1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help getting rid of "180 Search Assistant"

Discussion in 'Virus & Other Malware Removal' started by carrieann, Sep 14, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. carrieann

    carrieann Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    3
    I seem to have some program running on my computer called "180 search assistant". I'm guessing it's something bad, i used "hijackthis" and these were my results:
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINNT\system32\hphmon05.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Winad Client\Winad.exe
    C:\Program Files\Winad Client\WinClt.exe
    C:\PROGRA~1\INTERN~1\iexplore.exe
    C:\WINNT\system32\ypkobs.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\Program Files\Web_Rebates\WebRebates1.exe
    C:\WINNT\system32\spoolsv.exe
    C:\DOCUME~1\burn\LOCALS~1\Temp\HijackThis.exe
    C:\Program Files\Web_Rebates\WebRebates0.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
    O4 - HKLM\..\Run: [jst] C:\WINNT\jst.exe
    O4 - HKLM\..\Run: [ivkyfxozmp] C:\WINNT\system32\ypkobs.exe
    O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\burn\LOCALS~1\Temp\djtopr1150.exe"
    O4 - Global Startup: RICOH Gate L.lnk.disabled
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d9cb3ae926d:158854fc4a27381a6ed667336045adce
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?321
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

    Any help would be great, I am running out of ideas. i tried spybot, adaware, etc...and it doesnt show up anywhere. i continue to get these pop-ups saying that 180search assistant has been uninstalled and some programs wont run properly with it gone. then. it asks you if you want to re-install it or continue to un-install it. no matter what, it comes back. thanks so much.
     
  2. carrieann

    carrieann Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    3
    Can anyone please help?! I have been trying for 2 weeks...
     
  3. mimo2005

    mimo2005

    Joined:
    Aug 14, 2004
    Messages:
    454
    this program can remove it easily ,please read carefully
    scan your hard drive with this tool :

    this is where to get it
    http://tds.diamondcs.com.au/index.php?page=download

    and this link how to use it

    http://tds.diamondcs.com.au/index.php?page=easytouse

    After downloading TDS, don't forget
    to update to the latest database!

    this where to update manually
    http://tds.diamondcs.com.au/index.php?page=update

    it removes more than adwares and cookies ! it removes trojans and worms etc etc

    after update ,when you launch the program ,it will scan your memory running programs ,and after 20 to 30 seconds(u ll see this message :trace scan finished) ,you are ready to click on SYSTEM TESTING ,a tab opens then CLICK SCAN FULL SYSTEM .good luck ,keep me posted
     
  4. carrieann

    carrieann Thread Starter

    Joined:
    Sep 14, 2004
    Messages:
    3
    here is my log after everything you said...how's it look? by the way, i really appreciate your help i am totally clueless with this.

    11:49:19 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
    11:49:19 [Init] Started 19-09-04 11:49:19 US Mountain Standard Time (UTC: 7), Internet Time @825.91
    11:49:19 [Init] Loading TDS-3 Systems ...
    11:49:19 [Init] Token successfully adjusted.
    11:49:19 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
    11:49:21 [Init] • Plugins : OK. Loaded 13
    11:49:21 [Init] • Exec Protection : Not Installed
    11:49:21 [Init] WARNING: Your Radius.TD3 database needs to be updated!
    11:49:21 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
    11:49:21 [Init] Licensed users can use the Update facility from the TDS menu
    11:49:21 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    11:49:55 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    11:49:55 [Init] • Systems Initialised [37713 references - 15298 primaries/10448 traces/11967 variants/other]
    11:49:55 [Init] Radius Systems loaded. <Databases updated 19-09-2004>
    11:49:55 [Init] TDS-3 Ready. <[email protected], 127.0.0.1 - United States>
    11:49:55 [Tip Of The Day] Ever wanted to know what your IRC client and IRC server were saying to each other? You can view, analyse, and even inject data into almost any TCP Client/Server combination using the Traffic Bridge utility.
    11:49:56 [TDS] Good morning Burn.
    11:50:05 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
    11:50:09 [Mutex Memory Scan] Started...
    11:50:12 [Mutex Memory Scan] Finished (no trojan mutexes found).
    11:50:12 [Trace Scan] Started...
    11:51:37 [Trace Scan] Finished.
    11:51:37 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
    11:52:45 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
    11:52:45 [Init] Started 19-09-04 11:52:45 US Mountain Standard Time (UTC: 7), Internet Time @828.30
    11:52:45 [Init] Loading TDS-3 Systems ...
    11:52:45 [Init] Token successfully adjusted.
    11:52:45 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
    11:52:46 [Init] • Plugins : OK. Loaded 13
    11:52:46 [Init] • Exec Protection : Not Installed
    11:52:46 [Init] WARNING: Your Radius.TD3 database needs to be updated!
    11:52:46 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
    11:52:46 [Init] Licensed users can use the Update facility from the TDS menu
    11:52:46 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    11:53:12 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    11:53:12 [Init] • Systems Initialised [37713 references - 15298 primaries/10448 traces/11967 variants/other]
    11:53:12 [Init] Radius Systems loaded. <Databases updated 19-09-2004>
    11:53:12 [Init] TDS-3 Ready. <[email protected] - United States>
    11:53:12 [Tip Of The Day] Did you know? - DiamondCS are the only anti-trojan company that updates DAILY.
    11:53:12 [TDS] Good morning Burn.
    11:53:21 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
    11:53:25 [Mutex Memory Scan] Started...
    11:53:27 [Mutex Memory Scan] Finished (no trojan mutexes found).
    11:53:27 [Trace Scan] Started...
    11:55:21 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
    11:55:21 [Init] Started 19-09-04 11:55:21 US Mountain Standard Time (UTC: 7), Internet Time @830.10
    11:55:21 [Init] Loading TDS-3 Systems ...
    11:55:21 [Init] Token successfully adjusted.
    11:55:21 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
    11:55:21 [Init] • Plugins : OK. Loaded 13
    11:55:21 [Init] • Exec Protection : Not Installed
    11:55:21 [Init] WARNING: Your Radius.TD3 database needs to be updated!
    11:55:21 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
    11:55:21 [Init] Licensed users can use the Update facility from the TDS menu
    11:55:21 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    11:55:47 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    11:55:47 [Init] • Systems Initialised [37713 references - 15298 primaries/10448 traces/11967 variants/other]
    11:55:47 [Init] Radius Systems loaded. <Databases updated 19-09-2004>
    11:55:47 [Init] TDS-3 Ready. <[email protected] - United States>
    11:55:47 [Tip Of The Day] TDS-3 has the unique ability to enumerate 16-bit processes in Windows NT/2K - just go to System Analysis | Process List, and select 16-bit Process List.
    11:55:47 [TDS] Good morning Burn.
    11:55:55 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
    11:55:59 [Mutex Memory Scan] Started...
    11:56:01 [Mutex Memory Scan] Finished (no trojan mutexes found).
    11:56:01 [Trace Scan] Started...
    11:57:24 [Trace Scan] Finished.
    11:57:24 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
    12:08:09 [CRC32] Started - verifying 29 files ...
    12:08:09 [CRC32] File doesn't exist: C:\autoexec.bat
    12:08:16 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
    12:08:19 [CRC32] Test finished.
    12:13:12 [Memory Scan] Memory scan started, please wait a moment ...
    12:13:16 [Memory Scan] Memory scan complete.
    12:13:16 [Mutex Memory Scan] Started...
    12:13:17 [Mutex Memory Scan] Finished (no trojan mutexes found).
    12:13:17 [Trace Scan] Started...
    12:14:40 [Trace Scan] Finished.
    12:14:40 [Service\Driver Scan] Scanning for services and drivers ...
    12:14:55 [Service\Driver Scan] Scanned 247 services and drivers.
    12:14:55 [File Scan] Scanning in A:\ ...
    12:14:57 [File Scan] Scanned 0 files: 2 alarms in 1.070313 seconds (Avg 1. files/sec)
    12:14:57 [File Scan] Scanning in C:\ ...
    12:20:32 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
    13:09:52 [File Scan] Scanned 33201 files: 28 alarms in 3295.301 seconds (Avg 11.08 files/sec)
    13:09:52 [File Scan] Scanning in D:\ ...
    13:09:52 [File Scan] Scanned 0 files: 28 alarms in 0 seconds (Avg -1.#IND files/sec)
    13:09:52 [File Scan] Scanning in E:\ ...
    13:09:52 [File Scan] Scanned 14 files: 28 alarms in 0.1171875 seconds (Avg 120.47 files/sec)
    13:09:52 [File Scan] Scanning in F:\ ...
    13:09:52 [File Scan] Scanned 0 files: 28 alarms in 5.078125E-02 seconds (Avg 1. files/sec)
    13:09:52 [Scan] Finished.
    13:39:55 [Quit] Unloading ...
    14:22:59 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
    14:22:59 [Init] Started 19-09-04 14:22:59 US Mountain Standard Time (UTC: 7), Internet Time @932.63
    14:22:59 [Init] Loading TDS-3 Systems ...
    14:22:59 [Init] Token successfully adjusted.
    14:23:00 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
    14:23:01 [Init] • Plugins : OK. Loaded 13
    14:23:01 [Init] • Exec Protection : Not Installed
    14:23:01 [Init] WARNING: Your Radius.TD3 database needs to be updated!
    14:23:01 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
    14:23:01 [Init] Licensed users can use the Update facility from the TDS menu
    14:23:02 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    14:23:07 [Init] Unloading ...
     
  5. mimo2005

    mimo2005

    Joined:
    Aug 14, 2004
    Messages:
    454
    you need to update manually ,see this warning >>
    14:23:01 [Init] WARNING: Your Radius.TD3 database needs to be updated!

    this one ...>
    11:53:21 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
    it s locked by your antivirus ,you need to disable your AV ,and remove it with tds3
    all the bugs are in DRIVE C
    see warning>>12:14:57 [File Scan] Scanning in C:\ ...
    12:20:32 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
    13:09:52 [File Scan] Scanned 33201 files: 28 alarms in 3295.301 seconds (Avg 11.08 files/sec)
    in the half lower of the screen you need to right click on each bug and delete and one is locked ,i showed you why .
     
  6. mimo2005

    mimo2005

    Joined:
    Aug 14, 2004
    Messages:
    454
    thats the link for updating your tds3
    http://tds.diamondcs.com.au/radius.td3
    disable your AV , and rescan full system ,when done any bug in half lower screen ,right click and delete it .
     
  7. Whits

    Whits

    Joined:
    Sep 21, 2004
    Messages:
    2
    You can also try the following solution(s) here -> http://sarc.com/avcenter/venc/data/adware.ncase.html
    http://www.doxdesk.com/parasite/nCase.html

    NCase and 180 solutions are one in the same. There is an NCase Uninstaller program available as well. Not sure where I picked it up anymore, but I have a local copy that I could supply to anyone needing it (all freeware solutions - why pay to have your freedom back?) p.s. don't use the "ncaseadsuninstaller" pgm from N-Case.com - it contains viral-like code and won't do the job!

    Be well.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/274116

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice