TechSpot

my father and his stupid computer

By jackblackness
Apr 14, 2005
  1. Title edited by realblackstuff
    so i just built my dad a AMD 64 3000+ computer, (which had its own troubles in the making) and after a few weeks he has managed to ravage it with spyware beyond belief puke: ....i need help...i have attached his hijack this log file after using CWSshredder, AD-aware and the vx2 cleaner plugin along with spybot search and destroy immunizing his computer...im not sure if he has sp2 yet (it was set to downloading but i think he canceled it to use his computer sooner) this is the second time ive have run to techspot for help with this computer and i thank all helpers on this forum for everything you have done.
     

    Attached Files:

  2. isatippy

    isatippy TS Rookie Posts: 497

  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I would seriously advise you to dump Avant and start using Firefox instead.
    Avant is just IE with a prettier face on, but also just as infection-prone as IE!

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    uymsqh.exe
    svcnut.exe
    prxaduiv.exe
    sais.exe
    bugdbtmd.exe
    evuj.exe
    tibs3.exe
    srvc32.exe
    spoolsrv32.exe

    Next, if you can, UNinstall anything to do with:
    c:\program files\180solutions\sais.exe

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    C:\WINDOWS\System32\uymsqh.exe
    C:\WINDOWS\system32\svcnut.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=382
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
    O4 - HKLM\..\Run: [Windows Compliant] uymsqh.exe
    O4 - HKLM\..\Run: [tKKc] C:\WINDOWS\prxaduiv.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [bugdbtmd] C:\WINDOWS\System32\bugdbtmd.exe
    O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
    O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
    O4 - HKLM\..\RunServices: [Windows Compliant] uymsqh.exe
    O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
    O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O4 - HKCU\..\Run: [Windows Compliant] uymsqh.exe
    O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
    O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O9 - Extra button: Microsoft AntiSpyware helper - {7A954329-098E-4AAC-BDE6-1CDEF76EE030} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A954329-098E-4AAC-BDE6-1CDEF76EE030} - (no file) (HKCU)
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111888296796
    Unless these O17 addies are from YOUR ISP, also 'fix'
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B451E19D-0D2E-4566-9B05-A546E6532A45}: NameServer = 206.176.192.10,206.176.208.10

    When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
    Boot normal. When all OK, switch System Restore back on.
     
  4. Eddy Rassy

    Eddy Rassy TS Rookie Posts: 69

    Install and run Ad-Aware SE Professional. It will clean everything
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...