Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: "Your System is Infected" is virus leeching my computer - help please! :)  (Read 56151 times)

0 Members and 1 Guest are viewing this topic.

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 489
  • Experience: Familiar
  • OS: Windows 10
Hope you don't mind me jumping in Chris. :)

@pigeonpoo9 - You have a lot going on here. Please read and follow these instructions carefully and then post the logs.

Download Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

----------

Open HijackThis and select Do a system scan only

Vista users right click on HijackThis and select Run as Administrator. (you will receive a UAC prompt, please allow it)

Place a check mark next to the following entries: (if there)

- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

DirLook::
c:\windows\system32\zpord32

Folder::
c:\windows\system32\xerox32

File::
c:\windows\internat.exe
c:\windows\system32\win32avs.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Download The Avenger by Swandog46 and save it to your desktop.

* Extract avenger.exe from the Zip file and save it to your Desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Code box below, and paste it into the Input script here window:

Code: [Select]
Comment:

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | internat

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the "Reboot now?" question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.

* Add the Avenger log in your next post.

CBMatt

  • Mod & Malware Specialist


  • Prodigy

  • Sad and lonely...and loving every minute of it.
  • Thanked: 167
    • Yes
  • Experience: Experienced
  • OS: Windows 7
Hope you don't mind me jumping in Chris. :)
Not at all.  You're the one people really want to see anyway.  Heh.
Quote
An undefined problem has an infinite number of solutions.
—Robert A. Humphrey

pigeonpoo9

    Topic Starter


    Rookie

    Thanks for this.

    I got as far as downloading The Avenger - I tried several times, but every time I tried to and unzip the file after each attempt at download, Windows blocked it. When I unblocked the file and attempted to unzip again, Windows still refused to unzip it. Each time I downloaded the file, my antivirus claimed it was infecting me with "W32/Agent.HKS" and quarantined it. Eventually, my antivirus deleted the bloody folder. Nightmare.

    I've posted my ComboFix latest log, as per your latest instructions, evilfantasy. Sorry to be a pain.

    [attachment deleted by admin]

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Turn off your antivirus to download and unzip the Avenger.

    pigeonpoo9

      Topic Starter


      Rookie

      Done. Here's the log.
      Told you I was a pain! I had considered turning off the antivirus, but took on a shade of cowardice and wimped out. Sorry about that.

      When my computer rebooted after avenger, I got this message:

      Windows - No Disk
      Exception Processing Message
      C0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

      No clue what that means, but it didn't look good to me!

      Charlene

      [attachment deleted by admin]

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 489
      • Experience: Familiar
      • OS: Windows 10
      Download the MBR Rootkit Detector to your desktop.

      * Doubleclick mbr.exe and follow prompts.
      * A black DOS window will quickly appear then disappear.
      * When mbr.exe is finished it will create a log on your desktop.
      * Copy and paste contents of that log file to your next reply.

      ----------

      Download GMER and save it your desktop.

      * Extract it to your desktop and double-click GMER.exe
      * Click the rootkit tab and then scan.
      * Don't check the Show All box while scanning in progress!
      * When scanning is finished click Copy.
      * This copies the log to clipboard
      * Post the log in your reply.

      pigeonpoo9

        Topic Starter


        Rookie

        Done! :)

        [attachment deleted by admin]

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 489
        • Experience: Familiar
        • OS: Windows 10
        * Click START then RUN
        * Now type Combofix /u in the runbox
        * Make sure there's a space between Combofix and /u
        * Then hit Enter

        * The above procedure will:
        * Delete the following:
        * ComboFix and its associated files and folders.
        * Reset the clock settings.
        * Hide file extensions, if required.
        * Hide System/Hidden files, if required.
        * Set a new, clean Restore Point.

        ----------

        Clean out your temporary internet files and temp files.

        Download TFC by OldTimer to your desktop.

        Double-click TFC.exe to run it.

        Note: If you are running on Vista, right-click on the file and choose Run As Administrator

        TFC will close all programs when run, so make sure you have saved all your work before you begin.

        * Click the Start button to begin the cleaning process.
        * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
        * Please let TFC run uninterrupted until it is finished.

        Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

        ----------

        BitDefender Online Scanner is available only works with Internet Explorer! Click here for the latest version of Internet Explorer

        * Scan with the BitDefender Online Scanner
        * Click Start Scanner to begin.
        * Place a check mark next to I agree with the Terms and Conditions then click Start Here
        * Agree to the license and then Install the ActiveX control.
        * Please DO NOT change any of the Scanning Options!
        * Click Start Scan to begin updating the BitDefender Online Scanner. The scan will start once the definitions are up-to-date.

        * This scan can take a while so please be patient and let it complete.

        * Once BitDefender completes the scan:
        * Click-on the Detected Problems tab.
        * Then select Click here to export the scan report



        This will save a file named bdscan.html I would suggest saving it to the desktop so you can easily find it. (take notice of where you save it so you can find it later)
         
        You will have to upload the file online. The forums will not accept HTML.

        Go to File Dropper

        * Click Upload
        * Locate the file and double click it.
        * Copy the link below Share This Link: and post it back here.

        ----------

        Also let me know how the computer is running now.

        .

        pigeonpoo9

          Topic Starter


          Rookie


          pigeonpoo9

            Topic Starter


            Rookie

            Sorry, I forgot the last bit. It seems to be running ok - I'm going to restart it now and see how it gets on; I had a few problems after I ran TFC, as Windows claimed that my computer had recovered from a serious error after the scan.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            OK let's do the final steps and then see how everything is running.

            Use the Secunia Software Inspector to check for out of date software.
            • Click Start Now
            • Check the box next to Enable thorough system inspection.
            • Click Start
            • Allow the scan to finish and scroll down to see if any updates are needed.
            • Update anything listed.
            .
            ----------

            Go to Microsoft Windows Update and get all critical updates.

            ----------

            Suggestions...

            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

            SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
            * Using SpywareBlaster to protect your computer from Spyware and Malware
            * If you don't know what ActiveX controls are, see here

            Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

            Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

            pigeonpoo9

              Topic Starter


              Rookie

              I ran Secunia Software Inspector, and updated everything, other than Adobe Reader. When I tried downloading the patch, a message popped up to say that I'd either deleted Adobe Reader, or that the patch did not match my version of Adobe. I tried to update it via Adobe Reader, which also failed, and even tried uninstalling it, which also did not work. I also tried downloading the newest version, which didn't work; each time I tried one of these actions, a message would pop up saying it could not be completed, then it would reverse all actions. No idea what that was about.

              I've downloaded WOT, SpywareBlaster and Spybot - Search and Destroy. my concern is that I downloaded the versions for IE for WOT and SpywareBalster, but I use Apple Safari - will this make a difference?

              I also ran an anti-spyware scan using my antivirus before I did any of this, and found the following spyware:

              2 x AspackDie 1.1 (application)
              1 x Bifrost (registry)
              1 x WinAntiVirus Pro 2006 (registry)
              7 x Kollah (registry)
              1 x WinSpywareProtect (registry)

              Not sure that I like that; is it a good sign that my anti-spyware programme is picking them up, or should they just not be there given all of the steps I've taken so far?

              Sorry to be so utterly clueless.

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Is it Adobe Reader or Adobe Flash you are having problems with?

              WOT only works with Windows (all), Mac OS X, Linux or Firefox.

              Quote
              I also ran an anti-spyware scan using my antivirus before I did any of this, and found the following spyware:

              What antivirus?
              Can you get me a log?

              pigeonpoo9

                Topic Starter


                Rookie

                It was Adobe Reader Version 8 that I'm having trouble updating. I tried again after I posted that last message, and I think it worked, although I had to leave my computer for a while. I'll run the scanner again and see if it comes up in the list of programmes to be updated and have another go.

                Sorry, I realise how vague that was now! My anti-virius is PC Guard - it came with my Virgin Media broadband. Not sure if it's any good, but I had problems with AVG before to switched to this.

                After that last message, I ran another anti-spyware with PC Guard, which found fewer anti-spyware. Here is the log:

                PCguard Anti-Spyware
                Spyware Report (23/07/2009 15:51:15)
                Scan Target   Scanned Items   Detected Spyware Items
                PRESARIO (C:)   80824   0
                PRESARIO_RP (D:)   16630   0
                Cookies   276   2
                Registry   36051   8
                Memory   50   0
                Total   133831   10

                Spyware   Type   Item   Action
                DoubleClick   Spyware cookie   C:\Documents and Settings\Compaq_Administrator\cookies\[email protected][1].txt   Delete
                AtlasDMT.com   Spyware cookie   C:\Documents and Settings\Compaq_Administrator\cookies\[email protected][2].txt   Delete
                Kollah   Registry   hkey_local_machine \software\microsoft\windows nt\currentversion\network   Quarantine
                Kollah   Registry   hkey_users \S-1-5-18\software\microsoft\windows\currentversion\explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}   Quarantine
                Kollah   Registry   hkey_users \S-1-5-18\software\microsoft\windows\currentversion\explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}   Quarantine
                Kollah   Registry   hkey_users \S-1-5-19\software\microsoft\windows nt\currentversion\network   Quarantine
                Kollah   Registry   hkey_users \S-1-5-20\software\microsoft\windows nt\currentversion\network   Quarantine
                KoolyNoody   Registry   hkey_users \CAHive_S-1-5-21-1100775152-255130791-453027457-500\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net   Quarantine
                KoolyNoody   Registry   hkey_users \S-1-5-18\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net   Quarantine
                KoolyNoody   Registry   hkey_users \S-1-5-21-1100775152-255130791-453027457-1007\software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net   Quarantine

                File generated by PCguard Anti-Spyware

                I can't seem to access the log for the scan previous to this latest one (the one referenced in my last post); however I can get this log for the most recent scans using PC Guard:

                PCguard Anti-Spyware
                Spyware Report (23/07/2009 22:49:13)
                Spyware   Type   Date
                KoolyNoody   Registry   23/07/2009 15:51:20
                KoolyNoody   Registry   23/07/2009 15:51:20
                KoolyNoody   Registry   23/07/2009 15:51:20
                Kollah   Registry   23/07/2009 15:51:18
                Kollah   Registry   23/07/2009 15:51:18
                Kollah   Registry   23/07/2009 15:51:18
                Kollah   Registry   23/07/2009 15:51:18
                Kollah   Registry   23/07/2009 15:51:18
                DoubleClick   Spyware cookie   23/07/2009 15:51:16
                AtlasDMT.com   Spyware cookie   23/07/2009 15:51:15
                WinSpywareProtect   Registry   23/07/2009 13:55:17
                Kollah   Registry   23/07/2009 13:55:17
                Kollah   Registry   23/07/2009 13:55:17
                Kollah   Registry   23/07/2009 13:55:17
                Kollah   Registry   23/07/2009 13:55:17
                Kollah   Registry   23/07/2009 13:55:17
                Kollah   Registry   23/07/2009 13:55:17
                WinAntiVirus Pro 2006   Registry   23/07/2009 13:55:17
                Bifrost   Registry   23/07/2009 13:55:17
                Kollah   Registry   23/07/2009 13:55:17
                DoubleClick   Spyware cookie   23/07/2009 13:55:11
                DoubleClick   Spyware cookie   23/07/2009 13:55:11
                AtlasDMT.com   Spyware cookie   23/07/2009 13:55:11
                AtlasDMT.com   Spyware cookie   23/07/2009 13:55:11
                AtlasDMT.com   Spyware cookie   23/07/2009 13:55:11
                AtlasDMT.com   Spyware cookie   23/07/2009 13:55:11
                AtlasDMT.com   Spyware cookie   23/07/2009 13:55:11
                AspackDie 1.1   Application   23/07/2009 13:55:11
                AspackDie 1.1   Application   23/07/2009 13:55:10
                WinSpywareProtect   Registry   22/07/2009 19:44:45
                Kollah   Registry   22/07/2009 19:44:45
                Kollah   Registry   22/07/2009 19:44:45
                Kollah   Registry   22/07/2009 19:44:45
                Kollah   Registry   22/07/2009 19:44:45
                WinAntiVirus Pro 2006   Registry   22/07/2009 19:44:45
                Bifrost   Registry   22/07/2009 19:44:45
                Kollah   Registry   22/07/2009 19:44:45
                AtlasDMT.com   Spyware cookie   22/07/2009 19:44:41
                AtlasDMT.com   Spyware cookie   22/07/2009 19:44:41
                AtlasDMT.com   Spyware cookie   22/07/2009 19:44:40
                AtlasDMT.com   Spyware cookie   22/07/2009 19:44:40
                AtlasDMT.com   Spyware cookie   22/07/2009 19:44:40
                AtlasDMT.com   Spyware cookie   22/07/2009 19:44:40
                AspackDie 1.1   Application   22/07/2009 19:44:40
                AspackDie 1.1   Application   22/07/2009 19:44:40
                AspackDie 1.1   Application   22/07/2009 19:44:40
                Bifrost   Registry   22/07/2009 10:28:37
                Kollah   Registry   22/07/2009 10:28:37
                Kollah   Registry   22/07/2009 10:28:37
                Kollah   Registry   22/07/2009 10:28:37
                Kollah   Registry   22/07/2009 10:28:37
                Kollah   Registry   22/07/2009 10:28:37
                WinAntiVirus Pro 2006   Registry   22/07/2009 10:28:34
                WinSpywareProtect   Registry   22/07/2009 10:28:34
                DoubleClick   Spyware cookie   22/07/2009 10:28:34
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:34
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:34
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:34
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:34
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:34
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:34
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:33
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:33
                AtlasDMT.com   Spyware cookie   22/07/2009 10:28:33
                Kollah   Registry   21/07/2009 10:34:22
                Kollah   Registry   21/07/2009 10:34:22
                Kollah   Registry   21/07/2009 10:34:22
                Kollah   Registry   21/07/2009 10:34:22
                Kollah   Registry   21/07/2009 10:34:22
                AtlasDMT.com   Spyware cookie   21/07/2009 10:34:18
                AtlasDMT.com   Spyware cookie   21/07/2009 10:34:18
                AtlasDMT.com   Spyware cookie   21/07/2009 10:34:18
                Kollah   Registry   20/07/2009 10:44:02
