help remove mirarsearch!

daisymahem · Nov 8, 2007

I have the same problem on my laptop. I followed your instruction and here is the log. I'd really appreciate the help. I quit using IE because of this but now MSN Explorer keeps telling me that messenger is not installed and when I click repair it just tells me to send report. I tried to unistall and reinstall msn explorer but to no avail.
Logfile of HijackThis v1.99.1
Scan saved at 6:01:05 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Lauren\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {89AF2579-4090-7391-CA82-79F12F3D3C2D} - C:\WINDOWS\cozkbequ.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {51DE7C0C-1138-6F35-05AC-9187500AB8DC} - C:\WINDOWS\cozkbequ.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O3 - Toolbar: Search - {8A01519A-0719-A8F0-2442-ACEDFF690E9D} - C:\WINDOWS\cozkbequ.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

daisymahem · Nov 11, 2007

Please if anyone can help get rid of this popup I would really appreciate it!

cybertech · Nov 12, 2007

Hi, Welcome to TSG!!

Run HijackThis and click Open the Misc Tools section

Click Open Uninstall Manager

Save list

click on the Desktop icon or select to save the list on the desktop

then click save.

Open the file and copy/paste the contents back here in your next reply.

daisymahem · Nov 13, 2007

Thanks for your reply. I did as you asked and here is the list:

Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Age of Empires III - The WarChiefs
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ATI Display Driver
AVG Free Edition
Big Catch
Bonus Mania
Canon Web Publisher
Cradle of Rome
Deal or No Deal
DiscWizard for Windows
Easy-WebPrint
FaxTools
Form Fill (Windows Live Toolbar)
Gateway Drivers and Applications Recovery
GTW Modem
Highlight Viewer (Windows Live Toolbar)
HighRoller
HijackThis 1.99.1
Ho! Ho! Dough!
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hoyle Board Games 2003
Hoyle Card Games 2003
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Internet Explorer Q903235
iWin Games (remove only)
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Jewel Quest (remove only)
Jewel Quest 2 (remove only)
L1400-L1150 USB-Handset Manager
Legacy 6.0
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark X74-X75
Links LS 1999
Lords of the Realm II
Map Button (Windows Live Toolbar)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Web Publishing Wizard 1.52
Microsoft Works 2002 Setup Launcher
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
My Search Bar
MysticForest
NaviSearch
Nero - Burning Rom
OfficeReady Family Essentials
OneCare Advisor (Windows Live Toolbar)
Order In The Court
Pirate Poppers
Polar Bowler from WildGames (remove only)
Polar Golfer from WildGames (remove only)
Popup Blocker (Windows Live Toolbar)
PowerDVD
QuickTime
RealPlayer Basic
Reel Deal Slots - Downloads
Reel Deal Slots - Nickels and More
Reel Deal Slots 2nd Volume
Reel Deal Slots Nickel Alley
Related Page
Scan Manager 5.2
Search Assistant - My Search
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Sierra Utilities
Slots 100
Smart Menus (Windows Live Toolbar)
Street Atlas USA 5.0
Synaptics Pointing Device Driver
TSA
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Media Player
Webshots Desktop
WildTangent Web Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Woodsy Winnings

cybertech · Nov 13, 2007

Go to Add/Remove Programs and remove these:
Java(TM) 6 Update 2
My Search Bar
NaviSearch
Search Assistant - My Search

Run HJT again and put a check in the following:

R3 - URLSearchHook: (no name) - {89AF2579-4090-7391-CA82-79F12F3D3C2D} - C:\WINDOWS\cozkbequ.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {51DE7C0C-1138-6F35-05AC-9187500AB8DC} - C:\WINDOWS\cozkbequ.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O3 - Toolbar: Search - {8A01519A-0719-A8F0-2442-ACEDFF690E9D} - C:\WINDOWS\cozkbequ.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

Close all applications and browser windows before you click "fix checked".

Please download the OTMoveIt by OldTimer.

Save it to your desktop.

Please double-click OTMoveIt.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\PROGRA~1\IWINGA~1\

Click to expand...

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

Under "Configuration and Preferences", click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Scan for tracking cookies.

Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.

Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

On the left, make sure you check C:\Fixed Drive.

On the right, under "Complete Scan", choose Perform Complete Scan.

Click "Next" to start the scan. Please be patient while it scans your computer.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

Make sure everything has a checkmark next to it and click "Next".

A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes".

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Please copy and paste the Scan Log results in your next reply with a new hijackthis log.

Click Close to exit the program.

daisymahem · Nov 13, 2007

I think it worked! Thanks so much! Here are the log files:

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 9:18:11 PM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Lauren\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

SuperAnti:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2007 at 09:05 PM

Application Version : 3.9.1008

Core Rules Database Version : 3344
Trace Rules Database Version: 1345

Scan type : Complete Scan
Total Scan Time : 00:43:08

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 4632
Registry threats detected : 221
File items scanned : 34808
File threats detected : 55

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\SearchAssistant
HKLM\Software\MyWay\SearchAssistant#Dir
HKLM\Software\MyWay\SearchAssistant#pid
HKLM\Software\MyWay\SearchAssistant#CurInstall
HKLM\Software\MyWay\SearchAssistant#sr
HKLM\Software\MyWay\SearchAssistant#pl
HKLM\Software\MyWay\SearchAssistant#Id
HKLM\Software\MyWay\SearchAssistant#CacheDir
HKLM\Software\MyWay\SearchAssistant#ConfigDateStamp
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
C:\Program Files\MyWay\myBar\1.bin
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
C:\Program Files\MyWay\SrchAstt\1.bin
C:\Program Files\MyWay\SrchAstt
C:\Program Files\MyWay

Trojan.ZQuest
HKLM\Software\Classes\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}#AppID
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\Control
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\InprocServer32
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\InprocServer32#ThreadingModel
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\MiscStatus
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\MiscStatus\1
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\ProgID
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\ToolboxBitmap32
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\TypeLib
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\Version
HKCR\CLSID\{4AD73894-A895-4FC2-B233-299867E08753}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\ADWERKZ.DLL

Adware.Mirar/NetNucleus
HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
C:\WINDOWS\SYSTEM32\WINNB57.DLL
HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\InprocServer32
HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\ProgID
HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\Programmable
HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\TypeLib
HKCR\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib
HKCR\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib#Version
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
HKCR\NN_Bar_Dummy.NN_BarDummy
HKCR\NN_Bar_Dummy.NN_BarDummy\CLSID
HKCR\NN_Bar_Dummy.NN_BarDummy\CurVer
HKCR\NN_Bar_Dummy.NN_BarDummy.1
HKCR\NN_Bar_Dummy.NN_BarDummy.1\CLSID
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS
HKCR\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}#UninstallString
C:\WINDOWS\SYSTEM32\WINDMY.DLL
C:\WINDOWS\SYSTEM32\WINATS.DLL
C:\WINDOWS\876056.EXE
C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200722-352.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076366.DLL

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

Adware.180solutions/Search Assistant
HKCR\MediaGateway.Installer
HKCR\MediaGateway.Installer\CLSID
HKCR\MediaGateway.Installer\CurVer
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}#AppID
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\Programmable
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID

Trojan.Error Safe Free
HKLM\Software\Error Safe Free
HKLM\Software\Error Safe Free#EulUERS_0001_N68M1801

