1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Cannot remove DMVLITE

Discussion in 'Malware and Virus Removal Archive' started by dmvlite-hell, 2005/03/14.

Thread Status:
Not open for further replies.
  1. 2005/03/14
    dmvlite-hell

    dmvlite-hell Inactive Thread Starter

    Joined:
    2005/03/14
    Messages:
    1
    Likes Received:
    0
    Approximately 4 days DMVLITE was downloaded to this machine. I am having a horrible time trying to remove the software. It has basically taken over my machine. The printer is not working, a game is not working. We are constantly getting popups even when IE is closed and the popup blocker is turned on. :confused:

    I have scanned it with Norton Antivirus, Ravantivirus. I have tried System Mechanic.

    It will not let me access Task Manager or system defrag. It has made it very hard to access my email and the system has slowed down even futher than it already was.

    I ran HiJack This and it is below. I have been trying everything I can think of for the last 4 days. A friend recommended this website to me.

    I would greatly appreciate your help. :eek:

    HiJackThis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:38:33 PM, on 3/14/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\BITDEFENDERX.EXE
    C:\windows\system32\zwmvhw.exe
    C:\WINDOWS\isrvs\desktop.exe
    C:\windows\system32\calc.exe
    C:\Program Files\Rfbxtd\Aqwm.exe
    C:\WINDOWS\system32\woygqu.exe
    C:\WINDOWS\TEMP\ICD1.tmp\svcmm32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\system32\oemgasvc.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\windows\system32\nhOESa.exe
    C:\windows\system32\myxC.exe
    C:\WINDOWS\system32\objput.exe
    C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
    C:\WINDOWS\system32\myxC.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\CxtPls\CxtPls.exe
    C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
    C:\WINDOWS\system32\vmss\vmss.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome to the Webb Internet

    Browser
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

    *.r3.attbi.com
    ;<local>;localhost
    R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program

    Files\SurfSideKick 2\SskBho.dll
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program

    Files\CxtPls\cxtpls.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1

    \SPYWAR~1\tools\iesdsg.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program

    Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [BitDefender Antivirus] BITDEFENDERX.EXE
    O4 - HKLM\..\Run: [zwmvhw] c:\windows\system32\zwmvhw.exe
    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
    O4 - HKLM\..\Run: [Zpgazmd] C:\Program Files\Rfbxtd\Aqwm.exe
    O4 - HKLM\..\Run: [vmss] C:\WINDOWS\system32\vmss\vmss.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [USB controller] "C:\WINDOWS\TEMP\ICD1.tmp\svcmm32.exe" /startup
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3

    \hpztsb09.exe
    O4 - HKLM\..\Run: [vsoU3EU] oemgasvc.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe "
    O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKLM\..\Run: [nhOESa] C:\windows\system32\nhOESa.exe
    O4 - HKLM\..\Run: [myxC.exe] c:\windows\system32\myxC.exe
    O4 - HKLM\..\Run: [razin] C:\DOCUME~1\Owner\LOCALS~1\Temp\rm05040901.Stub.exe
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
    O4 - HKCU\..\Run: [eB78ROYFU] objput.exe
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5

    \PopupStopper.exe "
    O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
    O4 - HKCU\..\RunOnce: [BitDefender Antivirus] BITDEFENDERX.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

    Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

    Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    blank (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

    \MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

    C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -

    http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

    http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4417/mcfscan.cab
    O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program

    Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program

    Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32

    \gearsec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet

    Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program

    Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program

    Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown

    owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1

    \COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\Security Center\SymWSC.exe




    Thank you in advance for any help.
     
    dmvlite-hell,
    #1
  2. 2005/03/14
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS :)

    Hate to say it, but your problem is deeper than DMVLite. Among others, you have a new nasty infection of explorer.exe. Please follow the instuctions here to remove it, and post back a new HijackThis log, as well as a log from the KAV scan when finished. We'll help with any further cleanup required.
     
    noahdfear,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...