Help getting rid of "180 Search Assistant"

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

carrieann

Thread Starter
Joined
Sep 14, 2004
Messages
3
I seem to have some program running on my computer called "180 search assistant". I'm guessing it's something bad, i used "hijackthis" and these were my results:
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winad Client\Winad.exe
C:\Program Files\Winad Client\WinClt.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\WINNT\system32\ypkobs.exe
C:\WINNT\system32\HPZipm12.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\WINNT\system32\spoolsv.exe
C:\DOCUME~1\burn\LOCALS~1\Temp\HijackThis.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe
O4 - HKLM\..\Run: [jst] C:\WINNT\jst.exe
O4 - HKLM\..\Run: [ivkyfxozmp] C:\WINNT\system32\ypkobs.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\burn\LOCALS~1\Temp\djtopr1150.exe"
O4 - Global Startup: RICOH Gate L.lnk.disabled
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d9cb3ae926d:158854fc4a27381a6ed667336045adce
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?321
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

Any help would be great, I am running out of ideas. i tried spybot, adaware, etc...and it doesnt show up anywhere. i continue to get these pop-ups saying that 180search assistant has been uninstalled and some programs wont run properly with it gone. then. it asks you if you want to re-install it or continue to un-install it. no matter what, it comes back. thanks so much.
 
Joined
Aug 14, 2004
Messages
454
this program can remove it easily ,please read carefully
scan your hard drive with this tool :

this is where to get it
http://tds.diamondcs.com.au/index.php?page=download

and this link how to use it

http://tds.diamondcs.com.au/index.php?page=easytouse

After downloading TDS, don't forget
to update to the latest database!

this where to update manually
http://tds.diamondcs.com.au/index.php?page=update

it removes more than adwares and cookies ! it removes trojans and worms etc etc

after update ,when you launch the program ,it will scan your memory running programs ,and after 20 to 30 seconds(u ll see this message :trace scan finished) ,you are ready to click on SYSTEM TESTING ,a tab opens then CLICK SCAN FULL SYSTEM .good luck ,keep me posted
 

carrieann

Thread Starter
Joined
Sep 14, 2004
Messages
3
here is my log after everything you said...how's it look? by the way, i really appreciate your help i am totally clueless with this.

11:49:19 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
11:49:19 [Init] Started 19-09-04 11:49:19 US Mountain Standard Time (UTC: 7), Internet Time @825.91
11:49:19 [Init] Loading TDS-3 Systems ...
11:49:19 [Init] Token successfully adjusted.
11:49:19 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
11:49:21 [Init] • Plugins : OK. Loaded 13
11:49:21 [Init] • Exec Protection : Not Installed
11:49:21 [Init] WARNING: Your Radius.TD3 database needs to be updated!
11:49:21 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
11:49:21 [Init] Licensed users can use the Update facility from the TDS menu
11:49:21 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
11:49:55 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
11:49:55 [Init] • Systems Initialised [37713 references - 15298 primaries/10448 traces/11967 variants/other]
11:49:55 [Init] Radius Systems loaded. <Databases updated 19-09-2004>
11:49:55 [Init] TDS-3 Ready. <[email protected], 127.0.0.1 - United States>
11:49:55 [Tip Of The Day] Ever wanted to know what your IRC client and IRC server were saying to each other? You can view, analyse, and even inject data into almost any TCP Client/Server combination using the Traffic Bridge utility.
11:49:56 [TDS] Good morning Burn.
11:50:05 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
11:50:09 [Mutex Memory Scan] Started...
11:50:12 [Mutex Memory Scan] Finished (no trojan mutexes found).
11:50:12 [Trace Scan] Started...
11:51:37 [Trace Scan] Finished.
11:51:37 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
11:52:45 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
11:52:45 [Init] Started 19-09-04 11:52:45 US Mountain Standard Time (UTC: 7), Internet Time @828.30
11:52:45 [Init] Loading TDS-3 Systems ...
11:52:45 [Init] Token successfully adjusted.
11:52:45 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
11:52:46 [Init] • Plugins : OK. Loaded 13
11:52:46 [Init] • Exec Protection : Not Installed
11:52:46 [Init] WARNING: Your Radius.TD3 database needs to be updated!
11:52:46 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
11:52:46 [Init] Licensed users can use the Update facility from the TDS menu
11:52:46 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
11:53:12 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
11:53:12 [Init] • Systems Initialised [37713 references - 15298 primaries/10448 traces/11967 variants/other]
11:53:12 [Init] Radius Systems loaded. <Databases updated 19-09-2004>
11:53:12 [Init] TDS-3 Ready. <[email protected] - United States>
11:53:12 [Tip Of The Day] Did you know? - DiamondCS are the only anti-trojan company that updates DAILY.
11:53:12 [TDS] Good morning Burn.
11:53:21 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
11:53:25 [Mutex Memory Scan] Started...
11:53:27 [Mutex Memory Scan] Finished (no trojan mutexes found).
11:53:27 [Trace Scan] Started...
11:55:21 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
11:55:21 [Init] Started 19-09-04 11:55:21 US Mountain Standard Time (UTC: 7), Internet Time @830.10
11:55:21 [Init] Loading TDS-3 Systems ...
11:55:21 [Init] Token successfully adjusted.
11:55:21 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
11:55:21 [Init] • Plugins : OK. Loaded 13
11:55:21 [Init] • Exec Protection : Not Installed
11:55:21 [Init] WARNING: Your Radius.TD3 database needs to be updated!
11:55:21 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
11:55:21 [Init] Licensed users can use the Update facility from the TDS menu
11:55:21 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
11:55:47 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
11:55:47 [Init] • Systems Initialised [37713 references - 15298 primaries/10448 traces/11967 variants/other]
11:55:47 [Init] Radius Systems loaded. <Databases updated 19-09-2004>
11:55:47 [Init] TDS-3 Ready. <[email protected] - United States>
11:55:47 [Tip Of The Day] TDS-3 has the unique ability to enumerate 16-bit processes in Windows NT/2K - just go to System Analysis | Process List, and select 16-bit Process List.
11:55:47 [TDS] Good morning Burn.
11:55:55 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
11:55:59 [Mutex Memory Scan] Started...
11:56:01 [Mutex Memory Scan] Finished (no trojan mutexes found).
11:56:01 [Trace Scan] Started...
11:57:24 [Trace Scan] Finished.
11:57:24 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
12:08:09 [CRC32] Started - verifying 29 files ...
12:08:09 [CRC32] File doesn't exist: C:\autoexec.bat
12:08:16 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
12:08:19 [CRC32] Test finished.
12:13:12 [Memory Scan] Memory scan started, please wait a moment ...
12:13:16 [Memory Scan] Memory scan complete.
12:13:16 [Mutex Memory Scan] Started...
12:13:17 [Mutex Memory Scan] Finished (no trojan mutexes found).
12:13:17 [Trace Scan] Started...
12:14:40 [Trace Scan] Finished.
12:14:40 [Service\Driver Scan] Scanning for services and drivers ...
12:14:55 [Service\Driver Scan] Scanned 247 services and drivers.
12:14:55 [File Scan] Scanning in A:\ ...
12:14:57 [File Scan] Scanned 0 files: 2 alarms in 1.070313 seconds (Avg 1. files/sec)
12:14:57 [File Scan] Scanning in C:\ ...
12:20:32 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
13:09:52 [File Scan] Scanned 33201 files: 28 alarms in 3295.301 seconds (Avg 11.08 files/sec)
13:09:52 [File Scan] Scanning in D:\ ...
13:09:52 [File Scan] Scanned 0 files: 28 alarms in 0 seconds (Avg -1.#IND files/sec)
13:09:52 [File Scan] Scanning in E:\ ...
13:09:52 [File Scan] Scanned 14 files: 28 alarms in 0.1171875 seconds (Avg 120.47 files/sec)
13:09:52 [File Scan] Scanning in F:\ ...
13:09:52 [File Scan] Scanned 0 files: 28 alarms in 5.078125E-02 seconds (Avg 1. files/sec)
13:09:52 [Scan] Finished.
13:39:55 [Quit] Unloading ...
14:22:59 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
14:22:59 [Init] Started 19-09-04 14:22:59 US Mountain Standard Time (UTC: 7), Internet Time @932.63
14:22:59 [Init] Loading TDS-3 Systems ...
14:22:59 [Init] Token successfully adjusted.
14:23:00 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
14:23:01 [Init] • Plugins : OK. Loaded 13
14:23:01 [Init] • Exec Protection : Not Installed
14:23:01 [Init] WARNING: Your Radius.TD3 database needs to be updated!
14:23:01 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
14:23:01 [Init] Licensed users can use the Update facility from the TDS menu
14:23:02 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
14:23:07 [Init] Unloading ...
 
Joined
Aug 14, 2004
Messages
454
you need to update manually ,see this warning >>
14:23:01 [Init] WARNING: Your Radius.TD3 database needs to be updated!

this one ...>
11:53:21 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
it s locked by your antivirus ,you need to disable your AV ,and remove it with tds3
all the bugs are in DRIVE C
see warning>>12:14:57 [File Scan] Scanning in C:\ ...
12:20:32 [Locked File] Couldn't open c:\winnt\system32\ypkobs.exe for read access, file is locked
13:09:52 [File Scan] Scanned 33201 files: 28 alarms in 3295.301 seconds (Avg 11.08 files/sec)
in the half lower of the screen you need to right click on each bug and delete and one is locked ,i showed you why .
 
Joined
Sep 21, 2004
Messages
2
You can also try the following solution(s) here -> http://sarc.com/avcenter/venc/data/adware.ncase.html
http://www.doxdesk.com/parasite/nCase.html

NCase and 180 solutions are one in the same. There is an NCase Uninstaller program available as well. Not sure where I picked it up anymore, but I have a local copy that I could supply to anyone needing it (all freeware solutions - why pay to have your freedom back?) p.s. don't use the "ncaseadsuninstaller" pgm from N-Case.com - it contains viral-like code and won't do the job!

Be well.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top