                Kollah   Registry   20/07/2009 10:44:02
                Kollah   Registry   20/07/2009 10:44:02
                Kollah   Registry   20/07/2009 10:44:02
                Kollah   Registry   20/07/2009 10:44:02
                AtlasDMT.com   Spyware cookie   20/07/2009 10:43:59
                AtlasDMT.com   Spyware cookie   20/07/2009 10:43:59
                AtlasDMT.com   Spyware cookie   20/07/2009 10:43:59
                AtlasDMT.com   Spyware cookie   20/07/2009 10:43:59
                Kollah   Registry   19/07/2009 14:43:18
                Kollah   Registry   19/07/2009 14:43:18
                Kollah   Registry   19/07/2009 14:43:17
                Kollah   Registry   19/07/2009 14:43:17
                Kollah   Registry   19/07/2009 14:43:17
                AtlasDMT.com   Spyware cookie   19/07/2009 14:42:52
                Kollah   Registry   18/07/2009 11:21:12
                Kollah   Registry   18/07/2009 11:21:12
                Kollah   Registry   18/07/2009 11:21:12
                Kollah   Registry   18/07/2009 11:21:12
                AtlasDMT.com   Spyware cookie   18/07/2009 11:21:08
                AtlasDMT.com   Spyware cookie   18/07/2009 11:21:08
                AtlasDMT.com   Spyware cookie   18/07/2009 11:21:08
                AtlasDMT.com   Spyware cookie   18/07/2009 11:21:08
                Kollah   Registry   17/07/2009 18:00:19
                Kollah   Registry   17/07/2009 18:00:19
                Kollah   Registry   17/07/2009 18:00:19
                Kollah   Registry   17/07/2009 18:00:19
                Kollah   Registry   17/07/2009 18:00:19
                AtlasDMT.com   Spyware cookie   17/07/2009 18:00:16
                AtlasDMT.com   Spyware cookie   17/07/2009 18:00:16
                Kollah   Registry   16/07/2009 19:35:59
                Kollah   Registry   16/07/2009 19:35:59
                Kollah   Registry   16/07/2009 19:35:59
                Kollah   Registry   16/07/2009 19:35:59
                Kollah   Registry   16/07/2009 19:35:59
                AtlasDMT.com   Spyware cookie   16/07/2009 19:35:54
                AtlasDMT.com   Spyware cookie   16/07/2009 19:35:54
                Kollah   Registry   15/07/2009 18:00:10
                Kollah   Registry   15/07/2009 18:00:10
                Kollah   Registry   15/07/2009 18:00:10
                Kollah   Registry   15/07/2009 18:00:10
                Kollah   Registry   15/07/2009 18:00:10
                AtlasDMT.com   Spyware cookie   15/07/2009 17:59:35
                Kollah   Registry   14/07/2009 22:09:21
                Kollah   Registry   14/07/2009 22:09:21
                Kollah   Registry   14/07/2009 22:09:21
                Kollah   Registry   14/07/2009 22:09:21
                Kollah   Registry   14/07/2009 22:09:21
                DoubleClick   Spyware cookie   14/07/2009 22:09:17
                AtlasDMT.com   Spyware cookie   14/07/2009 22:09:17
                AtlasDMT.com   Spyware cookie   14/07/2009 22:09:17
                AtlasDMT.com   Spyware cookie   14/07/2009 22:09:16
                AtlasDMT.com   Spyware cookie   14/07/2009 22:09:16
                Kollah   Registry   13/07/2009 17:26:09
                Kollah   Registry   13/07/2009 17:26:09
                Kollah   Registry   13/07/2009 17:26:09
                Kollah   Registry   13/07/2009 17:26:09
                Kollah   Registry   13/07/2009 17:26:09
                AtlasDMT.com   Spyware cookie   13/07/2009 17:26:05
                AtlasDMT.com   Spyware cookie   13/07/2009 17:26:05
                Kollah   Registry   12/07/2009 21:41:19
                Kollah   Registry   12/07/2009 21:41:19
                Kollah   Registry   12/07/2009 21:41:19
                Serving-Sys   Spyware cookie   12/07/2009 21:41:16
                DoubleClick   Spyware cookie   12/07/2009 21:41:15
                AtlasDMT.com   Spyware cookie   12/07/2009 21:41:15
                Kollah   Registry   12/07/2009 20:14:58
                Kollah   Registry   12/07/2009 20:14:58
                Kollah   Registry   12/07/2009 20:14:58
                Kollah   Registry   12/07/2009 20:14:58
                Kollah   Registry   12/07/2009 20:14:58
                DoubleClick   Spyware cookie   12/07/2009 20:14:55
                DoubleClick   Spyware cookie   12/07/2009 20:14:55
                AtlasDMT.com   Spyware cookie   12/07/2009 20:14:55
                AtlasDMT.com   Spyware cookie   12/07/2009 20:14:55
                AtlasDMT.com   Spyware cookie   12/07/2009 20:14:55
                AtlasDMT.com   Spyware cookie   12/07/2009 20:14:55
