Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page amvo0.dll
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 01-19-2008, 11:19 AM   #1 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


amvo0.dll
whenever i open a USB the following comes up on my screen

THREAT DETECTED (AVG)

C/douments and setting/My account/ locals~1/temp/a.dll

virus found NSAnti


i then press move to vault

another threat detected....

C:\WINDOWS\syste32\amvo0.dll

Trojan horse PSW.Legendmir.JEU

i press heal.

yet it comes up everytime i open a usb or the sort...

i recently went on holiday so im guessing thats where this virus came from, on my usb...

weird thing is it opens the usbs files in a new window, which is also quite irratating.

any help?

another threat detected..... semo2x.exe

virus identified Obfustat.AEET

here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:17:47, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WINDOWS\4t-min.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s1.travian.co.uk/dorf2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [data] C:\CMPNENTS\NETFX\efestgrdf\TT 2006\data.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [typeteller] F:\Installation Packs\Loggers\typeteller2006_0145_setup\TypeTeller 2006\typeteller.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\WINDOWS\4t-min.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168778851593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Thanks,

Close

I have a project deadline and some important files i need to give to a friend on a usb... the problem is i cant give it him while there is viruses crawling around in my computer...
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 01-19-2008, 11:20 AM   #2 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
oh and also.. that logmein program i deleted ages ago.. its still there in the hijackthis log... any help on how to remove that aswell :) help would be much appreciated :)
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-21-2008, 11:24 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
*bump*
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-21-2008, 07:27 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,566
OS: 2000 Pro; XP Pro; XP Home


Re: amvo0.dll
Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

I need more information before continuing, please.

For now, I'd like a more comprehensive set of logs from Deckard's System Scanner.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

When it does, just close it, please. Next....
---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------


Open notepad and copy/paste the text in the quotebox below into it:

Quote:
type "C:\boot.ini">C:\look.txt
Start notepad C:\Look.txt
del peek.bat
Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Post the contents of that file in your next reply, and close the file.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 08:33 AM   #5 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
Thanks :) I'll do it now and reply when im done.
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 08:55 AM   #6 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
Deckard's System Scanner v20071014.68
Run by 03shebaz on 2008-01-22 16:47:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
33: 2008-01-22 16:47:27 UTC - RP413 - Deckard's System Scanner Restore Point
32: 2008-01-20 16:24:02 UTC - RP412 - System Checkpoint
31: 2008-01-19 08:21:21 UTC - RP411 - System Checkpoint
30: 2008-01-18 07:18:29 UTC - RP410 - Software Distribution Service 3.0
29: 2008-01-16 07:20:17 UTC - RP409 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-30 16:16:15 UTC - RP381 - Removed HP Photosmart Essential


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as 03shebaz.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:43, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WINDOWS\4t-min.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\03shebaz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s1.travian.co.uk/dorf2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [data] C:\CMPNENTS\NETFX\efestgrdf\TT 2006\data.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [typeteller] F:\Installation Packs\Loggers\typeteller2006_0145_setup\TypeTeller 2006\typeteller.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\WINDOWS\4t-min.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168778851593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 13619 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 radpms (Driver for RADPMS Device) - c:\windows\system32\drivers\radpms.sys (file missing)
S3 XDva009 - c:\windows\system32\xdva009.sys (file missing)
S3 XDva020 - c:\windows\system32\xdva020.sys (file missing)
S3 XDva031 - c:\windows\system32\xdva031.sys (file missing)
S3 XDva032 - c:\windows\system32\xdva032.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-22 16:50:00 428 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{057AC227-F8DB-45D7-9997-46391D924883}.job
2008-01-22 16:07:05 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-22 12:00:00 372 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
2008-01-20 09:00:00 354 --a------ C:\WINDOWS\Tasks\At1.job
2007-10-25 12:20:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-07-12 17:20:25 402 --ah----- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job


-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 16:38:00 0 d-------- C:\Program Files\Trend Micro
2008-01-06 14:18:45 0 d-------- C:\Program Files\Slacksoft
2008-01-06 13:22:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Macro Mania
2008-01-06 10:14:11 0 d-------- C:\Netgear
2008-01-06 07:32:16 7245824 --a------ C:\Documents and Settings\HP_Administrator\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-01-20 13:52:36 0 d-------- C:\Program Files\LimeWire
2008-01-11 16:41:36 0 d-------- C:\Program Files\MSN Messenger
2008-01-11 16:41:36 0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-06 12:15:40 0 d-------- C:\Program Files\Common Files
2008-01-06 12:15:39 0 d-------- C:\Program Files\btbb_wcm
2008-01-06 12:13:48 0 d-------- C:\Program Files\BT Home Hub
2007-12-15 10:58:26 0 d-------- C:\Program Files\Sword of The New World
2007-11-30 16:12:24 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 20:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [02/08/2005 23:19 C:\WINDOWS\arpwrmsg.exe]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 16:04]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [10/08/2005 07:33]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [02/06/2005 06:35]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 20:43]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/05/2005 06:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08/10/2004 11:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [18/01/2005 17:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [18/01/2005 17:37]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 16:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [10/03/2004 16:26]
"RTHDCPL"="RTHDCPL.EXE" [18/08/2005 14:20 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 12:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [10/08/2004 12:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [10/08/2004 12:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 12:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 12:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"data"="C:\CMPNENTS\NETFX\efestgrdf\TT 2006\data.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25/04/2007 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/2007 08:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [28/06/2007 08:14]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [06/01/2008 07:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"typeteller"="F:\Installation Packs\Loggers\typeteller2006_0145_setup\TypeTeller 2006\typeteller.exe" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 14:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 14:30]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [31/05/2005 05:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [18/01/2005 17:07]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 23:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 12:00]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"amva"="C:\WINDOWS\system32\amvo.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - C:\Program Files\WINDOWS\4t-min.exe [15/06/2007 16:54:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [10/08/2005 07:33:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/05/2005 06:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{139cedde-2ff8-11dc-a9ce-0013d4ea27ad}]
AutoRun\command- fooool.exe
explore\Command- fooool.exe
open\Command- fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5177bdaa-f49d-11db-a8cb-0013d4ea27ad}]
AutoRun\command- RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5177bdab-f49d-11db-a8cb-0013d4ea27ad}]
AutoRun\command- RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e2f566-820b-11db-a78c-0013d4ea27ad}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76dc82d0-09d1-11dc-a939-0013d4ea27ad}]
AutoRun\command- F:\usdeiect.com
explore\Command- F:\usdeiect.com
open\Command- F:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b55bef9e-1e7d-11dc-a985-0013d4ea27ad}]
AutoRun\command- semo2x.exe
explore\Command- semo2x.exe
open\Command- semo2x.exe




-- End of Deckard's System Scanner: finished at 2008-01-22 16:50:40 ------------
Attached Files
File Type: txt extra.txt (21.7 KB, 2 views)
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 08:58 AM   #7 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
the peek.bat txt file:

[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 08:59 AM   #8 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
oh by the way.. in the dss backup.. my avg came up with the threat detected page and said NsAnti was in there... so i pressed move to vault.
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 09:05 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,566
OS: 2000 Pro; XP Pro; XP Home


Re: amvo0.dll
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Run DSS again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick the boxes which should appear for these entries:

.js - unable to read key
.js - unable to read key

then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply.

---------------------------------------------------------------------------------------------
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disconnect from the internet....pull the plug!
  3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  4. Ensure that your USB stick drives are inserted.
  5. Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix.
  6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  7. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  8. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
  9. Re-establish an internet connection.
  10. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 11:15 AM   #10 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
Quote:
Originally Posted by tetonbob View Post
Run DSS again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick the boxes which should appear for these entries:

.js - unable to read key
.js - unable to read key

then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply.
DAFT Log saved on 2008-01-22 19:13:20
-----------------------------------------------------------------------
All associations okay!
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 11:19 AM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,566
OS: 2000 Pro; XP Pro; XP Home


Re: amvo0.dll
Great.

