aware fix/delete them.

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found

Run SpyBot.

When you first run SpyBot, it will walk you through a Wizard which will perform a few critical functions (making a registry backup, getting the latest updates, etc.).

1. Perform all of the Wizard's tasks.
2. Run the program. Once it completes, have it fix everything it finds.
3. Reboot.

If you would like to make sure you don't have anything else lurking, get hijackthis from here:

http://www.daniweb.com/techtalkforums/thread18768.html

Close all browser windows, scan with hijackthis, save the log, and post it here.

crunchie 990 Most Valuable Poster

19 Years Ago

If they do not rid you of those entries, try the following;

Download the zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.

This will only delete the registry entries!

This attachment is potentially unsafe to open. It may be an executable that is capable of making changes to your file system, or it may require specific software to open. Use caution and only open this attachment if you are comfortable working with zip files.

fixme.zip (0.25 KB)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Total NONgeek 0 Junior Poster in Training · Answer 1 · 2005-02-28T00:50:40+00:00

OK I have no idea what I have done but I am not going to try to do it again.I think that I would rather reformat than go through that ordeal. I never saw any of the things that I was supposed to delete. Something is wrong with my printer. It keeps giving me error messages. . . out of paper which it is not or paper jam which I cannot see. I am scared half to death of the registry. I need to wait til I can get someone to read the instructions to me before I attempt this again.

Crunchie what is this file? What does it do? Will it eliminate the need to to try and manually clean the registry?Too little info is almost as bad as not enough. sooooooo confused right now.

dlh6213 27 Posting Maven Team Colleague · Answer 2 · 2005-02-28T07:02:32+00:00

It will help if you tell us what you did do; did you make any changes to the registry? Run Ad-Aware, SpyBot, or Fixme yet? Did you get HijackThis? A log from HijackThis may help quite a bit.

Total NONgeek 0 Junior Poster in Training · Answer 3 · 2005-02-28T08:17:19+00:00

Honestly I dont know what I did. Right now I am sick with strep and staph infections and I cannot think that clearly at times. I did download the fixme file and opened it but I cant remember what happened. These antibiotics dope me up pretty good and I am at times barely functional.

Here is a hijack log. I didnt download Spybot because it has caused me too many troubles in the past and my computer guy told me not to use it again unless it was to avoid calling calling him. He installed spysweeper instead. I also have spyware blaster and stop sign. Now before you start I want you to know that E-Anthology is my ISP and I do not believe that they are spyware. I will not remove them from my computer at this time because I have prepaid and have several months left on my contract. exco is message boards. They are harmless. I thought that I had gotten rid of Hello but see it in the list. I do have CrapCleaner and ran that too.

Logfile of HijackThis v1.98.2
Scan saved at 6:54:53 PM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Enigma Browser\Enigma.exe
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\Documents and Settings\Owner\Desktop\Virus stuff\HijackThis19802.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://excoboard.com/exco/index.php?boardid=4267
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [eanth_system_patcher] "C:\Program Files\Acceleration Software\SystemPatcher\sys_alert.exe" /Startup
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [fwservice] C:\Program Files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -startup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - (no file)
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: http://tools.150m.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://stop-sign.com/pub/download/stop-sign_qa1.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107589018609
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0953BD93-D356-47B7-B4F2-AE08B5B1AC60}: NameServer = 209.244.0.3 209.244.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0953BD93-D356-47B7-B4F2-AE08B5B1AC60}: NameServer = 209.244.0.3 209.244.0.4

Thanks guys! Its bedtime for me again. 20 minutes awake and I pass out again.

180search Assistant HKEY_LOCAL_MACHINE

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers