I've had it.

P

plun

Grats Menno

Great !

--
plun

on 2005-08-23, Menno Hershberger supposed :

Now I'm pondering what to do next. Any more ideas?

Hi Menno

Time is money but this PC was important for your client !?

Either Andy takes a HijackThis log or you post it to
Aumha for help.

Well, here it is for what it's worth. The "repairs.dll" is the only
one that is a mystery to me. If I "fix" it, and then run HJT again,
it's back.

Logfile of HijackThis v1.99.1
Scan saved at 10:00:52 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot-S&D\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [gcasServ] "C:\Program
Files\Microsoft AntiSpyware \gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared \ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files
\Trend Micro\Tmas\Tmas.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/w
uw eb_site.cab?1124761906781
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: Shell Extensions -
C:\WINDOWS\system32\dEvclnt.dll O23 - Service: Symantec Event Manager
(ccEvtMgr) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password
Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings
Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite
control - ewido networks - C:\Program Files\ewido\security
suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect
Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton
AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall
Monitor Service (NPFMntor) - Symantec Corporation - C:\Program
Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan -
Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) -
Symantec Corporation - C: \Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec
Corporation - C:\Program Files \Common Files\Symantec
Shared\CCPD-LC\symlcsvc.exe
Click to expand...

Also, here's some experimenting I've done in Safe Mode directly after
cleaning with AdAware, spybot S&D, MSAS, ewido and the Trend Micro
Scanner. All giving it a clean bill of health. Then this...
http://www.mewnlite.com/spyware/
Click to expand...

I Googled "repair.dll" and only came up with ONE decent hit. Someone who
had experienced it and suspected it of being the one that created all the
other random named DLLs. I booted into the Restore Console and deleted
it. I haven't seen another popup yet and nothing has tried to install or
has tripped MSAS. I've known it was there all the time but none of the
scanners (MSAS, Ewido, TrendMicro, Spybot S&D, AdAware, SysClean) flagged
it.
Thanks to ALL who have helped me along with this!
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ABetterInternet and related adware 3
Possible Browser Hijack 4
Still Need Safe mode + Didn't block home page hijack 5
MSAS ... uninstalling it because it doesn't do nothing 4
XP Bites Me Again 7
MSAS Quarantined file - now can't load windows 5
INetSpeak Websearch keeps coming back 3
Safe mode resolution 4

Top