i think i have spyware

All Trojans can be serious and often times they don't come alone. For example the one you named is described to like this:

Did you remove it?
Do you still have any malware symptoms?
Even if you don't, you could still have malware.

 

I think you'd be best to run the Read ME guide and attach all the requested logs going by your A2 scan, even if A2 removed spywarequake its likely you will have more malware still as they tend to come in multiples these days.

 

You may have to run the READ ME anyway but let's try the below first.


I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

How are things working now?

 

No problem don't forget 3 things need when you post!

• 2 different rapport.txt logs from the two step process given
• and then follow that up by explaining how things are working and describing any remaining problems if you have any.

In order to allow you to keep moving ahead without waiting for me, if you still have malware problems after completing the steps with SmitFraudFix then continue on with the below procedure.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

As stated in the READ & RUN ME in step 0, Normal Startup is what you want for most cases. If you are trying to remain in safe mode and you used MSconfig to get in safe mode then choosing Normal Startup would take you out of safe mode at the next boot up. So the question is are you trying to stay in safe mode or are you trying to get out of safe mode.

 

When you are not in safe mode, you must select Normal Startup mode!

You really should attach all 6 of the requested logs from the READ & RUN ME so we can verify that you are clean.

 

Your logs are clean. We just have a fe minor non-malware things to do.

BitDefender only found things in your Norton quarantine (which we requested that you empty in step 0 of the READ ME). And it also found things in System Restore which will only be fixed when we finish all malware removal and then do step 8 of the READ ME.

Panda did not find any real problems. The dialer.su is a false positive and the other items are just cookies which are not problems.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Now Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

After clicking Fix, exit HJT.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Make sure you tell me how things are working now!

 

Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Perhaps you did not properly/completely uninstall Norton before installing Avira. Norton can be just as difficult to uninstall as malware.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Core LC
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSymantec Core LC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot when it tells you it needs to.

After reboot, delete the below folder if found:
C:\Program Files\Common Files\Symantec Shared

Attach new logs from ShowNew and HijackThis.

Did that fixed your problem?

You only had one malware problem which was SpywareQuake.

 

Can you capture the popup into a legible image and attach it here?

 

I find FastStone Capture 5.3 very easy and handy. It can capture desktops, active windows, or any rectangular area you create. Works great.

 

It looks to me like Comodo Firewall did not do what it should do to make itself known to Windows Security Center. It should be showing as your firewall. Click the Recommendations button and then at the bottom of the next window, put a check in the box that says "I have a firewall solution that I'll monitor myself" Then click OK and close down security center. Reboot and see if you have anymore issues.

 

I have added comments in purple below!

Still not necessarily safe. Any P2P downloading can be dangerous as stated in: How to Protect yourself from malware!

I'm not sure what you are asking me but it is not a topic for the malware forum. However my opinion is Win XP should not be run with less than 1 Gb of RAM.



If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!

 

Those messages from Spybot are not threats. They are warnings that your security settings have been changed from the default settings of Windows. They are normal once you have installed any other antivirus or security suite/firewall to manage your security rather than Windows Secuirty Center. They do not need to be fixed and actually cannot be fixed. Warnings are informational in purpose only.