[doesntmatter]

I have posted a hijack log 6 days agao and no response (I know you guys are busy)...so here is another post and another try........Aurora keeps poping up and can't get rid of it

Logfile of HijackThis v1.99.1
Scan saved at 3:21:38 PM, on 09/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\WINDOWS\system32\pctspk.exe
F:\WINDOWS\svcproc.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\WINDOWS\Explorer.exe
F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunesHelper.exe
F:\Program Files\TrojanHunter 4.2\THGuard.exe
F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\akkwvp.exe
F:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
F:\DOCUME~1\Tim\LOCALS~1\Temp\InSearch.exe
F:\WINDOWS\explorer.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\XBZ\aurareco.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\QVR\aurareco.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\AGG\aurareco.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\NDW\aurareco.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\UCM\aurareco.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\RVT\aurareco.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\ARZ\aurareco.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\BMI\aurareco.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Tim\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccRegVfy] F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [opr] F:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [winsync] F:\WINDOWS\system32\apaaap.exe reg_run
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe
O4 - HKLM\..\Run: [fyzxef] F:\WINDOWS\system32\akkwvp.exe r
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - F:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

[Advertisements]

Hi,

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.

• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• From the main ewido screen, click on update in the left menu, then click the Start update button.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
• If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
• When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

dk

[Danny]

Hi,

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.

• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
• From the main ewido screen, click on update in the left menu, then click the Start update button.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
• If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
• When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

dk

[doesntmatter]

Thanks for helping: Here are the scans.......





---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:35:22 PM, 09/19/2005
+ Report-Checksum: 2805892E

+ Scan result:

HKLM\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1iDesc -> Dialer.Generic : Cleaned with backup
[700] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[748] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[760] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[928] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[1092] F:\WINDOWS\System32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[1752] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[332] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[1132] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[1840] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[172] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[2064] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[2376] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[2396] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[3028] F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
:mozilla.27:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.46:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.47:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.48:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.59:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.60:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.61:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.67:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.69:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.70:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.71:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.98:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.102:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.103:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.104:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.105:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.119:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.127:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.130:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.131:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.132:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.135:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.136:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.143:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.148:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.149:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.175:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.176:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.181:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.182:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.183:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.189:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.190:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.191:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.192:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.193:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.194:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.195:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.202:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.204:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.205:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.208:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.209:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.210:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.211:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.212:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.213:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.214:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.215:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.219:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.222:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.223:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.224:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.225:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.226:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.227:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.228:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.230:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.240:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.241:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.242:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.244:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.245:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.249:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.250:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.251:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.252:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.253:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.254:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.255:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.256:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.257:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.258:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.259:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.260:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.261:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.262:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.263:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.264:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.265:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.266:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.267:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.268:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.271:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.272:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.273:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.276:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.277:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.278:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.279:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.280:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.281:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.282:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.283:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.284:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.288:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.289:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.290:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.292:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.293:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.294:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.295:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.298:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.300:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.301:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.310:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.322:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.323:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.334:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.339:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.347:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.362:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.363:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.364:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.365:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.367:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.370:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.372:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.375:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.376:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.377:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.378:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.379:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.380:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.389:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.390:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.391:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.392:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.393:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.394:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.395:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.396:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.397:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.398:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.404:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.405:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.406:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.407:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.410:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.411:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.412:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.413:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.414:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.415:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.416:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.417:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.418:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.419:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.430:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.431:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.433:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.434:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.437:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.438:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.439:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.440:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.442:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.443:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.444:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.445:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.446:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.447:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.467:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.475:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.476:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.477:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.478:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.479:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.480:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.486:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.487:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.488:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.489:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.490:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.491:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.492:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.493:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.494:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.495:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.496:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.497:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.500:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.501:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.502:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.503:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.509:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.511:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.514:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.527:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.528:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.529:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.530:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.531:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.532:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.543:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.544:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.545:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.546:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.553:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.557:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.558:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.560:F:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\sqabyybe.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
F:\Documents and Settings\Tim\Cookies\tim@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
F:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
F:\Program Files\Microsoft AntiSpyware\Quarantine\8E23E17F-1DD9-4801-AEB2-7F43DF\7212505F-9D06-4CB8-8BC4-BA67EC -> Trojan.Agent.db : Cleaned with backup
F:\WINDOWS\Nail.exe.tcf -> Adware.BetterInternet : Cleaned with backup
F:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
F:\WINDOWS\vcdsoyukp.exe -> Adware.BetterInternet : Cleaned with backup


::Report End





Logfile of HijackThis v1.99.1
Scan saved at 7:39:18 PM, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
F:\WINDOWS\system32\wuauclt.exe
F:\DOCUME~1\Tim\LOCALS~1\Temp\InSearch.exe
F:\Documents and Settings\Tim\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccRegVfy] F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [opr] F:\WINDOWS\system32\opr.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Danny]

Hi,

We're almost done

Open HijackThis, click the "Scan" button, and check the following items:

O4 - HKLM\..\Run: [opr] F:\WINDOWS\system32\opr.exe

Close all windows except HijackThis and click the "Fix Checked" button.