Please continue with next steps.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 11:28 AM   #12 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
Quote:
Originally Posted by tetonbob View Post
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disconnect from the internet....pull the plug!
  3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  4. Ensure that your USB stick drives are inserted.
  5. Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix.
  6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  7. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  8. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
  9. Re-establish an internet connection.
  10. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
ComboFix 08-01-23.1 - 03shebaz 2008-01-22 19:21:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT 0:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\windows
C:\Program Files\windows\4t-min.cnt
C:\Program Files\windows\4t-min.exe
C:\Program Files\windows\4t-min.GID
C:\Program Files\windows\4t-min.hlp
C:\Program Files\windows\4t-min.LOG
C:\Program Files\windows\4t-min_pad.xml
C:\Program Files\windows\company.url
C:\Program Files\windows\contact.url
C:\Program Files\windows\delReg.exe
C:\Program Files\windows\faq.url
C:\Program Files\windows\File_id.diz
C:\Program Files\windows\license.txt
C:\Program Files\windows\newsletter.url
C:\Program Files\windows\order.txt
C:\Program Files\windows\order.url
C:\Program Files\windows\orderfrm.txt
C:\Program Files\windows\product.url
C:\Program Files\windows\readme.txt
C:\Program Files\windows\ShellEh440.dll
C:\Program Files\windows\Tray.dll
C:\Program Files\windows\unins000.dat
C:\Program Files\windows\unins000.exe
C:\Program Files\windows\Whatsnew.txt
C:\Program Files\windows\wishlist.url
C:\WINDOWS\system32\autorun.ini
D:\Autorun.inf
K:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 19:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 16:43 . 2008-01-22 16:43 <DIR> d-------- C:\Deckard
2008-01-22 16:38 . 2008-01-22 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 14:18 . 2008-01-06 14:18 <DIR> d-------- C:\Program Files\Slacksoft
2008-01-06 13:22 . 2000-05-22 02:00 203,976 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-01-06 13:22 . 1996-06-20 19:57 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-01-06 13:22 . 1996-05-03 21:05 28,672 --a------ C:\WINDOWS\system32\Msghoo32.ocx
2008-01-06 10:14 . 2008-01-13 09:21 <DIR> d-------- C:\Netgear

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 13:52 --------- d-----w C:\Program Files\LimeWire
2008-01-11 16:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-11 16:41 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-06 12:15 --------- d-----w C:\Program Files\btbb_wcm
2008-01-06 12:13 --------- d-----w C:\Program Files\BT Home Hub
2007-12-15 10:58 --------- d-----w C:\Program Files\Sword of The New World
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2006-10-15 10:20 251 ----a-w C:\Program Files\wt3d.ini
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-10 12:00 524 --sh--r C:\WINDOWS\sscfgwin.sys
.
Code:
<pre>
----a-w         1,107,820 2003-02-04 16:22:52  C:\Documents and Settings\All Users\Documents\My Music\???? ?? ?????? .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 23:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 23:19 77312 C:\WINDOWS\arpwrmsg.exe]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 07:33 61440]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 12:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 12:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 12:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"data"="C:\CMPNENTS\NETFX\efestgrdf\TT 2006\data.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-25 15:24 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 07:30 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"typeteller"="F:\Installation Packs\Loggers\typeteller2006_0145_setup\TypeTeller 2006\typeteller.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 14:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30 81920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 10:36 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 12:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-10 07:33:06 61440]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-15 06:49]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{139cedde-2ff8-11dc-a9ce-0013d4ea27ad}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5177bdaa-f49d-11db-a8cb-0013d4ea27ad}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5177bdab-f49d-11db-a8cb-0013d4ea27ad}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e2f566-820b-11db-a78c-0013d4ea27ad}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76dc82d0-09d1-11dc-a939-0013d4ea27ad}]
\Shell\AutoRun\command - F:\usdeiect.com
\Shell\explore\Command - F:\usdeiect.com
\Shell\open\Command - F:\usdeiect.com

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 12:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 09:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
"2008-01-22 12:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-07-12 17:20:25 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-01-22 16:07:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-22 19:20:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{057AC227-F8DB-45D7-9997-46391D924883}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 19:23:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-23 19:24:23
ComboFix-quarantined-files.txt 2008-01-23 19:24:21
.
2008-01-18 07:18:36 --- E O F ---
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 11:29 AM   #13 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:56, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s1.travian.co.uk/dorf2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [data] C:\CMPNENTS\NETFX\efestgrdf\TT 2006\data.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [typeteller] F:\Installation Packs\Loggers\typeteller2006_0145_setup\TypeTeller 2006\typeteller.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\WINDOWS\4t-min.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168778851593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 13469 bytes
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 11:39 AM   #14 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,566
OS: 2000 Pro; XP Pro; XP Home


Re: amvo0.dll
No need to quote my instructions....thanks.

Once again, ensure your USB sticks (or whatever is usually F Drive) are inserted.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Killall::
File::
F:\usdeiect.com
C:\WINDOWS\system32\blastclnnn.exe
C:\WINDOWS\Tasks\At1.job

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{139cedde-2ff8-11dc-a9ce-0013d4ea27ad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5177bdaa-f49d-11db-a8cb-0013d4ea27ad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74e2f566-820b-11db-a78c-0013d4ea27ad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76dc82d0-09d1-11dc-a939-0013d4ea27ad}]
Save this as CScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 11:58 AM   #15 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
ComboFix 08-01-23.1 - 03shebaz 2008-01-23 19:49:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.521 [GMT 0:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\blastclnnn.exe
C:\WINDOWS\Tasks\At1.job
F:\usdeiect.com
.


erm.. it restarted then didnt do anything.... so i went to C:combofix and i found this
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 12:22 PM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,566
OS: 2000 Pro; XP Pro; XP Home


Re: amvo0.dll
It's possible one of your protection applications interfered with the completion.

