problems

atenajinx · Jan 5, 2007

Hello,
I've got a problems with my computer. There is some problems to connect to internet/ websites. And my computer started to work very slowly.

Here is raport from hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 00:14:36, on 2007-01-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRAMY\Gadu-Gadu\gg.exe
D:\PROGRAMY\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAMY\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService)- Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Pls help ; )

Asia

src2206 · Jan 6, 2007

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

src2206 · Jan 7, 2007

Hello and welcome to TSF :smile:.

You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Your log is not showing much, still follow the next steps to check whether anything else is hiding in your system.

As you are having difficulties in connecting to internet, if you can not keep yourself long enough online, then please download all the following tools using another machine and then transfer and install all these tools to the troubled one using a CDROM or any other media of your choice.
---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
_______________________________________________________________________________

Downloads

1. Please download Cleanup! and install it. You will use this later. Do not install if you are using the 64 bit version of windows.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

If you find the above link is taking you to a out of service page, please use the following link to download this program:

http://www.stevengould.org/downloads/cleanup/CleanUp452.exe

2. Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

You can download updates manually from this link if you have used some other PC to download AVG AS: http://free.grisoft.com/doc/24/lng/us/tpl/v5
___________________________________________________________________________________

Disable Security Softwares

1. Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make.

From within Spyware Doctor, click the "OnGuard" button on the left side.
Uncheck "Activate OnGuard".

2. You need to disable winptrol.

Right-click the running icon of Winpatrol in the system tray and choose exit. It will automatically restart at next boot.

_____________________________________________________________________________________

Show Hidden Files and Folders

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no check mark beside Hide file extensions for known file types. Click OK.
______________________________________________

Fix

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Please remember to close all other windows, including browsers then click Fix checked.
______________________________________________________________

Cleanup!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files (if present)
Cleanup! All Users
Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.

Click OK
Press the CleanUp! button to start the program.
Do not logoff or reboot when prompted.

AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions

...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Reboot your system in Normal Mode.
______________________________________________

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on

located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on

then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Please provide the following logs with your next post:

AVG Anti-Spyware
Panda Scan
HijackThis (A fresh one)

As you are difficulties with internet connection, if you can not complete the Online Panda Scan, please post back the other two logs of the above list.

Please let me know about your systems overall behaviour :smile:.

atenajinx · Jan 8, 2007

src2206 said:
______________________________________________

Fix

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Please remember to close all other windows, including browsers then click Fix checked.
______________________________________________________________
.

Hello : ) This is my log from HijackThis in the safe mode :

Logfile of HijackThis v1.99.1
Scan saved at 23:36:06, on 2007-01-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAMY\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

I'm not sure , what should I do with this file: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Should I delete it ?

src2206 · Jan 8, 2007

Hello atenajinx

Unfortunately you have completely misunderstood my instructions. Please read them again carefully. Complete the fix following this broad guideline:

1. Download and install the tools I mentioned.

2. Boot in the safe mode.

3. Run a system scan with HijackThis.

4. Locate the above entry in the HJT scan window I asked you to fix, that is this one: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE. On the extreme left side this entry you can find one small square box. Click in the box to check mark this entry. Now look at the bottom left corner of the HJT program window. You can find a radio button marked as "Fix Checked". Click on this radio button. Let HJT fix the entry, close HJT. You need not to delete this file and fixing this entry does not mean that you are deleting this file.

5. Run CleanUp!

6. Run AVG Anti Spyware.

7. Reboot in Normal mode.

8. Run Panda Online Scan.

9. Run Hijack This again and save the Logfile this time which you need to post with the other two logs requested.

If you still have any doubts, please feel free to ask before performing the above fix.

atenajinx · Jan 9, 2007

src2206 said:
Hello atenajinx

Unfortunately you have completely misunderstood my instructions. .

language barrier : )

atenajinx · Jan 12, 2007

Ok, I'm back with all raports we need.

Here is AVG Anti-Spyware raport:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:37:41 2007-01-11

+ Scan result:

C:\Program Files\INSTAFIN -> Adware.404Search : No action taken.
C:\Program Files\INSTAFIN\Cache -> Adware.404Search : No action taken.
C:\Program Files\INSTAFIN\Cache\instafintb0300.cfg -> Adware.404Search : No action taken.
C:\Program Files\INSTAFIN\Uninstall.exe -> Adware.404Search : No action taken.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator -> Adware.Ucmore : No action taken.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : No action taken.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : No action taken.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : No action taken.
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0 -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : No action taken.
C:\Program Files\Common Files\Y1220OA.exe -> Downloader.PurityScan.dc : No action taken.
:mozilla.122:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.123:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.231:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.232:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.102:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.103:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.124:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.125:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.126:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.132:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.133:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.15:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.167:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.168:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.16:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.17:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.18:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.19:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.20:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.21:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.31:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.32:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.33:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.50:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.51:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.52:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.63:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
:mozilla.64:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : No action taken.
:mozilla.242:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.243:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.244:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.194:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.13:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.219:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.137:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.182:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.202:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.192:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.193:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.169:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Itrack : No action taken.
:mozilla.195:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.196:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.197:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.247:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.233:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.234:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.15:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.17:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.18:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.18:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.19:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.20:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.21:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.23:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.24:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.25:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.156:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.146:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.149:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.150:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.248:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

::Report end

Here is Panda Scan raport:

Adware:adware/ucmore Not disinfected C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator
Adware:adware/ncase Not disinfected c:\program files\INSTAFIN
Adware:adware/savenow Not disinfected c:\program files\VVSN
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.adserver.o2.pl/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[ilead.itrack.it/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.fastclick.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.advertising.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[.revenue.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt[.adserver.o2.pl/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt[.adserver.o2.pl/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt[.tradedoubler.com/]
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\How To Uninstall.lnk
Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\UCmore Tour.lnk
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Y1220OA.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Y1220OU.exe
Adware:Adware/Ucmore Not disinfected C:\Program Files\TheSearchAccelerator\IUCmore.dll
Adware:Adware/Ucmore

and here is HijackThis raport:
Logfile of HijackThis v1.99.1
Scan saved at 01:21:57, on 2007-01-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tlen.pl\tlen.exe
D:\PROGRAMY\Phone\Skype.exe
D:\PROGRAMY\Gadu-Gadu\gg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "D:\PROGRAMY\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAMY\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

atenajinx · Jan 12, 2007

And I forgot,
when I start my computer I've got this info :

"Cannot find import; Dll may be missing, corrupt, or wrong version File "rtl70.bpl", error 126"

src2206 · Jan 12, 2007

Hello atenajinx :smile:

atenajinx said:
Originally Posted by atenajunx
language barrier : )

Yes, a little. :smile: Take your time, if you do not understand something, please stop and ask me.

1. AVG Anti Spyware did not clean the infections. Please check your settings:

Launch AVG A-S

On the main screen select the "Scanner" icon at the top of the screen,

---------------------------------------------------------------
Select the "Settings" tab.

-----------------------------------------------------------------------
Once in the Settings screen click on "Recommended actions"

------------------------------------------------------------------------
Then select "Quarantine".

------------------------------------------------------------------------
Under "Reports"
- Select "Automatically generate report after every scan"
  ------------------------------------------------------
- Un-Select "Only if threats were found"

2. Download combofix from one of these locations:

http://download.bleepingcomputer.com/sUBs/zh/combofix.exe

**Save it to your desktop**

Do not use it now.

--------------------------------------------------------------------------

Fix

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

INSTAFIN

The Search Accelerator

VVSN
__________________________________________________________________

AVG Anti-Spyware

Run AVG Anti-Spyware: (...it's important that all windows must be closed)

Click Scanner

------------------------------------------------------------
Click on the Scan tab

-------------------------------------------------------------
Click Complete System Scan to begin scanning.

------------------------------------------------------------

Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"

---------------------------------------------------------------
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Reboot your system in Normal Mode.
________________________________________________________________

Online Scan

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will then begin downloading the latest definition files.

-------------------------------------------------------------------
Once the files have been downloaded click on NEXT

--------------------------------------------------------------------
Locate the Scan Settings button and configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
    
    [*]Scan Mail Bases
----------------------------------------------------------------
Click OK & have it scan My Computer

-----------------------------------------------------------------
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

---------------------------------------------------------------------
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing anti virus program while performing the online scan
________________________________________________________________

ComboFix

Double click on combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

So with your next post please provide:

Kaspersky Scan Report
combofix.txt

atenajinx said:
And I forgot,
when I start my computer I've got this info :

"Cannot find import; Dll may be missing, corrupt, or wrong version File "rtl70.bpl", error 126"

Well, that's a Borland Delphi 7 runtime library file; do you use programs from Delphi or have recently downloaded and installed (or uninstalled) some type of image converter?

atenajinx · Jan 15, 2007

Hello ; )

Kaspersky Raport:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 15, 2007 7:52:55 PM
Operating System: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/01/2007
Kaspersky Anti-Virus database records: 244088
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 66546
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:52:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Dane aplikacji\Sun\Java\Deployment\log\plugin150_06.trace Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\MSHist012007011520070116\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\hsperfdata_Administrator\3976 Object is locked skipped
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\~DFB727.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E044F32A-3E85-42F8-BE4D-64F615659460}\RP268\A0047816.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{E044F32A-3E85-42F8-BE4D-64F615659460}\RP268\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

and here is combofix raport :

"Administrator" - 07-01-15 20:05:44 Dodatek Service Pack 2
ComboFix 07-01-12 - Running from: "C:\Documents and Settings\Administrator\Pulpit"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\INSTALL.LOG

((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))

2007-01-15 18:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-15 18:39 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-15 18:38 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-01-12 00:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-11 21:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-11 21:52 <DIR> d-------- C:\Program Files\Grisoft
2007-01-08 22:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Dane aplikacji\TEMP
2007-01-08 22:40 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-01-08 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Dane aplikacji\PC Tools
2007-01-08 22:39 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-01-08 22:39 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-01-08 22:39 <DIR> d-------- C:\builds
2007-01-07 00:03 <DIR> d-------- C:\Program Files\InternetCalls.com
2007-01-05 00:00 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-01-05 00:00 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-01-05 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-05 00:00 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-01-04 23:36 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-04 23:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-01-04 23:30 910,336 --a------ C:\vx2cleaner.dll
2007-01-04 23:30 164,864 --a------ C:\UNWISE.EXE
2006-12-25 02:39 <DIR> d-------- C:\Program Files\iPod
2006-12-25 02:38 <DIR> d-------- C:\Program Files\iTunes
2006-12-25 02:36 <DIR> d-------- C:\Program Files\QuickTime
2006-12-25 02:35 <DIR> d-------- C:\Program Files\Apple Software Update

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-23 14:00 300048 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-01-15 19:54 -------- d-------- C:\DOCUME~1\ADMINI~1\Dane aplikacji\skype
2007-01-12 22:58 -------- d-------- C:\Program Files\winamp
2007-01-12 22:58 -------- d-------- C:\Program Files\tlen.pl
2007-01-12 22:55 -------- d-------- C:\Program Files\messenger
2007-01-12 22:43 -------- d-------- C:\Program Files\mozilla firefox
2007-01-09 02:22 -------- d-------- C:\DOCUME~1\ADMINI~1\Dane aplikacji\tlen.pl
2007-01-08 22:39 -------- d-------- C:\Program Files\screamer radio
2007-01-08 22:39 -------- d-------- C:\Program Files\gadu-gadu
2007-01-05 01:54 -------- d-------- C:\Program Files\emule

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Komunikator"="C:\\Program Files\\Tlen.pl\\tlen.exe"
"Skype"="\"D:\\PROGRAMY\\Phone\\Skype.exe\" /nosplash /minimized"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"Gadu-Gadu"="\"D:\\PROGRAMY\\Gadu-Gadu\\gg.exe\" /tray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://i.sciaga.pl/img/adstudent.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ file:///C:/DOCUME~1/ADMINI~1/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-15 20:07:24

atenajinx · Jan 15, 2007

src2206 said:
Well, that's a Borland Delphi 7 runtime library file; do you use programs from Delphi or have recently downloaded and installed (or uninstalled) some type of image converter?

I uninstalled photoshop program.

src2206 · Jan 15, 2007

Hello atenjinx :smile:

Have you completed the AVG scan second time, as I mentioned in post #9?

If yes,

please provide the report,

-------------------------------
If No

then, please complete the AVG Scan according to the instructions I have given in post number 09 here: http://www.techsupportforum.com/758630-post9.html

Paste the Scan Report here.

atenajinx · Jan 15, 2007

yes, yes, yes : ) i have this raport,
sorry

avg raport >>

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:30:51 2007-01-15

+ Scan result:

C:\Program Files\INSTAFIN -> Adware.404Search : Cleaned.
C:\Program Files\INSTAFIN\Cache -> Adware.404Search : Cleaned.
C:\Program Files\INSTAFIN\Cache\instafintb0300.cfg -> Adware.404Search : Cleaned.
C:\Program Files\INSTAFIN\Uninstall.exe -> Adware.404Search : Cleaned.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\Administrator\Menu Start\Programy\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : Cleaned.
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0 -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : Cleaned.
C:\Program Files\Common Files\Y1220OA.exe -> Downloader.PurityScan.dc : Cleaned.
:mozilla.155:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.254:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.123:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.124:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.141:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.142:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.156:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.157:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.158:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.161:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.162:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.51:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.52:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.63:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.64:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.64:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.72:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.73:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.74:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.264:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.265:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.266:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.218:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.118:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.243:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.166:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.206:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.226:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.216:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.193:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.219:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.220:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.221:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.269:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.255:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.256:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.17:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\finakmfz.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7yvl562f.Domyślny użytkownik2\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.182:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.172:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.175:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.176:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.270:C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\5ns1yr2s.Domyślny użytkownik\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

src2206 · Jan 16, 2007

Hello atenajinx :smile:

Well done, your logs are clean!

Please follow the set of instructions to complete the cleaning procedure and to immune your system against the unwanted guests :wink:.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Security Software

Enable Spyware Doctor's Onguard Protection.

Launch Spyware Doctor.
In the Spyware Doctor window, click the "OnGuard" button on the left side.
Check "Activate OnGuard".

System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Updating Java and Clearing Cache

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
- [*]Applications and Applets[*]Trace and Log Files
Click OK in the Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Settings Window
Click OK to leave the Java Control Panel.

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

You can also automate this process to save yourself from visiting Microsoft Update Site at regular intervals. To do that Enable Windows Auto Update in the following way
*Go to Start>Run - type wuaucpl.cpl
*Tick on the check box - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

SPYWARE PREVENTION SPEECH

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
PC Safety and Security--What Do I Need?
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Spyware Blaster - to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .
Spyware Guard to catch and block spyware before it can execute.
IE-Spyad to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Now navigate to C:\ie-spyad. Double click to open it. From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4
MVPS Hosts file - From within Host.zip, double click on MVPS.bat & allow it to run. This will replace your current Hosts file with one that will block known adware and spy websites

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

FIREWALLS

I suggest that you use a Third Party Firewall to protect your computer better. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

Comodo Personal Firewall- My personal favourite
ZoneAlarm
Tiny Personal Firewall
OutPost Firewall

FIREFOX

I suggest strongly that you use an alternate browser-Mozilla's Firefox; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker. Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Two more good browsers are Opera and Avant. You can download Opera Web Browser from here and Avant can be downloaded from here. Avant is a browser based on IE engine, but with much more security integrated, like blocking Flash animations etc. It is also very lite on system resources. So those sites which require IE to operate, Avant can be the best and secured replacement.

Protective Programs

Install Spybot - Search and Destroy - Download, Install and update Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. During installation choose to enable the Teatimer option as this will give you real time protection against any registry changes.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Download, Install and update Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Update all these programs along with your AntiVirus regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Run scans with your AntiVirus and other protective programs that I have listed here, at regular intervals and neutralise the threats that these softwares list.

Follow this list and your potential for being infected again will reduce dramatically.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing :wave:.

-------------------------------------------------------------------

Regarding your "rtl70.bpl" problem:

Are you still having this problem?

See if the following helps:

1. Try to use a registry cleaner. If you do not have any installed, you can find one from the following link:

http://www.majorgeeks.com/download.php?det=2579

Install it and run it, see if this solves your problem.

2. If method 1 did not solve your problem:

Download this file http://nwvault.ign.com/fms/Download.php?id=19616, unzip it and follow the prompts. This is an installer that will put three files, rtl70.bpl, vcl70.bpl, and vclx70.bpl, in your System directory. These files are needed for programs built with Delphi 7.

3. If method 2 does not solve your problem:

Start a new thread at our WindowsXP Support Forum giving details of your problem. Mention there that you have been cleared by us, that is, HijackThis Log Support Team. Put a link to this thread there too for their reference.

problems

Top Contributors this Month