my father and his stupid computer

By jackblackness
Apr 14, 2005
  1. Title edited by realblackstuff
    so i just built my dad a AMD 64 3000+ computer, (which had its own troubles in the making) and after a few weeks he has managed to ravage it with spyware beyond belief puke: ....i need help...i have attached his hijack this log file after using CWSshredder, AD-aware and the vx2 cleaner plugin along with spybot search and destroy immunizing his not sure if he has sp2 yet (it was set to downloading but i think he canceled it to use his computer sooner) this is the second time ive have run to techspot for help with this computer and i thank all helpers on this forum for everything you have done.

    Attached Files:

  2. isatippy

    isatippy TS Rookie Posts: 497

  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I would seriously advise you to dump Avant and start using Firefox instead.
    Avant is just IE with a prettier face on, but also just as infection-prone as IE!

    Boot in Safe Mode.
    Switch System restore OFF.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:


    Next, if you can, UNinstall anything to do with:
    c:\program files\180solutions\sais.exe

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpl.dll/blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
    O4 - HKLM\..\Run: [Windows Compliant] uymsqh.exe
    O4 - HKLM\..\Run: [tKKc] C:\WINDOWS\prxaduiv.exe
    O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
    O4 - HKLM\..\Run: [bugdbtmd] C:\WINDOWS\System32\bugdbtmd.exe
    O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
    O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
    O4 - HKLM\..\RunServices: [Windows Compliant] uymsqh.exe
    O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
    O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O4 - HKCU\..\Run: [Windows Compliant] uymsqh.exe
    O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
    O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O9 - Extra button: Microsoft AntiSpyware helper - {7A954329-098E-4AAC-BDE6-1CDEF76EE030} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A954329-098E-4AAC-BDE6-1CDEF76EE030} - (no file) (HKCU)
    O15 - Trusted Zone: (HKLM)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    Unless these O17 addies are from YOUR ISP, also 'fix'
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B451E19D-0D2E-4566-9B05-A546E6532A45}: NameServer =,

    When done, delete the highlighted bold files. When a directory-name is bold, delete everything in it, including that directory itself.
    Boot normal. When all OK, switch System Restore back on.
  4. Eddy Rassy

    Eddy Rassy TS Rookie Posts: 69

    Install and run Ad-Aware SE Professional. It will clean everything
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...