Disconnect from the internet, disable all protection applications, and double-click on ComboFix.exe once again to run it.

re-enable protections, re-connect to the internet, and post the log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 12:58 PM   #17 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
ok it worked this time :)

ComboFix 08-01-23.1 - 03shebaz 2008-01-23 20:47:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT 0:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Tasks\At1.job

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 19:29 . 2008-01-23 19:29 <DIR> d-------- C:\Program Files\4t Tray Minimizer
2008-01-22 19:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 16:43 . 2008-01-22 16:43 <DIR> d-------- C:\Deckard
2008-01-22 16:38 . 2008-01-22 16:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 14:18 . 2008-01-06 14:18 <DIR> d-------- C:\Program Files\Slacksoft
2008-01-06 13:22 . 2000-05-22 02:00 203,976 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-01-06 13:22 . 1996-06-20 19:57 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-01-06 13:22 . 1996-05-03 21:05 28,672 --a------ C:\WINDOWS\system32\Msghoo32.ocx
2008-01-06 10:14 . 2008-01-13 09:21 <DIR> d-------- C:\Netgear

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 13:52 --------- d-----w C:\Program Files\LimeWire
2008-01-11 16:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-11 16:41 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-06 12:15 --------- d-----w C:\Program Files\btbb_wcm
2008-01-06 12:13 --------- d-----w C:\Program Files\BT Home Hub
2007-12-15 10:58 --------- d-----w C:\Program Files\Sword of The New World
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2006-10-15 10:20 251 ----a-w C:\Program Files\wt3d.ini
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-08-10 12:00 524 --sh--r C:\WINDOWS\sscfgwin.sys
.
Code:
<pre>
----a-w         1,107,820 2003-02-04 16:22:52  C:\Documents and Settings\All Users\Documents\My Music\???? ?? ?????? .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2008-01-23_19.24.04.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-22 19:21:15 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 19:48:56 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-22 19:21:15 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 19:48:56 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-22 19:21:15 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 19:48:56 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-22 19:21:15 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 19:48:56 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-22 19:21:15 7,245,824 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-23 19:48:56 7,245,824 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-22 19:21:15 155,648 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 19:48:56 155,648 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 23:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 23:19 77312 C:\WINDOWS\arpwrmsg.exe]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 07:33 61440]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 12:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 12:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 12:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 12:00 455168]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"data"="C:\CMPNENTS\NETFX\efestgrdf\TT 2006\data.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-25 15:24 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 08:14 270648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-06 07:30 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"typeteller"="F:\Installation Packs\Loggers\typeteller2006_0145_setup\TypeTeller 2006\typeteller.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 14:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30 81920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 10:36 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 12:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-10 07:33:06 61440]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-15 06:49]
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys []
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
S3 XDva031;XDva031;C:\WINDOWS\system32\XDva031.sys []
S3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5177bdab-f49d-11db-a8cb-0013d4ea27ad}]
\Shell\AutoRun\command - RavMon.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 12:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 20:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-07-12 17:20:25 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-01-23 19:57:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-23 20:50:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{057AC227-F8DB-45D7-9997-46391D924883}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 20:50:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-23 20:50:48
ComboFix-quarantined-files.txt 2008-01-23 20:50:46
ComboFix2.txt 2008-01-23 19:24:24
.
2008-01-23 19:29:13 --- E O F ---
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 01:16 PM   #18 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,566
OS: 2000 Pro; XP Pro; XP Home


Re: amvo0.dll
Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5177bdab-f49d-11db-a8cb-0013d4ea27ad}]
Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-22-2008, 01:24 PM   #19 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
ok im off for about half an hour, i leave it scanning till i come back, then i will paste the the report :) thank you for all this help so far, much appreciated :)
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-23-2008, 08:21 AM   #20 (permalink)
Registered User
 
Join Date: Jan 2008
Posts: 19
OS: WinXP


Re: amvo0.dll
It wont let me copy and paste the log file and the text file is 17.5mb so it is too big to attack to this post... whenever i copy and paste it here my computer starts lagging and internet explorer window freezes... may i ask why this text file is 17.5mb?
Close7 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:04 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84