1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help remove mirarsearch!

Discussion in 'Virus & Other Malware Removal' started by daisymahem, Nov 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. daisymahem

    daisymahem Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    4
    I have the same problem on my laptop. I followed your instruction and here is the log. I'd really appreciate the help. I quit using IE because of this but now MSN Explorer keeps telling me that messenger is not installed and when I click repair it just tells me to send report. I tried to unistall and reinstall msn explorer but to no avail.
    Logfile of HijackThis v1.99.1
    Scan saved at 6:01:05 PM, on 11/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Webshots\webshots.scr
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Lauren\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R3 - URLSearchHook: (no name) - {89AF2579-4090-7391-CA82-79F12F3D3C2D} - C:\WINDOWS\cozkbequ.dll
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {51DE7C0C-1138-6F35-05AC-9187500AB8DC} - C:\WINDOWS\cozkbequ.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
    O3 - Toolbar: Search - {8A01519A-0719-A8F0-2442-ACEDFF690E9D} - C:\WINDOWS\cozkbequ.dll
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
     
  2. daisymahem

    daisymahem Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    4
    Please if anyone can help get rid of this popup I would really appreciate it!
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Run HijackThis and click Open the Misc Tools section
    • Click Open Uninstall Manager
    • Save list
    • click on the Desktop icon or select to save the list on the desktop
    • then click save.

    Open the file and copy/paste the contents back here in your next reply.
     
  4. daisymahem

    daisymahem Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    4
    Thanks for your reply. I did as you asked and here is the list:


    Adobe Acrobat 5.0
    Adobe Flash Player ActiveX
    Age of Empires III - The WarChiefs
    ArcSoft PhotoBase
    ArcSoft PhotoStudio 2000
    ATI Display Driver
    AVG Free Edition
    Big Catch
    Bonus Mania
    Canon Web Publisher
    Cradle of Rome
    Deal or No Deal
    DiscWizard for Windows
    Easy-WebPrint
    FaxTools
    Form Fill (Windows Live Toolbar)
    Gateway Drivers and Applications Recovery
    GTW Modem
    Highlight Viewer (Windows Live Toolbar)
    HighRoller
    HijackThis 1.99.1
    Ho! Ho! Dough!
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hoyle Board Games 2003
    Hoyle Card Games 2003
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet
    Internet Explorer Q903235
    iWin Games (remove only)
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Jewel Quest (remove only)
    Jewel Quest 2 (remove only)
    L1400-L1150 USB-Handset Manager
    Legacy 6.0
    Lernout & Hauspie TruVoice American English TTS Engine
    Lexmark X74-X75
    Links LS 1999
    Lords of the Realm II
    Map Button (Windows Live Toolbar)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works 2002 Setup Launcher
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML4 Parser
    My Search Bar
    MysticForest
    NaviSearch
    Nero - Burning Rom
    OfficeReady Family Essentials
    OneCare Advisor (Windows Live Toolbar)
    Order In The Court
    Pirate Poppers
    Polar Bowler from WildGames (remove only)
    Polar Golfer from WildGames (remove only)
    Popup Blocker (Windows Live Toolbar)
    PowerDVD
    QuickTime
    RealPlayer Basic
    Reel Deal Slots - Downloads
    Reel Deal Slots - Nickels and More
    Reel Deal Slots 2nd Volume
    Reel Deal Slots Nickel Alley
    Related Page
    Scan Manager 5.2
    Search Assistant - My Search
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917537)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926247)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939373)
    Security Update for Windows XP (KB941202)
    Sierra Utilities
    Slots 100
    Smart Menus (Windows Live Toolbar)
    Street Atlas USA 5.0
    Synaptics Pointing Device Driver
    TSA
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Viewpoint Media Player
    Webshots Desktop
    WildTangent Web Driver
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live Messenger
    Windows Live Outlook Toolbar (Windows Live Toolbar)
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Media Player 9 Hotfix [See KB885492 for more information]
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinZip
    Woodsy Winnings
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Go to Add/Remove Programs and remove these:
    Java(TM) 6 Update 2
    My Search Bar
    NaviSearch
    Search Assistant - My Search



    Run HJT again and put a check in the following:

    R3 - URLSearchHook: (no name) - {89AF2579-4090-7391-CA82-79F12F3D3C2D} - C:\WINDOWS\cozkbequ.dll
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {51DE7C0C-1138-6F35-05AC-9187500AB8DC} - C:\WINDOWS\cozkbequ.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
    O3 - Toolbar: Search - {8A01519A-0719-A8F0-2442-ACEDFF690E9D} - C:\WINDOWS\cozkbequ.dll
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  6. daisymahem

    daisymahem Thread Starter

    Joined:
    Nov 8, 2007
    Messages:
    4
    I think it worked! Thanks so much! Here are the log files:

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:18:11 PM, on 11/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\GWMDMMSG.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Webshots\webshots.scr
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Lauren\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

    SuperAnti:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/13/2007 at 09:05 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3344
    Trace Rules Database Version: 1345

    Scan type : Complete Scan
    Total Scan Time : 00:43:08

    Memory items scanned : 412
    Memory threats detected : 0
    Registry items scanned : 4632
    Registry threats detected : 221
    File items scanned : 34808
    File threats detected : 55

