Spyware Please Help

Dell / Dell dimension 1100...
May 18, 2009 at 21:44:39
Specs: Microsoft Windows XP Home Edition, 2.793 GHz / 1277 MB
My computer is running really slow. I have tried AVG, Norton,Spybot. I just finished running a scan with Kaspersky and nothing found. There is definately something on this computer. Please help.

See More: Spyware Please Help

Report •

May 18, 2009 at 21:47:33
There is definately something on this computer. <--- Please elaborate on it,

To Private Message me Click Here

Report •

May 18, 2009 at 23:51:02
Or to be exact what was happening on the computer that make you think that it has a spyware.

Want A Weekly Update on Latest System Security Problem http://www.systemsecurityinstitute.org

Report •

May 19, 2009 at 10:45:03
MSN Messenger opening on its own after I had logged out and closed the program. My modem internet light never on even when I am logged in and surfing the web. Or when I try to go to different websites it will not connect and I get the diagnose connection problems message on the page. A couple of weeks ago my cousin said he found -- trojan agent - tdss on this computer but he also said he cleaned it out. He informed me of this during a phone call last night. God bless him!!!!!The last couple of weeks my computer is really slow, it takes forever to open up programs and when it does sometimes it opens up the program twice. I use internet explorer and sometimes when I log on to go to my homepage it opens my homepage and another page as well... This never happened before. I ran a scan with AVG today and its not picking up anything. I am going to run spybot again and see if it can find anything.

Report •

Related Solutions

May 19, 2009 at 10:49:38
Can you please post your AVZ log:

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial


To Private Message me Click Here

Report •

May 19, 2009 at 17:43:31
I hope this is what you need. Thank you very much for your help.

MD5: 120BC2E42721CAC96E75EFCE4AA84455

Report •

May 19, 2009 at 17:58:51
You log is clean please scan you pc with superantispyware: http://www.superantispyware.com/dow...

Run a full scan and please post superantispyware scan log once its finished.

To Private Message me Click Here

Report •

May 19, 2009 at 21:55:25
Here is the scan log information. Nothing again.

SUPERAntiSpyware Scan Log

Generated 05/20/2009 at 00:59 AM

Application Version : 4.26.1002

Core Rules Database Version : 3902
Trace Rules Database Version: 1848

Scan type : Complete Scan
Total Scan Time : 01:10:21

Memory items scanned : 514
Memory threats detected : 0
Registry items scanned : 7556
Registry threats detected : 0
File items scanned : 27090
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\CHARLENESKANES\Cookies\charlenes@xiti[1].txt
C:\Documents and Settings\CHARLENESKANES\Cookies\charlenes@adserver.adtechus[1].txt
C:\Documents and Settings\CHARLENESKANES\Cookies\charlenes@revsci[2].txt
C:\Documents and Settings\CHARLENESKANES\Cookies\charlenes@at.atwola[2].txt
C:\Documents and Settings\CHARLENESKANES\Cookies\charlenes@richmedia.yahoo[2].txt
C:\Documents and Settings\CHARLENESKANES\Cookies\charlenes@track.cbs[1].txt
C:\Documents and Settings\CHARLENESKANES\Cookies\charlenes@tacoda[2].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt
C:\Documents and Settings\Guest\Cookies\guest@richmedia.yahoo[1].txt

Report •

May 20, 2009 at 05:40:47
Doesn't seems their is anything wrong with it. You might want to try other cleaning tools like ccleaner.

To Private Message me Click Here

Report •

May 20, 2009 at 15:09:57
Try malwarebytes at malwarebytes.com

WinXp Amd 64 3000 Msi Neo2 Platinuim 1 gig ddr 400

Report •

May 20, 2009 at 21:39:38
Thank you for all your help.

Report •

May 22, 2009 at 21:16:30
I am still experiencing problems. My clock is changing times on its own and when I start up my computer it gets to the welcome screen and it seems like it just stalls.. It takes awhile for it to get to the main screen and for all the icons to appear on the main screen. My A: drive (floppy drive which I do not use) light keeps coming on after start up and continues to light up for some reason. When I click on Favorites and go to move my mouse down the list to select the link I want, it seems like I am in a tug of war to get the mouse to move.

I ran Malwarebytes Anti- Malware and have included the log. It did show an infected file but it said it was Quarantined and deleted successfully but I want to be sure. Is there anything else I need to do to make sure it is gone for good?

Malwarebytes' Anti-Malware 1.36
Database version: 2168
Windows 5.1.2600 Service Pack 3

5/22/2009 11:54:11 PM
mbam-log-2009-05-22 (23-54-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 172364
Time elapsed: 58 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\control\lsa\Hotfix-KB5504305 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Report •

May 22, 2009 at 21:19:06
Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

To Private Message me Click Here

Report •

May 22, 2009 at 22:07:54
Here is the file. Thanks for the help.

MD5: 234AED0858CA21C738BF51C838390CC8

Report •

May 22, 2009 at 22:38:05
CharleneS please check your private message for further details.

To Private Message me Click Here

Report •

May 22, 2009 at 23:30:54
I'm not sure if neoark has pointed out that there is evidence of 2 antivirus programs in your log.

This alone can cause serious system slowdown and even instability.

It may be that you have already uninstalled one, Mcafee or Norton, but there is evidence of it's presence still.

Both programs have uninstallers created by the vendor, so it would be wise to select the one you need to uninstall or the one that has already been removed and run it's removal tool too.

Norton Removal Tool by Symantec here

Mcafee Removal Tool by Mcafee here

Report •

May 23, 2009 at 00:19:29
Malware wise all seems good. Try: http://onecare.live.com/site/en-Us/... & http://onecare.live.com/site/en-Us/... See if those makes any difference.

To Private Message me Click Here

Report •

May 23, 2009 at 17:59:34
Thank you very much for all your help!!!!

Report •

May 23, 2009 at 18:05:44
Got it fixed?

To Private Message me Click Here

Report •

Ask Question