i try for scan many time, keep scan and scan. it show safe, but i stil; atked by that trj virus. Any1 can help me :'(?? some file cant b delete coz file not found.

this is example:
File C:\Documents and Settings\Calciver\Local Settings\Temp\00DNw2jl.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\00DNw2jl.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\037jr4aR.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\037jr4aR.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\07Ch74T0.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\07Ch74T0.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\07J051fa.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\07J051fa.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\15G8axY3.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\15G8axY3.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\3c22FnTJ.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\3c22FnTJ.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\3hyd3rhe.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\3hyd3rhe.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\4P6MkGK7.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\4P6MkGK7.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\5wK6GF7W.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\5wK6GF7W.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\gT25fiTd.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\gT25fiTd.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\knTd335c.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\knTd335c.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\ny78Pq1U.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\ny78Pq1U.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\qN5KmxV0.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\qN5KmxV0.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\radBYlxD.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\radBYlxD.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\s3dj30G4.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\s3dj30G4.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\SEELdLN1.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\SEELdLN1.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\tFxx5G1m.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\tFxx5G1m.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\VjuSL3N5.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\VjuSL3N5.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\Xmu4f873.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\Xmu4f873.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp_avast4_\unp248327569.tmp[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\D76c8ypA.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\D76c8ypA.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\NetworkService\Local Settings\Temp\V77h1Wgp.exe[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\V77h1Wgp.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Program Files\Internet Explorer\RAVCHDMON.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP43\A0009476.exe is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024288.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024323.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024505.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024530.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024544.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024558.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024570.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024586.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024777.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP58\A0028814.exe is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\System Volume Information_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP58\A0028816.exe[Upack][Embedded#5060][Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate. So those that you have already deleted you have no options left.

For the other ones classed as not found, did you empty the Temp folder ?
They could have been placed in the temp folder as a result of another security application unpacking archives into the Temp folder and avast is detecting these files. However at the end of a scan the other scanner usually cleans up after its scan removing the files.
So does this ring any bells, what were you doing when these alerts happened ?

General cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
   If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

your “file not found” problem is only a misinterpretation of scan results… the infection was found in some embedded PE file… when some infection is found in embedded file, then its parent file is deleted… the same infection was found in the parent file (loaded in memory), but the file can’t be deleted, cause it was deleted by previous (underlaying) detection already…

i choosing the take no action and then starting boots time scan but it appear this problem. Now this problem is gone but the same virus keep attacking my pc. I move all the files to the chest but dont know how to do it then. Hv another suggestion??

there must be some dropper… can you post a HJT log here? you can find many tutorials on this forum how to do it…

If you want to do it by yourself, click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:08 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {a5edcd28-669c-44d7-afa0-6e6649e7fde4} - C:\WINDOWS\system32\comard.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM..\Run: [%FP%TM Net fts.exe] “C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe”
O4 - HKLM..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM..\Run: [StormCodec_Helper] “C:\Program Files\Storm Codec\StormSet.exe” /S /opti
O4 - HKLM..\Run: [SystemOptimizer] rundll32.exe “C:\WINDOWS\xxxvvw.dll”,forkonce
O4 - HKLM..\Run: [commomds] C:\WINDOWS\system32\win32.exe
O4 - HKLM..\Run: [RAVGJMON] C:\Program Files\Internet Explorer\RAVGJMON.exe
O4 - HKLM..\Run: [RAVDTHXMON] C:\Program Files\Internet Explorer\RAVDTHXMON.exe
O4 - HKLM..\Run: [RAVCHDMON] C:\Program Files\Internet Explorer\RAVCHDMON.exe
O4 - HKLM..\Run: [win32] C:\WINDOWS\system32\win32.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [RAVWLMON] C:\WINDOWS\system32\RAVWLMON.exe
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\Comodo\Firewall\CPF.exe” /background
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\Storm Codec\QTTask.exe” -atboottime
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip..{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O20 - AppInit_DLLs: jzgpri.dll
O20 - Winlogon Notify: comard - comard.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

–
End of file - 7760 bytes

Fix these:
O2 - BHO: (no name) - {a5edcd28-669c-44d7-afa0-6e6649e7fde4} - C:\WINDOWS\system32\comard.dll (file missing) - apart from the file is missing, check and make sure, a google search for this file returns zero hits, which in itself is suspicious
O20 - Winlogon Notify: comard - comard.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)

These are reported nasty and if avast hasn’t detected it a sample should be sent to avast I would also confirm using VT and Jotti (see below).
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll - see http://www.google.com/search?q=WebAssist.dll
O4 - HKLM..\Run: [RAVWLMON] C:\WINDOWS\system32\RAVWLMON.exe - see http://www.prevx.com/filenames/3417583867049942784-X1/RAVWLMON.EXE.html

O20 - AppInit_DLLs: jzgpri.dll - see http://www.castlecops.com/p981744-MD5_228b2084b7ade49987c38d87f84e1903_jzgpri_dll.html

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can’t do this with the file in the chest, you will need to move it out.

thx for ur help. I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

Do you mean outlook express ?
You shouldn’t have to do anything to it to send the zipped password protected files, however, OE might need the security settings sorted (Tools, Options, Security tab, uncheck the arrowed option in the image below), this was changed after a security update.

I don’t use MS Outlook so I can’t be any practical help there.

By far the best option is to add them to the user files section of the chest and send them from there as I mentioned above.

erm… I try but cant add. Add cant b choosen

Then you most likely haven’t clicked the User Files section icon on the left as you can’t Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.

also this item looks strange:

O4 - HKLM..\Run: [SystemOptimizer] rundll32.exe “C:\WINDOWS\xxxvvw.dll”,forkonce

after that i nid to add what file??

Yea, it is 1 of the threat. It make me headaches because i follow Tech™’s step it harm my system and avast. Now i also want to fix it or take no action. And my pc still infected by the win32 dialer

The only way to solve your dead problem if those virus are very hard to remove, it time to KILL your PC good bye and reformat your HD from scratch.

You should have cloned your HD long ago before you get your backside for a good hard scratching sand paper…Ouch! that virus must have got you stone COLD you couldn’t even move to your next task to KILL win32 dialer.

The one/s which you say are detected as infected file and you wanted to email, I though you knew what they were from your previous posts.

yes, i know where the infected files but i remove all to chest alrdy. after that i should take no action and attach to avast mail next time i hv detect it?? Or hv other way??

In theory there should be no need to send files to avast that are already detected by avast unless you feel that the detection isn’t correct.
So no need to take any action other than leave them in the chest foe a few weeks, scan the file again inside the chest (right click on the file) and if it is still detected then delete it from within the chest.

The only reason for giving the information was because you expressed you wanted to email the files to avast and were trying to find out how to do this in outlook. So I said they could be sent from the chest.

If you have already sent the files to the chest when they were detected there is no need to add them as they would be in the Infected Files section and could be sent from there.