Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

help spyware is all over my computer

998 Views 10 Replies 2 Participants Last post by  imc1976

I was researching some medication that my mother had to take, and i got a message from semantic saying that a trojan horse virus was detected. Now i have a bunch of applications running on my pc, and i can't get them off. I have run ad aware, spybot search and destroy, and buster report, and the programs keep coming back. I also end up having my start page switched to "home search assistant" and I keep getting pop ups that say "only the best" My log form hijack this is as follows:

Can any one help?
Not open for further replies.
1 - 3 of 11 Posts
Welcome to TSG

Go to and download 'Hijack This!'.

First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
Then doubleclick the Hijackthis.exe.

Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

Someone here will be happy to help you analyze the results.
See less See more
Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

CWshredder from
Spybot - Search & Destroy from
Download Adaware SE


Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
and make sure you have all of Microsoft security updates

then reboot &

Run Sybot S&D

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &


Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
then post a new hijackthis log
See less See more
Go to control panel, add/remove programs and remove this

180Solutions (or 180Search)


Run hijackthis and fix the following items. Be sure all windows are closed except for hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zydwq.dll/sp.html#28129
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {ECFDC5BB-22C0-BB52-174D-50C3A13C509D} - C:\WINDOWS\system32\apicm.dll

O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [HG6d] C:\WINDOWS\luofno.exe

O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: *

O16 - DPF: {9F9264A2-BC41-4A06-9FA1-BF264DB0AAD9} (BackWeb Lite Install Runner) -

O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - C:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll

Reboot to safe mode and delet these

C:\DOCUME~1\ICOUGH~1\LOCALS~1\Temp\A.tmp.exe 3 28129
c:\program files\180solutions\sais.exe
C:\Program Files\ISTsvc\istsvc.exe

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

When you are sure you are clean turn it back on and create a restore point.

Reboot and post a new hijackthis log
See less See more
1 - 3 of 11 Posts
Not open for further replies.