    Adware.MyWay
    HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
    HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
    HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
    HKLM\Software\MyWay
    HKLM\Software\MyWay\myBar
    HKLM\Software\MyWay\myBar#Dir
    HKLM\Software\MyWay\myBar#pid
    HKLM\Software\MyWay\myBar#CurInstall
    HKLM\Software\MyWay\myBar#sr
    HKLM\Software\MyWay\myBar#pl
    HKLM\Software\MyWay\myBar#Id
    HKLM\Software\MyWay\myBar#CacheDir
    HKLM\Software\MyWay\myBar#HistoryDir
    HKLM\Software\MyWay\myBar#Visible
    HKLM\Software\MyWay\myBar#Maximized
    HKLM\Software\MyWay\myBar#SettingsDir
    HKLM\Software\MyWay\myBar#ConfigRevisionURL
    HKLM\Software\MyWay\myBar#ConfigDateStamp
    HKLM\Software\MyWay\SearchAssistant
    HKLM\Software\MyWay\SearchAssistant#Dir
    HKLM\Software\MyWay\SearchAssistant#pid
    HKLM\Software\MyWay\SearchAssistant#CurInstall
    HKLM\Software\MyWay\SearchAssistant#sr
    HKLM\Software\MyWay\SearchAssistant#pl
    HKLM\Software\MyWay\SearchAssistant#Id
    HKLM\Software\MyWay\SearchAssistant#CacheDir
    HKLM\Software\MyWay\SearchAssistant#ConfigDateStamp
    C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
    C:\Program Files\MyWay\myBar\1.bin
    C:\Program Files\MyWay\myBar\History\search
    C:\Program Files\MyWay\myBar\History
    C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
    C:\Program Files\MyWay\myBar\Settings
    C:\Program Files\MyWay\myBar
    C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
    C:\Program Files\MyWay\SrchAstt\1.bin
    C:\Program Files\MyWay\SrchAstt
    C:\Program Files\MyWay

    Trojan.ZQuest
    HKLM\Software\Classes\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}#AppID
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\Control
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\InprocServer32
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\MiscStatus
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\MiscStatus\1
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\ProgID
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\ToolboxBitmap32
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\TypeLib
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\Version
    HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\ADWERKZ.DLL

    Adware.Mirar/NetNucleus
    HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    C:\WINDOWS\SYSTEM32\WINNB57.DLL
    HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\InprocServer32
    HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\ProgID
    HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\Programmable
    HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\TypeLib
    HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
    HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
    HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid
    HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32
    HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib
    HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
    HKCR\NN_Bar_Dummy.NN_BarDummy
    HKCR\NN_Bar_Dummy.NN_BarDummy\CLSID
    HKCR\NN_Bar_Dummy.NN_BarDummy\CurVer
    HKCR\NN_Bar_Dummy.NN_BarDummy.1
    HKCR\NN_Bar_Dummy.NN_BarDummy.1\CLSID
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
    HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
    HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0
    HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0
    HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32
    HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS
    HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
    C:\WINDOWS\SYSTEM32\WINDMY.DLL
    C:\WINDOWS\SYSTEM32\WINATS.DLL
    C:\WINDOWS\876056.EXE
    C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200722-352.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076366.DLL

    Browser Hijacker.Internet Explorer Zone Hijack
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

    Adware.180solutions/Search Assistant
    HKCR\MediaGateway.Installer
    HKCR\MediaGateway.Installer\CLSID
    HKCR\MediaGateway.Installer\CurVer
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}#AppID
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Programmable
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib
    HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID

    Trojan.Error Safe Free
    HKLM\Software\Error Safe Free
    HKLM\Software\Error Safe Free#EulUERS_0001_N68M1801

    Adware.BookedSpace
    C:\WINDOWS\bsx32\ASI2.bsx
    C:\WINDOWS\bsx32\EECH1.bsx
    C:\WINDOWS\bsx32\ASISSRE.bsx
    C:\WINDOWS\bsx32\ASI5AFF.bsx
    C:\WINDOWS\bsx32\SPZ4.bsx
    C:\WINDOWS\bsx32\MYGEEK.bsx
    C:\WINDOWS\bsx32\bspace.html
    C:\WINDOWS\bsx32
    C:\WINDOWS\bsx32.ini
    HKCR\bookedspace.extension
    HKCR\bookedspace.extension\CLSID
    HKCR\bookedspace.extension\CurVer
    HKCR\bookedspace.extension.5
    HKCR\bookedspace.extension.5\CLSID
    HKLM\software\bookedspace
    HKLM\software\bookedspace\adware
    HKLM\software\bookedspace\adware#Version
    HKLM\software\bookedspace\adware#Referer
    HKLM\software\bookedspace\adware#Unique
    HKLM\software\bookedspace\adware#Stamp-Spawn
    HKLM\software\bookedspace\adware#Stamp-Update
    HKLM\software\bookedspace\adware#Count-Update
    HKLM\software\bookedspace\adware#Delay-Update
    HKLM\software\bookedspace\adware#Delay-MYGEEK
    HKLM\software\bookedspace\adware#Delay-SPZ4
    HKLM\software\bookedspace\adware#Delay-EECH1
    HKLM\software\bookedspace\adware#Delay-ASI5AFF
    HKLM\software\bookedspace\adware#Delay-ASISS3
    HKLM\software\bookedspace\adware#Delay-ASI2
    HKLM\software\bookedspace\adware#Campaigns
    HKLM\software\bookedspace\adware#Receipt-ASI2
    HKLM\software\bookedspace\adware#Data-ASI2
    HKLM\software\bookedspace\adware#Receipt-EECH1
    HKLM\software\bookedspace\adware#Data-EECH1
    HKLM\software\bookedspace\adware#Receipt-ASISSRE
    HKLM\software\bookedspace\adware#Data-ASISSRE
    HKLM\software\bookedspace\adware#Receipt-ASI5AFF
    HKLM\software\bookedspace\adware#Data-ASI5AFF
    HKLM\software\bookedspace\adware#Receipt-VENTAA7
    HKLM\software\bookedspace\adware#Receipt-MRR1
    HKLM\software\bookedspace\adware#Receipt-SPZ4
    HKLM\software\bookedspace\adware#Data-SPZ4
    HKLM\software\bookedspace\adware#Stamp-SPZ4
    HKLM\software\bookedspace\adware#Count-SPZ4
    HKLM\software\bookedspace\adware#Override
    HKLM\software\bookedspace\adware#Stamp-EECH1
    HKLM\software\bookedspace\adware#Count-EECH1
    HKLM\software\bookedspace\adware#Stamp-ASI2
    HKLM\software\bookedspace\adware#Count-ASI2
    HKLM\software\bookedspace\adware#Receipt-MYS1
    HKLM\software\bookedspace\adware#Receipt-MYGEEK
    HKLM\software\bookedspace\adware#Data-MYGEEK
    HKCR\AppId\BookedSpace.DLL
    HKCR\AppId\BookedSpace.DLL#AppID
    HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0
    HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0
    HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0\win32
    HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\FLAGS
    HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\HELPDIR
    HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}
    HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid
    HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid32
    HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib
    HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib#Version
    HKCR\AppId\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
    C:\WINDOWS\XIQGHSAX.DLL
    C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200721-770.DLL
    C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200721-767.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076364.DLL

    Adware.TargetSavers
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString

    Adware.Elite Media
    HKLM\Software\elite
    HKLM\Software\elite#check
    C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\ICD1.TMP\ELITE.INF
    C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\ICD1.TMP\ELITE.OCX

    Adware.Director
    HKU\S-1-5-21-343818398-1935655697-1343024091-1003\Software\Director

    Adware.Media Access
    HKCR\AppId\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}
    HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}
    HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid
    HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid32
    HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib
    HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib#Version
    HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}
    HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0
    HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0
    HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32
    HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS
    HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR

    Adware.ClickSpring/Yazzle
    HKCR\YazzleSudokuGame
    HKCR\YazzleSudokuGame\DefaultIcon
    HKCR\YazzleSudokuGame\shell
    HKCR\YazzleSudokuGame\shell\Open
    HKCR\YazzleSudokuGame\shell\Open\command
    HKLM\Software\Yazzle Sudoku

    Trojan.Services32
    C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE

    Unclassified.Unknown Origin/System
    C:\PROGRAM FILES\COMMON FILES\WMWZ\WMWZD\WMWZC.DLL

    Adware.eXact Advertising
    C:\WINDOWS\SYSTEM32\EXDL.EXE
    C:\WINDOWS\SYSTEM32\EXUL.EXE
    C:\WINDOWS\SYSTEM32\JAVEXULM.VXD
    C:\WINDOWS\SYSTEM32\NVMS.DLL
    C:\WINDOWS\SYSTEM32\MQEXDLM.SRG
    C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\A~NSISU_.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076355.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076356.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076358.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076359.EXE

    Adware.Webext
    C:\WINDOWS\SYSTEM32\FRAN-HOT.EXE

    Adware.Spyware Labs
    C:\WINDOWS\SYSTEM32\VB1.EXE

    TargetSaver, Inc. Process
    C:\WINDOWS\SYSTEM32\TSUNINST.EXE

    Trojan.Unknown Origin
    C:\WINDOWS\TEMPF.TXT

    Trojan.ErrorSafe
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\UERS_0001_N68M1801NETINSTALLER.EXE
    C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\ICD2.TMP\UERS_0001_N68M1801NETINSTALLER.EXE

    Trojan.Override
    C:\WINDOWS\PMYVBOBW.EXE

    Adware.IWinGames
    C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200722-717.DLL
    C:\_OTMOVEIT\MOVEDFILES\PROGRA~1\IWINGA~1\IWINGAMESHOOKIE.DLL

    Adware.SearchClickAds
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076365.DLL
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

    Close all applications and browser windows before you click "fix checked".


    Looks good. If you don't have any problems you should do a few things to your machine now.



    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

    Clean up your PC

    Here are some additional links for you to check out to help you with your computer security.

    How did I get infected in the first place.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/649659

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice