Hi Gandalf, There looks to be several problems with your log and looking further I googled this line

O4 - HKCU..\Run: [amva] D:\WINDOWS\system32\amvo.exe
and got http://www.pchelpforum.com/hijackthis-logs/42301-hacktool-rootkit-strikes-back.html
and that is serious trouble so I will leave this for one of our resident experts.

You are welcome to follow the advice given there and post the results back here.

Also update your Java as it is way out of date. Delete the old entry when you have the latest version.

Hi Gandalf I can take over if you wish _ getting a bit busy here now

You have a variety of elements there so I will run a general cleaner and analysis tool first to see what is hiding

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

Hi essexboy,
Your help is much appreciated!!I followed up on the link Cloussau recommended…heres what i got.

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Jan 06, 2008 - 18:52:48

Scan Info

Scanned Files
482380
Infected Files
15

Virus Detected

Generic.Peed.Eml.C7FD27A5
1
Packer.Malware.NSAnti.J
13
Win32.BugBear.B@mm.Damaged
1

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

is that it?? because i still have the hide-unhide problem and each time i try to open a drive, a ‘open-with’ window opens…please help
I’ll attach the combo-fix long and the hijackthis log after scanning for your reference.

You have remnants of what looks like an old hackdefender infection so I would like to ensure that it has gone

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, the Advanced Options Menu should appear;
[*]Select the first option, to run Windows in Safe Mode, then press Enter.
[*]Choose your usual account.

[*] Open the extracted SDFix folder and double click RunThis.bat to start the script.
[*] Type Y to begin the cleanup process.
[*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
[*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
[*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

THEN

Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

D:\WINDOWS\system32\amvo1.dll
D:\WINDOWS\system32\mshost.dll
D:\WINDOWS\system32\SVKP.sys

Return to OTMoveIt, right click on the “Paste List of Files/Folders to be moved” window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY

Download and run ERUNT http://www.larshederer.homepage.t-online.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click “…” to browse your computer’s drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.

Next, select the backup options:

• System registry:

- Current user registy: .

• Other open user registries:

Click “OK” and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{500da6c4-1f26-11dc-9057-9e58c94adf39}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{52258050-f09e-11db-ba1e-a42cb8547228}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6e429f94-9016-11dc-a76e-00195bfcf94e}]

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop
http://img127.imageshack.us/img127/433/regtg8.jpg

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

If I could have the SDFix report, OTMoveit report and a Hijackthis log

Hi,
Thanks for taking an interest in this.I’m attaching the HJT & Combofix log as you asked…but OTMoveit didnt generate a report.I ran fix.reg and thats it. Take a look at this and lemme know what you think.Thanks a lot!

Looks better - two to fix with HJT

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

O2 - BHO: (no name) - {46279257-2463-2796-3683-279268379362} - D:\WINDOWS\system32\mshost.dll (file missing)
O21 - SSODL: mshost.dll - {46279257-2463-2796-3683-279268379362} - D:\WINDOWS\system32\mshost.dll (file missing)

[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

One to kill with Avenger

1. Please download The Avenger by Swandog46 to your Desktop.
   [*]Click on Avenger.zip to open the file[*]Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

[QUOTE]drivers to unload:
SVKP

Files to delete:
D:\WINDOWS\system32\SVKP.sys
[/quote]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
   [*] Under “Script file to execute” choose “Input Script Manually”.
   [*]Now click on the Magnifying Glass icon which will open a new window titled “View/edit script”
   [*] Paste the text copied to clipboard into this window by pressing (Ctrl+V).
   [*] Click Done
   [*] Now click on the Green Light to begin execution of the script
   [*] Answer “Yes” twice when prompted.
4. The Avenger will automatically do the following:
   [*]It will Restart your computer. ( In cases where the code to execute contains “Drivers to Unload”, The Avenger will actually restart your system twice.)
   [*]On reboot, it will briefly open a black command window on your desktop, this is normal.
   [*]After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
   [*] The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

@essex boy

Hi,
Thanks for the help.No offense but can i not try what you suggested in your last post.Is it mandatory?? Since its working fine now, I wanna leave it as it is, thats why.
Regards,
Gandalf

No problem the choice is yours as the infection is now crippled - but I would recommend deleting the Hijackthis lines as it wil reduce the chance of further infection