Find the following file and delete it:

F:\WINDOWS\system32\opr.exe

Reboot and post a new HijackThis log.

dk

[doesntmatter]

Here is my new one...........

Logfile of HijackThis v1.99.1
Scan saved at 11:24:52 PM, on 09/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\QuickTime\qttask.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Tim\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccRegVfy] F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Danny]

Hi,

Sorry for the delay. Just one more thing to do:

Open HijackThis, click the Scan button, and check the following item:

O20 - AppInit_DLLs: repairs.dll

Close all windows except HijackThis, and click the "Fix Checked" button.

Next, please enable viewing of hidden files as follows:

1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked

Now, locate repairs.dll. Try searching in C:\Windows\System32

Tell me if you find it or not.

Reboot, and post a new log for me.

dk

[doesntmatter]

Whn fixing I get this error message

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: repairs.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

....and it won't let me fix it.

I also found the repairs.dll in my Windows\System32

Edited by doesntmatter, 21 September 2005 - 08:02 PM.

[Danny]

Hi,

Try this:

Click Start --> Control Panel --> Add Remove Programs. Remove the following program:

SurfSideKick

Now try the fix again, and post a new log.

dk

[doesntmatter]

Surfside kick was not found.

[Danny]

It seems like we're going to have to do it the hard way:

First: BACK UP your REGISRY:

1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate and then click the subkey that contains the value that you want to edit.
4. On the File menu, click Export.
5. In the Save in box, select a location where you want to save the Registration Entries (.reg) file, type a file name in the File name box, and then click Save.

Next Edit the Registry:
Download RegLite from here
http://www.resplendence.com/downloads

Restart in Safe Mode

Open Reglite and Copy&Paste the bold text below into the Address Bar and hit Enter

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows

In the smaller left hand pane-> Right Click the Windows folder(Highlighted in Blue)

Select Rename-> Rename it to [B]Windoz-> Hit Enter

Now look in the larger right hand pane-> locate and double click AppInit_DLLs

Under Value-> Remove(Delete)-> repairs.dll

Open the Search Assistant(Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by every box under Advanced options

Now under All Files and Folders,enter this into the text box:

repairs.dll

Delete any exact matches


Restart and Open Reglite again-> go back to the folder you renamed to Windoz and Rename it again,back to Windows.

Have HijackThis fix this entry if its still there

O20 - AppInit_DLLs: repairs.dll

Reboot and post a new log.

dk

[doesntmatter]

It looks as though I understand everything except:

3. Locate and then click the subkey that contains the value that you want to edit.

How do I know what the value is I want to edit?? How do I locate it (do i have to go through each folder???

Thanks for helping

[Danny]

Er..Whoops..I just copied that from Microsofts website. Just when you open it, click "Export" and save it.

Sorry about the mixup.

dk

[doesntmatter]

Ok,
Did everything and got this error message when trying to delete repairs.dll in safe mode

Cannot delete repair.dll; it is being used by another person or program.
Close any programs that might be using this file and try again

So I then proceded to restart, changed windoz back to windows, opened HJ this and the O20 - AppInit_DLLs: repairs.dll was not there. Rebooted and here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 10:41:13 PM, on 09/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Tim\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccRegVfy] F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Danny]

Ok..Try this:

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot and End Explorer Shell while Deleting".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\System32\repairs.dll


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Now, post a new log.

dk

[doesntmatter]

Ok, ran killbox in safe, seleted the file and here is a new log......

Logfile of HijackThis v1.99.1
Scan saved at 2:12:22 PM, on 09/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
F:\WINDOWS\system32\CTsvcCDA.EXE
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
F:\WINDOWS\system32\pctspk.exe
F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
F:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
F:\Documents and Settings\Tim\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - F:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccRegVfy] F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] F:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] F:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RemoteCenter] F:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} (SdcNetCheckCtl Class) - http://activex.micro...jects/ocget.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - F:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - F:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe