Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

reformated to remove new win32 virus ,still keeps coming back

Reply
1 2

Join Date: Nov 2007
Posts: 15
Reputation: msfcool is an unknown quantity at this point 
Solved Threads: 0
msfcool msfcool is offline Offline
Newbie Poster

reformated to remove new win32 virus ,still keeps coming back

 
0
  #1
Jun 21st, 2008
hi

i am facing this new virus name new win32, i reformated my hard disk to remove it but still it keeps coming back...i do not why ,

and one more thing how this virus is coming because of internet ,or some other reason...just i want to know it

BUT important thing is after formating my hard disk also it is coming back ..please any one help me..rite now i am not in a mood to buy a new hard disk

thank u
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,002
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #2
Jun 21st, 2008
Are you doing a reformat, or simply installing the OS over the top of the original installation?
You must do a full reformat.

==

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 15
Reputation: msfcool is an unknown quantity at this point 
Solved Threads: 0
msfcool msfcool is offline Offline
Newbie Poster

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #3
Jun 21st, 2008
hi

well i think i am installing OS over my old version i think..can u show me how to reformat the system totaly ...do we have to do some physical changes like changing the jumper positio behind the hard disk...

as u said i have run that hijackthis program n here is the file...but i still cant figure it out how did this virus came in my system

here is the report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:03 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\quaryfyk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?pro...=about%3Ablank
O2 - BHO: tisqatyu.dll - {18093456-9012-4568-9076-908765467181} - C:\WINDOWS\system32\tisqatyu.dll
O2 - BHO: opshbbty.dll - {22596546-2036-9451-6058-658402589722} - C:\WINDOWS\system32\opshbbty.dll
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll
O2 - BHO: lassaplo.dll - {2B69874A-C58C-458D-69F0-698F874E41B2} - C:\WINDOWS\system32\lassaplo.dll
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - C:\WINDOWS\system32\skqncbib.dll
O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll
O2 - BHO: akjsckaq.dll - {3A908760-8000-4000-A000-9000322145A3} - C:\WINDOWS\system32\akjsckaq.dll
O2 - BHO: lijzclit.dll - {3C954872-1230-6541-9548-6541025884C3} - C:\WINDOWS\system32\lijzclit.dll
O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
O2 - BHO: mpwddapi.dll - {45694105-5108-9405-3695-954187462154} - C:\WINDOWS\system32\mpwddapi.dll
O2 - BHO: zptlcsys.dll - {50940F85-F015-14F1-A05F-F69858AC6D05} - C:\WINDOWS\system32\zptlcsys.dll
O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
O2 - BHO: ozfyebyt.dll - {5A069845-2036-6084-9054-6087502480A5} - C:\WINDOWS\system32\ozfyebyt.dll
O2 - BHO: arjrcler.dll - {5C69034A-F45F-D34D-A33A-C33C4D324FC5} - C:\WINDOWS\system32\arjrcler.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: zxmscwin.dll - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - C:\WINDOWS\system32\zxmscwin.dll
O2 - BHO: apsgfjba.dll - {6FD45A54-9875-698F-E56E-65102358FDF6} - C:\WINDOWS\system32\apsgfjba.dll
O2 - BHO: mndsgsrv.dll - {77FD640A-158F-48AC-FD14-1597F14A9777} - C:\WINDOWS\system32\mndsgsrv.dll
O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
O2 - BHO: yxfhcjpg.dll - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - C:\WINDOWS\system32\yxfhcjpg.dll
O2 - BHO: mpmyhapi.dll - {8629FF4F-ACDB-5C90-A098-FACB3456A268} - C:\WINDOWS\system32\mpmyhapi.dll
O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: yzztjmsn.dll - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - C:\WINDOWS\system32\yzztjmsn.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O20 - AppInit_DLLs: nhmxcjkl.dll,skqncbib.dll,tisqatyu.dll,yzztjmsn.dll,arjrcler.dll,akjsckaq.dll quaryfy.dll woasick.dll
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6606 bytes

and one more thing

usualy this virus is coming back when i am connecting to internet but some time with out connection also it comes back.........well when it comes when connected to internet it comes as gif file in temp folders in local setting where internet temporary files r there.....n if not conected to internet it comes in systemvolume information donot know wat kind of file it

from where it is coming internet or som other reason...

