Spyware.Remotespy[B-Type] HELP!!!!!!!!!!!!!!! - Page 2
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24

Thread: Spyware.Remotespy[B-Type] HELP!!!!!!!!!!!!!!!

  1. #16
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,493
    This is little bit strange, but let me analyze your log.
    I'll be back in a few.

  2. #17
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,493
    *** Download, and run QuickTime Killer: http://www.softpedia.com/get/System/...e-Killer.shtml
    After downloading, double click on EnGraphQuickTimeKillerInstaller.msi file.
    You may be asked to download, and install .NET Framework
    QuickTime Killer will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime. QuickTime itself won't be removed from your computer, and will be available whenever needed.

    *** Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the [b]Start[/b, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.

    1. Print this post out, since you won't have an access to it, at some point.

    2. Close all windows, except for HijackThis.

    3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with *], no actual program will be removed):

    - R3 - URLSearchHook: (no name) - - (no file)
    - *O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    - *O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    - *O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    - *O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
    - *O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
    - *O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    - *O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    - *O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    - *O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    - *O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    - *O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    - *O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    - *O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    - *O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    - *O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    - O4 - HKCU\..\Run: [winlogone] "C:\Users\Josh\AppData\Roaming\Google\visfdw.exe"
    - *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    - *O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    - *O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
    - *O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    - *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    - *O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    - *O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    - *O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    - *O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    - *O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    - *O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    - *O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    - *O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    4. Click on Fix checked button.

    5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

    6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

    7. Delete following files/folders (if present):

    - visfdw.exe file from C:\Users\Josh\AppData\Roaming\Google
    - Symantec Shared folder from C:\Program Files\Common Files
    - Symantec folder from C:\Program Files

    8. Restart in Normal Mode.

    9. Post new HijackThis log.

  3. #18
    Join Date
    Nov 2008
    Posts
    13
    i have to go to bed ill be back on tomorrow

  4. #19
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,493
    No problem

  5. #20
    Join Date
    Nov 2008
    Posts
    13
    the download you gave me was weird after i used the exe file i got avs video converter downloaded into my computer

  6. #21
    Join Date
    Nov 2008
    Posts
    13
    never mind i just clicked a diffrent download button on the same web page ...

  7. #22
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,493
    OOOK....

  8. #23
    Join Date
    Nov 2008
    Posts
    13
    sorry for not replying in so long i was having allot of issues...
    but anyway the quick time killer you told me to install is really weird it says i needed to install .net framework and i have several times but for some reason the quicktime killer download doesn't recognize it?

  9. #24
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,493
    Skip it. Proceed with other steps.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •