It appears you`re not running any firewall software. You should consider getting some, unless you have a hardware firewall. Google the free Zonealarm of Kerio firewall programmes.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.>
http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.>
http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.>
http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
WCRTUP~1.EXE
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: (no name) - {E80A98F4-5C3A-5B90-4494-50C0AB5352E4} - C:\WINDOWS\system32\icfz.dll (file missing)
O2 - BHO: (no name) - {E80A98F4-5C3A-5B90-4494-50C0AB5352E4} - C:\WINDOWS\system32\icfz.dll (file missing)
O4 - HKCU\..\Run: [Dbctpcne] C:\DOCUME~1\Mum\APPLIC~1\MANTEC~1\WCRTUP~1.EXE
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs:
Click on the fix checked button.
Close HJT.
Locate and delete the following
bold files and/or directories(if there).
C:\DOCUME~1\Mum\APPLIC~1\MANTEC~1\
WCRTUP~1.EXE
Delete all files in AVG Antispyware qurantine.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
This thread is for the use of Dariela only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.