day before yesterday it said that my client program which conect to internet got corupted download it again.....and yesterday it came that it found same ip address using by other system on the network....

i am confused n worried wat is happening to my system
Last edited by msfcool; Jun 21st, 2008 at 3:52 pm.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,002
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #4
Jun 21st, 2008
Lets see if we can remove the virus first and worry about formatting later .

Please , also try to use correct English as it can be difficult for those of us who do not understand the abbreviations . Thanks.

==

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Post new HJT log.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 15
Reputation: msfcool is an unknown quantity at this point 
Solved Threads: 0
msfcool msfcool is offline Offline
Newbie Poster

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #5
Jun 22nd, 2008
hi

thanks for the information.i wil definately do that,

about my english i am really sorry i am little bad in it.

i will send you the report tommorrow because right now i am not at my desktop,But one thing i wanted to know where the hell this virus is coming from

thank you
MSF
Last edited by msfcool; Jun 22nd, 2008 at 11:30 am.
Reply With Quote Quick reply to this message  
Join Date: Jun 2008
Posts: 563
Reputation: OlyComputers will become famous soon enough OlyComputers will become famous soon enough 
Solved Threads: 34
OlyComputers OlyComputers is offline Offline
Posting Pro

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #6
Jun 22nd, 2008
It's coming from one of two places:
Your own hard drive if you didn't properly format.
Or you could be infected by another system on your network (you said something about another network computer, but I couldn't really make it out first thing in the morning).

As far as virus removal vs. reformat... I always advocate removal and reinstall as a last resort, but if he has just reinstalled the OS and lost everything anyway he might not have anything to lose from doing a nice clean format and reinstall.

If you do want to pursue a reformat, it will be an option during instalation. It should (depending on the version of windows you're installing) give you the options to format, quick format, or leave partition as is. You can also hit D at the partition selection portion to delete the existing partition completely and then create a new one in the free space, this will guarantee a clean format.
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 15
Reputation: msfcool is an unknown quantity at this point 
Solved Threads: 0
msfcool msfcool is offline Offline
Newbie Poster

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #7
Jun 23rd, 2008
hi

thanks for showing me where this virus is coming from...well i read on macfee site that to disable the restore utility option. so i did it and after that this virus did not came back but as soon as i connected to internet it started troubling me back.

two weeks back i connected another hard disk to extract some data from it. i am in a doubt whether the virus came from that hard disk or another systm on the network...as i told before some days back i got information on my system that same ip address is being used by another system on the network....

but the hard disk which i connected last 2 weeks back it was little damaged ..the drives of that disk was not getting open easily ..i had to go to explorer to open that drives in that another hard disk.......

i am confused and worried that from where the virus had come
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 15
Reputation: msfcool is an unknown quantity at this point 
Solved Threads: 0
msfcool msfcool is offline Offline
Newbie Poster

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #8
Jun 23rd, 2008
hi!

As you told me to run all those scan and send you the report s i have done them all and here are the results

1st malware byte result

Malwarebytes' Anti-Malware 1.18
Database version: 881

1:05:18 AM 6/23/2008
mbam-log-6-23-2008 (01-05-18).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 60337
Time elapsed: 21 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 36
Registry Keys Infected: 79
Registry Values Infected: 35
Registry Data Items Infected: 0
Folders Infected: 30
Files Infected: 153

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sergy.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ergfwe.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\tisqatyu.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\jfdses.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\wyrsdj.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\pedadt.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\hhrdxd.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\tfsdmz.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\cedafb.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\tdggrz.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zgrjdx.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\fsrgeb.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\nhmxcjkl.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\skqncbib.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yzztjmsn.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\arjrcler.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\akjsckaq.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\opshbbty.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zptlcsys.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\rijxbkin.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ozfyebyt.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\apsgfjba.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yxfhcjpg.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mpmyhapi.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mndsgsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\lassaplo.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\pjjxedwd.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\lijzclit.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\mpwddapi.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\zxmscwin.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\oswxdttb.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\Program Files\Starware316\bin\Starware316.dll (Adware.Starware) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{18093456-9012-4568-9076-908765467181} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18093456-9012-4568-9076-908765467181} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{81af1cf6-d1c9-4c6a-ac01-ede54e71945b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e51c0fd-ee36-434b-ad2a-fd1ff3731c38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e907a48-400e-4ea8-9792-ffae052d59e9} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{875e07b1-0614-43d9-a76e-d76a28ab3d7b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d165a2a-4bc1-4ca8-8299-08e05aaab5a4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea5d4b0e-b8ce-4761-8c7e-5d26369f0ec6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{32023698-6984-8541-9654-698745012523} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32023698-6984-8541-9654-698745012523} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a490415f-65f8-b5c5-d8ba-9405fb12054a} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a490415f-65f8-b5c5-d8ba-9405fb12054a} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c69034a-f45f-d34d-a33a-c33c4d324fc5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c69034a-f45f-d34d-a33a-c33c4d324fc5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3a908760-8000-4000-a000-9000322145a3} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3a908760-8000-4000-a000-9000322145a3} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{22596546-2036-9451-6058-658402589722} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22596546-2036-9451-6058-658402589722} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{25fd6584-698f-bcd2-602c-698745210352} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25fd6584-698f-bcd2-602c-698745210352} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5a069845-2036-6084-9054-6087502480a5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a069845-2036-6084-9054-6087502480a5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6fd45a54-9875-698f-e56e-65102358fdf6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6fd45a54-9875-698f-e56e-65102358fdf6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8629ff4f-acdb-5c90-a098-facb3456a268} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8629ff4f-acdb-5c90-a098-facb3456a268} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{77fd640a-158f-48ac-fd14-1597f14a9777} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77fd640a-158f-48ac-fd14-1597f14a9777} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2b69874a-c58c-458d-69f0-698f874e41b2} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b69874a-c58c-458d-69f0-698f874e41b2} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3c954872-1230-6541-9548-6541025884c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c954872-1230-6541-9548-6541025884c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43512378-9874-5641-1025-985420368734} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43512378-9874-5641-1025-985420368734} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a84e835e-1b9c-4fc0-980f-4b2da3c6a2a7} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bf0a1ff4-bbaf-487f-bc85-a24ef8f443a8} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.sinstaller.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sssinstaller.installer.1 (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0fbc3efb-fc98-4b32-bf10-bde9aa4dea5a} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a4b7d17-1de9-4c14-8adf-eb4c07060519} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abf441b2-9b57-4838-96a0-34b1cecd4aa5} (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74278296-0ec7-4f7a-ad55-eb7a2f35f311} (Adware.Comet) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\starware316 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{18093456-9012-4568-9076-908765467181} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{81af1cf6-d1c9-4c6a-ac01-ede54e71945b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1e51c0fd-ee36-434b-ad2a-fd1ff3731c38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5e907a48-400e-4ea8-9792-ffae052d59e9} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{875e07b1-0614-43d9-a76e-d76a28ab3d7b} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4d165a2a-4bc1-4ca8-8299-08e05aaab5a4} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ea5d4b0e-b8ce-4761-8c7e-5d26369f0ec6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32023698-6984-8541-9654-698745012523} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a490415f-65f8-b5c5-d8ba-9405fb12054a} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5c69034a-f45f-d34d-a33a-c33c4d324fc5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3a908760-8000-4000-a000-9000322145a3} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{22596546-2036-9451-6058-658402589722} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{25fd6584-698f-bcd2-602c-698745210352} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5a069845-2036-6084-9054-6087502480a5} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6fd45a54-9875-698f-e56e-65102358fdf6} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8629ff4f-acdb-5c90-a098-facb3456a268} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{77fd640a-158f-48ac-fd14-1597f14a9777} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2b69874a-c58c-458d-69f0-698f874e41b2} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3c954872-1230-6541-9548-6541025884c3} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{43512378-9874-5641-1025-985420368734} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Adware.Starware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Starware316 (Adware.Starware) -> Delete on reboot.
C:\Program Files\Starware316\bin (Adware.Starware) -> Delete on reboot.
C:\Program Files\Starware316\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop\bin (Adware.Comet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Music (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\sergy.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ergfwe.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\tisqatyu.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\jfdses.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\wyrsdj.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\pedadt.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\hhrdxd.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\tfsdmz.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\cedafb.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\tdggrz.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zgrjdx.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\fsrgeb.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\nhmxcjkl.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\skqncbib.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yzztjmsn.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\arjrcler.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\akjsckaq.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mnmhgsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\opshbbty.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zptlcsys.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\rijxbkin.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ozfyebyt.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\apsgfjba.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yxfhcjpg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mpmyhapi.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mndsgsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\lassaplo.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\pjjxedwd.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\lijzclit.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mpwddapi.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\zxmscwin.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\oswxdttb.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\Starware316\bin\Starware316.dll (Adware.Starware) -> Delete on reboot.
C:\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll (Adware.Comet) -> Quarantined and deleted successfully.
C:\WINDOWS\linkinfo.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\vcmgcd32.dl_ (Virus.Sality) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zdesfx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdralw.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f30.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f3B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f3D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f47.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f40.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f46.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f45.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f5B.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f49.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~fFF.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f8.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f7.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f9.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f21.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f5E.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f1E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f24.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f5F.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f60.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f61.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f66.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f68.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f69.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temp\~f6D.tmp (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\30[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\11[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\27[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\0A23M56Y\32[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\19[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\8[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\23[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\28[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\38[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\X7CY2RHD\42[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\EO2YQEHH\21[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\EO2YQEHH\15[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\17[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\25[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\26[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Local Settings\Temporary Internet Files\Content.IE5\I7ZUJQOJ\31[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\Starware316Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\Starware316Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware316\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Program Files\Screensavers.com\SSSInstaller\bin\screensavers.exe (Adware.Comet) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Music\Free_MusicOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Ringtones\RingtonesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sohail\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\MicroSoft.pif (Trojan.Agent) -> Quarantined and deleted successfully.

2nd combofix one

ComboFix 08-06-20.4 - Sohail 2008-06-23 1:30:20.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.762 [GMT -7:00]
Running from: C:\Documents and Settings\Sohail\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\hmsdvf.dll
C:\WINDOWS\system32\asfjthj.dll
C:\WINDOWS\system32\xfgnfx.dll
C:\WINDOWS\system32\hgfhk.dll
C:\WINDOWS\system32\njritc.dll
C:\WINDOWS\system32\oqrthc.dll
C:\WINDOWS\system32\zdbdb.dll
C:\WINDOWS\system32\lariytrz.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\AppPatch\AcXtrnel.dll
C:\WINDOWS\AppPatch\Jview.dll
C:\WINDOWS\system32\asfjthj.dll.vir
C:\WINDOWS\system32\cgsqatyu.sys
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\ergfwe.dll
C:\WINDOWS\system32\fassaplo.sys
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gajzalit.sys
C:\WINDOWS\system32\ghjyer.dll
C:\WINDOWS\system32\gjbhr.dll
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\hgfhk.cfg
C:\WINDOWS\system32\hgfhk.dll.vir
C:\WINDOWS\system32\hjk.dll
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\jashbbty.sys
C:\WINDOWS\system32\jkjkll.dll
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\lariytrz.dll.vir
C:\WINDOWS\system32\newxbttb.sys
C:\WINDOWS\system32\njritc.cfg
C:\WINDOWS\system32\njritc.dll.vir
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\oqrthc.dll.vir
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\sergy.dll
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\tiwxattb.sys
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\ujkwet.dll
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfgnfx.cfg
C:\WINDOWS\system32\xfgnfx.dll.vir
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\xzfhbjpg.sys
C:\WINDOWS\system32\ysjxbdwd.sys
C:\WINDOWS\system32\zdbdb.cfg
C:\WINDOWS\system32\zdbdb.dll.vir
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.

2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-23 00:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-23 00:34 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 00:34 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 23:22 . 2008-06-22 23:22 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\Ulead Systems
2008-06-22 23:21 . 2008-06-22 23:21 <DIR> d-------- C:\Program Files\NavExcel Search Toolbar
2008-06-22 23:21 . 2004-07-21 21:48 327,680 --a------ C:\WINDOWS\nxstinst.exe
2008-06-22 23:21 . 2008-06-22 23:21 57,344 --a------ C:\WINDOWS\remover.dll
2008-06-22 23:20 . 2008-06-22 23:21 <DIR> d-------- C:\Program Files\Burn4Free
2008-06-22 23:18 . 2008-06-22 23:18 <DIR> d-------- C:\Driver
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-22 23:17 . 2008-06-22 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-22 23:17 . 2003-07-10 00:07 57,344 --------- C:\WINDOWS\dvdrgn.exe
2008-06-22 23:17 . 2008-06-22 23:22 74 --ah----- C:\WINDOWS\UCMDPPG.ETF
2008-06-22 23:17 . 2008-06-22 23:22 74 --ah----- C:\WINDOWS\ACLASS.DMF
2008-06-22 22:08 . 2008-06-22 22:08 25 --a------ C:\WINDOWS\cdplayer.ini
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Real
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-22 22:07 . 2008-06-22 22:07 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 21:55 . 2008-06-22 21:56 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-06-22 21:55 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2008-06-22 21:55 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-06-22 21:55 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2008-06-21 11:24 . 2008-06-21 11:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 11:18 . 2008-06-23 00:12 24,576 --a------ C:\WINDOWS\system32\woasick.dll
2008-06-21 11:18 . 2008-06-23 00:12 24,576 --a------ C:\WINDOWS\system32\quaryfy.dll
2008-06-21 11:18 . 2008-06-23 00:12 10,240 --a------ C:\WINDOWS\system32\quaryfyk.exe
2008-06-21 03:09 . 2008-06-23 00:12 28,672 --a------ C:\WINDOWS\system32\verptw.dll
2008-06-21 03:09 . 2008-06-21 03:08 11,264 --a------ C:\WINDOWS\system32\verptwk.exe
2008-06-20 12:08 . 2001-08-22 23:30 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 12:07 . 2004-08-03 12:26 2,134,528 --a------ C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-20 12:05 . 2008-06-20 12:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-20 12:01 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-06-20 12:01 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Program Files\McAfee
2008-06-20 03:23 . 2008-06-20 03:23 <DIR> d-------- C:\Documents and Settings\Sohail\Application Data\McAfee
2008-06-20 03:23 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-06-20 03:22 . 2008-06-20 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-20 03:21 . 2008-06-20 03:21 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-20 03:21 . 2004-10-04 12:29 341,064 --a------ C:\WINDOWS\system32\mcinsctl.dll
2008-06-20 03:21 . 2004-09-07 06:14 279,624 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2008-06-20 02:48 . 2008-06-20 02:48 <DIR> d-------- C:\Program Files\RegistryFix6
2008-06-19 15:46 . 2008-06-23 00:40 18,048 --a------ C:\WINDOWS\system32\drivers\eth8023.sys
2008-06-19 14:57 . 2008-06-19 14:57 <DIR> d---s---- C:\Documents and Settings\Sohail\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 05:35 9,728 ----a-w C:\WINDOWS\AppPatch\AcSpecf.dll
2008-06-20 09:35 30 ----a-w C:\MicroSoft.bat
2008-06-20 09:35 186 ----a-w C:\MicroSoft.vbs
2008-06-19 22:46 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-06-19 06:37 --------- d-----w C:\Program Files\Sify Broadband
2008-06-19 06:31 --------- d-----w C:\Documents and Settings\Sohail\Application Data\Broadband
2008-06-19 06:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-19 06:14 --------- d-----w C:\Program Files\microsoft frontpage
2004-09-03 17:32 3,488 ----a-w C:\WINDOWS\inf\OTHER\CMIAINFO.SYS
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-04 02:26 9,216 --sha-w C:\WINDOWS\system32\tuker.dll
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\xsdjbbmp.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\rnmxajkl.sys
2004-08-08 06:45 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 06:46 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
2008-06-18 23:46 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB}]
2008-06-22 23:21 331776 --a------ C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= "C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll" [2008-06-22 23:21 331776]

