DMVlite and other nasties [HijackThis log included]

Download and Unzip the LSP tool
http://downloads.net-integration.net/lspfix.zip
alternate download >
http://castlecops.com/downloads-file-334.html
http://www.cexx.org/LSPFix.exe
close the internet connection and any programs that show in the taskbar,, start the tool, check the box that says you know what you are doing, fix all instances (and only those) of "dolsp.dll" (ie, move it/them to the remove window, click finish)

Now restart your computer, and delete that c:\winnt\system32\dolsp.dll

Start Hijackthis and place a check next to these items,
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders)
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {93196BC7-0695-FDE6-44B6-8F462B2B019F} - (no file)
O2 - BHO: (no name) - {D7EF944F-21EA-AE92-641D-B50DA532A27C} - (no file)
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [ntechin] C:\WINNT\system32\n20050308.exe
========================
Hit fix checked and close Hijackthis.
Restart the PC,

Replace the Hosts file with the one at the website
" "Blocking Unwanted Parasites with a Hosts File" " http://www.mvps.org/winhelp2002/hosts.htm
If you have any problems with that let us know.

Run find qoologic.bat again and post the log

 

qoologic log 1/27/05

Everything's working great. Here's the latest qoologic log. What's next?

C:\Documents and Settings\CBS4\My Documents\qoologic\qoologic

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINNT\system32\mmhpaz.exe: updates.qoologic.com
C:\WINNT\system32\uuezno.dll: updates.qoologic.com
C:\WINNT\system32\zzcgqy.dll: updates.qoologic.com
C:\WINNT\system32\installer.exe: .aspack
C:\WINNT\system32\oowygi.exe: .aspack
C:\WINNT\system32\yypqka.dat: .aspack

Files Found in all users startup Folder............
------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pphyiu.exe: .aspack
Files Found in all users windows Folder............
------------------------
Finished

 

Please copy this to a text for referance


Start KillBox.exe.
Click "Delete on Reboot "
Copy/Paste (not type or browse) this file into the top "Full Path of File to Delete" box.


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pphyiu.exe

Click the "Delete File" button which looks like a stop sign.
Click "Yes" at the Replace on Reboot prompt.
Click "No" at the Pending Operations prompt.
Repeat steps 5-9 above for these files.

C:\WINNT\system32\mmhpaz.exe
C:\WINNT\system32\uuezno.dll
C:\WINNT\system32\zzcgqy.dll
C:\WINNT\system32\installer.exe
C:\WINNT\system32\oowygi.exe
C:\WINNT\system32\yypqka.dat
C:\WINNT\system32\n20050308.exe
Exit Killbox, restart your PC

To double check
Onen the L2mfix folder Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. Copy the contents of that log and paste it into this thread.

But just post this section through to the bottom
>Files Found are not all bad files:<