My father and his stupid computer

[jackblackness]

Title edited by realblackstuff
so I just built my dad a AMD 64 3000+ computer, (which had its own troubles in the making) and after a few weeks he has managed to ravage it with spyware beyond belief puke: ....I need help...I have attached his hijack this log file after using CWSshredder, AD-aware and the vx2 cleaner plugin along with spybot search and destroy immunizing his computer...im not sure if he has sp2 yet (it was set to downloading but I think he canceled it to use his computer sooner) this is the second time ive have run to techspot for help with this computer and I thank all helpers on this forum for everything you have done.

 

[isatippy]

Read this https://www.techspot.com/vb/topic17297.html

 

[RealBlackStuff]

I would seriously advise you to dump Avant and start using Firefox instead.
Avant is just IE with a prettier face on, but also just as infection-prone as IE!

Boot in Safe Mode.
Switch System restore OFF.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
uymsqh.exe
svcnut.exe
prxaduiv.exe
sais.exe
bugdbtmd.exe
evuj.exe
tibs3.exe
srvc32.exe
spoolsrv32.exe

Next, if you can, UNinstall anything to do with:
c:\program files\180solutions\sais.exe

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
C:\WINDOWS\System32\uymsqh.exe
C:\WINDOWS\system32\svcnut.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.makemesearch.com/?said=382
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
O4 - HKLM\..\Run: [Windows Compliant] uymsqh.exe
O4 - HKLM\..\Run: [tKKc] C:\WINDOWS\prxaduiv.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [bugdbtmd] C:\WINDOWS\System32\bugdbtmd.exe
O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\RunServices: [Windows Compliant] uymsqh.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Windows Compliant] uymsqh.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O9 - Extra button: Microsoft AntiSpyware helper - {7A954329-098E-4AAC-BDE6-1CDEF76EE030} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A954329-098E-4AAC-BDE6-1CDEF76EE030} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111888296796
Unless these O17 addies are from YOUR ISP, also 'fix'
O17 - HKLM\System\CCS\Services\Tcpip\..\{B451E19D-0D2E-4566-9B05-A546E6532A45}: NameServer = 206.176.192.10,206.176.208.10

When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
Boot normal. When all OK, switch System Restore back on.

 

[Eddy Rassy]

Install and run Ad-Aware SE Professional. It will clean everything