[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5AA06644-BC46-4220-A460-47A6EB47C96D}"= C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [2008-06-22 23:21 331776]

[HKEY_CLASSES_ROOT\clsid\{5aa06644-bc46-4220-a460-47a6eb47c96d}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\NavExcelBar.NavExcelBarObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe" [2004-07-29 14:55 139264]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 15:15 139264]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 16:55 180224]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 18:26 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 16:34 184320]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-22 22:07 180269]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{00180018-0018-0018-0018-00180018BB15}"= C:\WINDOWS\system32\mstimewd.dll [2001-06-23 00:12 919188]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [ ]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-06-18 23:46 45056]
"mstimewd"= {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll [2001-06-23 00:12 919188]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys [2008-06-23 00:40]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 05:34:10 C:\WINDOWS\Tasks\McAfee.com Update Check (HOME-5CEA0A0A44-Sohail).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent.SohailPMcAfee SecurityCenter periodically checks for updates for your McAfee Services.
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 01:34:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHIELD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCREGWIZ.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-06-23 1:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 08:35:00

Pre-Run: 6,019,162,112 bytes free
Post-Run: 6,074,253,312 bytes free

224
3rd the fresh hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:31 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\McRegWiz.Exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O17 - HKLM\System\CS2\Services\Tcpip\..\{4560A5A8-FCF0-4907-ACD4-C6E43892C33E}: NameServer = 202.144.105.4,202.144.10.50
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: mstimewd - {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4600 bytes
still i am getting that virus
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 15
Reputation: msfcool is an unknown quantity at this point 
Solved Threads: 0
msfcool msfcool is offline Offline
Newbie Poster

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #9
Jun 23rd, 2008
i have saved my all important data in set of dvds

next time when i store them when system is fine does this virus will come back or the data will be safe.

if i am not wroung this virus is in my operating system...not on my other drives...

all other important documents which i stored are from other drives nnot from operating drive

so if i restore all the data back when my system is fine thus this virus will come back
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,002
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: reformated to remove new win32 virus ,still keeps coming back

 
0
  #10
Jun 23rd, 2008
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\woasick.dll
C:\WINDOWS\system32\quaryfy.dll
C:\WINDOWS\system32\quaryfyk.exe
C:\WINDOWS\system32\verptw.dll
C:\WINDOWS\system32\verptwk.exe
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\tuker.dll
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\smdsbsrv.sys

=========

Go to Add/Remove programs and uninstall the following, if present:

NavExcel Search Toolbar
NavHelper

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

=========

A. Please RUN HijackThis
  1. Click the SCAN button to produce a log.
  2. Place a check mark beside each one of the following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

    O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

    O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll (file missing)
    O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    O21 - SSODL: mstimewd - {00180018-0018-0018-0018-00180018BB15} - C:\WINDOWS\system32\mstimewd.dll

  3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\hmsdvf.dll
C:\WINDOWS\system32\mstimewd.dll
Folder::
C:\Program Files\NavExcel Search Toolbar
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Name: CFScript.gif Views: 27 Size: 27.1 KB


7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Last edited by crunchie; Jun 23rd, 2008 at 6:57 am.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC