Jump to content


Photo

about:blank 180search assistant


  • Please log in to reply
4 replies to this topic

#1 matt-will

matt-will

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 04:40 AM

there is a 180search assistant pop-up that appears on the screen every few minutes telling me there is a problem and i need to reinstall a program that i don't want on my computer. i have no control over the home page and i think when i try to view certain websites, mainly those dealling with solving my problem, it tells my computer the server cannot be found. help will be greatly appreciated. thanks,
matt-will.



Logfile of HijackThis v1.98.0
Scan saved at 10:35:18 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\gpyuul.exe
C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\mdm.exe
C:\Documents and Settings\Matt Hodgdon\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.COLORADO.EDU/STUDENTS/INDEX.HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-....info/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-....info/keyword%s
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF4123.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF4123.dll
O4 - HKLM\..\Run: [uouvqmiccfeb] C:\WINDOWS\System32\gpyuul.exe
O4 - HKLM\..\Run: [ijovadwd] C:\WINDOWS\ijovadwd.exe
O4 - HKLM\..\Run: [dobsd] C:\WINDOWS\dobsd.exe
O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent615.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab

Edited by matt-will, 02 July 2004 - 01:24 PM.


#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 02 July 2004 - 04:55 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-....info/searchbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-....info/keyword%s
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF4123.dll

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF4123.dll
O4 - HKLM\..\Run: [uouvqmiccfeb] C:\WINDOWS\System32\gpyuul.exe
O4 - HKLM\..\Run: [ijovadwd] C:\WINDOWS\ijovadwd.exe
O4 - HKLM\..\Run: [dobsd] C:\WINDOWS\dobsd.exe
O4 - HKCU\..\Run: [Uuse] C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - Startup: DLHelperEXE.exe

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/...lesilent615.cab

Reboot and delete

files
C:\WINDOWS\System32\pdfupd.dll
C:\WINDOWS\System32\PDF4123.dll
C:\WINDOWS\System32\gpyuul.exe
C:\WINDOWS\ijovadwd.exe
C:\WINDOWS\dobsd.exe
C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe
C:\WINDOWS\System32\NDrv.exe
DLHelperEXE.exe

folders
C:\Program Files\WebSavingsfromEbates
C:\Program Files\AWS

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 matt-will

matt-will

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 07:06 PM

i only found 3 of the 8 files to delete, and the gpyuul one would not delete because it was in use by another program. i also was also unsure about DLHelperExE.exe.
thanks the help, BIG BIG


Logfile of HijackThis v1.98.0
Scan saved at 5:54:52 PM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\System32\gpyuul.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.colorado.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [dcdypx] C:\WINDOWS\System32\gpyuul.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 July 2004 - 10:25 AM

Run Hijack this again, and fix

O4 - HKLM\..\Run: [dcdypx] C:\WINDOWS\System32\gpyuul.exe

Then reboot, and delete the file.
Apart from that, it's a clean log.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 matt-will

matt-will

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 03 July 2004 - 05:40 PM

thanks for all your help but i am still having a problem with changing my home page. after i deleted the last one, rebooted and deleted the file i changed my hp then ran hijackthis and it still had the old one.

Logfile of HijackThis v1.98.0
Scan saved at 4:35:49 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Documents and Settings\Matt Hodgdon\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.COLORADO.EDU/STUDENTS/INDEX.HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button