                Kollah   Registry   11/07/2009 23:31:12
                Kollah   Registry   11/07/2009 23:31:12
                Kollah   Registry   11/07/2009 23:31:12
                Kollah   Registry   11/07/2009 23:31:12
                Kollah   Registry   11/07/2009 23:31:12
                Tacoda cookie   Spyware cookie   11/07/2009 23:31:08
                Serving-Sys   Spyware cookie   11/07/2009 23:31:08
                revsci.net   Spyware cookie   11/07/2009 23:31:08
                quantserve.com   Spyware cookie   11/07/2009 23:31:08
                DoubleClick   Spyware cookie   11/07/2009 23:31:08
                Com.com   Spyware cookie   11/07/2009 23:31:08
                BS.Serving-Sys   Spyware cookie   11/07/2009 23:31:08
                AtlasDMT.com   Spyware cookie   11/07/2009 23:31:08
                AtlasDMT.com   Spyware cookie   11/07/2009 23:31:07
                Advertising.com   Spyware cookie   11/07/2009 23:31:07
                Ad.YieldManager.com Cookie   Spyware cookie   11/07/2009 23:31:07
                Kollah   Registry   11/07/2009 18:40:01
                Kollah   Registry   11/07/2009 18:40:01
                Disable Task Manager Reg Entry   Registry   11/07/2009 18:40:01
                SillyDl NVU   Registry   11/07/2009 18:40:01
                SillyDl NVU   Registry   11/07/2009 18:40:01
                Kollah   Registry   11/07/2009 18:39:59
                Kollah   Registry   11/07/2009 18:39:59
                Kollah   Registry   11/07/2009 18:39:59
                Kollah   Registry   11/07/2009 18:39:59
                Tacoda cookie   Spyware cookie   11/07/2009 18:39:54
                Serving-Sys   Spyware cookie   11/07/2009 18:39:54
                Serving-Sys   Spyware cookie   11/07/2009 18:39:54
                sageanalyst.net   Spyware cookie   11/07/2009 18:39:54
                DoubleClick   Spyware cookie   11/07/2009 18:39:54
                DoubleClick   Spyware cookie   11/07/2009 18:39:54
                DoubleClick   Spyware cookie   11/07/2009 18:39:54
                DoubleClick   Spyware cookie   11/07/2009 18:39:54
                AtlasDMT.com   Spyware cookie   11/07/2009 18:39:54
                AtlasDMT.com   Spyware cookie   11/07/2009 18:39:54
                AtlasDMT.com   Spyware cookie   11/07/2009 18:39:54
                AtlasDMT.com   Spyware cookie   11/07/2009 18:39:54
                Advertising.com   Spyware cookie   11/07/2009 18:39:54
                Ad.YieldManager.com Cookie   Spyware cookie   11/07/2009 18:39:54
                247RealMedia.com   Spyware cookie   11/07/2009 18:39:54
                Advanced Virus Remover   Registry   10/07/2009 17:00:40
                Kollah   Registry   10/07/2009 17:00:40
                Kollah   Registry   10/07/2009 17:00:40
                Advanced Virus Remover   Registry   10/07/2009 17:00:40
                Advanced Virus Remover   Registry   10/07/2009 17:00:40
                SillyDl NVU   Registry   10/07/2009 17:00:40
                SillyDl NVU   Registry   10/07/2009 17:00:39
                Advanced Virus Remover   Registry   10/07/2009 17:00:37
                Disable Task Manager Reg Entry   Registry   10/07/2009 17:00:37
                Disable Task Manager Reg Entry   Registry   10/07/2009 17:00:37
                CMJSpy 0.5   Registry   10/07/2009 17:00:37

                File generated by PCguard Anti-Spyware

                I've put both of these logs into a notepad, just in case this is unreadable.

                Thanks :)

                [attachment deleted by admin]

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Is PCguard paid and updated?

                Would you mind switching to another very good FREE antivirus/antispyware? The Virgin Media PCguard is not the best and there are free solutions, not AVG, that will offer much better protection.

                Update Malwarebytes' Anti-Malware and run a Full scan.
                 
                * Open Malwarebytes' Anti-Malware
                * Select the Update tab
                * Click Check for Updates
                * After the update have been completed, Select the Scanner tab.
                * Select Perform full scan, then click on Scan
                * Leave the default options as it is and click on Start Scan
                * When done, you will be prompted. Click OK, then click on Show Results
                * Checked (ticked) all items and click on Remove Selected
                * After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the newest.