• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
matt-will

about:blank 180search assistant

5 posts in this topic

there is a 180search assistant pop-up that appears on the screen every few minutes telling me there is a problem and i need to reinstall a program that i don't want on my computer. i have no control over the home page and i think when i try to view certain websites, mainly those dealling with solving my problem, it tells my computer the server cannot be found. help will be greatly appreciated. thanks,

matt-will.

 

 

 

Logfile of HijackThis v1.98.0

Scan saved at 10:35:18 PM, on 7/1/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\TFNF5.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE

C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe

C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\WINDOWS\System32\gpyuul.exe

C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\WINDOWS\System32\NDrv.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\mdm.exe

C:\Documents and Settings\Matt Hodgdon\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.COLORADO.EDU/STUDENTS/INDEX.HTML

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-search.info/keyword%s

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll

O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF4123.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [safeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF4123.dll

O4 - HKLM\..\Run: [uouvqmiccfeb] C:\WINDOWS\System32\gpyuul.exe

O4 - HKLM\..\Run: [ijovadwd] C:\WINDOWS\ijovadwd.exe

O4 - HKLM\..\Run: [dobsd] C:\WINDOWS\dobsd.exe

O4 - HKCU\..\Run: [uuse] C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe

O4 - Startup: DLHelperEXE.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent615.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

Edited by matt-will

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.internet-search.info/searchbar

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.internet-search.info/keyword%s

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\PDF4123.dll

 

O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

O4 - HKLM\..\Run: [safeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF4123.dll

O4 - HKLM\..\Run: [uouvqmiccfeb] C:\WINDOWS\System32\gpyuul.exe

O4 - HKLM\..\Run: [ijovadwd] C:\WINDOWS\ijovadwd.exe

O4 - HKLM\..\Run: [dobsd] C:\WINDOWS\dobsd.exe

O4 - HKCU\..\Run: [uuse] C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe

O4 - Startup: DLHelperEXE.exe

 

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

 

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)

 

O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent615.cab

Reboot and delete

 

files

C:\WINDOWS\System32\pdfupd.dll

C:\WINDOWS\System32\PDF4123.dll

C:\WINDOWS\System32\gpyuul.exe

C:\WINDOWS\ijovadwd.exe

C:\WINDOWS\dobsd.exe

C:\Documents and Settings\Matt Hodgdon\Application Data\belh.exe

C:\WINDOWS\System32\NDrv.exe

DLHelperEXE.exe

 

folders

C:\Program Files\WebSavingsfromEbates

C:\Program Files\AWS

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites

i only found 3 of the 8 files to delete, and the gpyuul one would not delete because it was in use by another program. i also was also unsure about DLHelperExE.exe.

thanks the help, BIG BIG

 

 

Logfile of HijackThis v1.98.0

Scan saved at 5:54:52 PM, on 7/2/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\TFNF5.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE

C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe

C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\WINDOWS\System32\gpyuul.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

C:\Program Files\Common Files\Symantec Shared\NMain.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.colorado.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - HKLM\..\Run: [dcdypx] C:\WINDOWS\System32\gpyuul.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

Share this post


Link to post
Share on other sites

Run Hijack this again, and fix

O4 - HKLM\..\Run: [dcdypx] C:\WINDOWS\System32\gpyuul.exe

Then reboot, and delete the file.

Apart from that, it's a clean log.

Share this post


Link to post
Share on other sites

thanks for all your help but i am still having a problem with changing my home page. after i deleted the last one, rebooted and deleted the file i changed my hp then ran hijackthis and it still had the old one.

 

Logfile of HijackThis v1.98.0

Scan saved at 4:35:49 PM, on 7/3/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\TFNF5.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\WINDOWS\System32\ezSP_Px.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE

C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe

C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe

C:\WINDOWS\System32\wfxsnt40.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

C:\Documents and Settings\Matt Hodgdon\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://WWW.COLORADO.EDU/STUDENTS/INDEX.HTML

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0