Adware.BookedSpace
C:\WINDOWS\bsx32\ASI2.bsx
C:\WINDOWS\bsx32\EECH1.bsx
C:\WINDOWS\bsx32\ASISSRE.bsx
C:\WINDOWS\bsx32\ASI5AFF.bsx
C:\WINDOWS\bsx32\SPZ4.bsx
C:\WINDOWS\bsx32\MYGEEK.bsx
C:\WINDOWS\bsx32\bspace.html
C:\WINDOWS\bsx32
C:\WINDOWS\bsx32.ini
HKCR\bookedspace.extension
HKCR\bookedspace.extension\CLSID
HKCR\bookedspace.extension\CurVer
HKCR\bookedspace.extension.5
HKCR\bookedspace.extension.5\CLSID
HKLM\software\bookedspace
HKLM\software\bookedspace\adware
HKLM\software\bookedspace\adware#Version
HKLM\software\bookedspace\adware#Referer
HKLM\software\bookedspace\adware#Unique
HKLM\software\bookedspace\adware#Stamp-Spawn
HKLM\software\bookedspace\adware#Stamp-Update
HKLM\software\bookedspace\adware#Count-Update
HKLM\software\bookedspace\adware#Delay-Update
HKLM\software\bookedspace\adware#Delay-MYGEEK
HKLM\software\bookedspace\adware#Delay-SPZ4
HKLM\software\bookedspace\adware#Delay-EECH1
HKLM\software\bookedspace\adware#Delay-ASI5AFF
HKLM\software\bookedspace\adware#Delay-ASISS3
HKLM\software\bookedspace\adware#Delay-ASI2
HKLM\software\bookedspace\adware#Campaigns
HKLM\software\bookedspace\adware#Receipt-ASI2
HKLM\software\bookedspace\adware#Data-ASI2
HKLM\software\bookedspace\adware#Receipt-EECH1
HKLM\software\bookedspace\adware#Data-EECH1
HKLM\software\bookedspace\adware#Receipt-ASISSRE
HKLM\software\bookedspace\adware#Data-ASISSRE
HKLM\software\bookedspace\adware#Receipt-ASI5AFF
HKLM\software\bookedspace\adware#Data-ASI5AFF
HKLM\software\bookedspace\adware#Receipt-VENTAA7
HKLM\software\bookedspace\adware#Receipt-MRR1
HKLM\software\bookedspace\adware#Receipt-SPZ4
HKLM\software\bookedspace\adware#Data-SPZ4
HKLM\software\bookedspace\adware#Stamp-SPZ4
HKLM\software\bookedspace\adware#Count-SPZ4
HKLM\software\bookedspace\adware#Override
HKLM\software\bookedspace\adware#Stamp-EECH1
HKLM\software\bookedspace\adware#Count-EECH1
HKLM\software\bookedspace\adware#Stamp-ASI2
HKLM\software\bookedspace\adware#Count-ASI2
HKLM\software\bookedspace\adware#Receipt-MYS1
HKLM\software\bookedspace\adware#Receipt-MYGEEK
HKLM\software\bookedspace\adware#Data-MYGEEK
HKCR\AppId\BookedSpace.DLL
HKCR\AppId\BookedSpace.DLL#AppID
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\0\win32
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\FLAGS
HKCR\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}\1.0\HELPDIR
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\ProxyStubClsid32
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib
HKCR\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib#Version
HKCR\AppId\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
C:\WINDOWS\XIQGHSAX.DLL
C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200721-770.DLL
C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200721-767.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076364.DLL

Adware.TargetSavers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA#UninstallString

Adware.Elite Media
HKLM\Software\elite
HKLM\Software\elite#check
C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\ICD1.TMP\ELITE.INF
C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\ICD1.TMP\ELITE.OCX

Adware.Director
HKU\S-1-5-21-343818398-1935655697-1343024091-1003\Software\Director

Adware.Media Access
HKCR\AppId\{735C5A0C-F79F-47A1-8CA1-2A2E482662A8}
HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}
HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid
HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\ProxyStubClsid32
HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib
HKCR\Interface\{00ADA225-EA6C-4FB3-82E8-68189201CCB9}\TypeLib#Version
HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}
HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0
HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0
HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\0\win32
HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\FLAGS
HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}\1.0\HELPDIR

Adware.ClickSpring/Yazzle
HKCR\YazzleSudokuGame
HKCR\YazzleSudokuGame\DefaultIcon
HKCR\YazzleSudokuGame\shell
HKCR\YazzleSudokuGame\shell\Open
HKCR\YazzleSudokuGame\shell\Open\command
HKLM\Software\Yazzle Sudoku

Trojan.Services32
C:\PROGRAM FILES\COMMON FILES\WINDOWS\SERVICES32.EXE

Unclassified.Unknown Origin/System
C:\PROGRAM FILES\COMMON FILES\WMWZ\WMWZD\WMWZC.DLL

Adware.eXact Advertising
C:\WINDOWS\SYSTEM32\EXDL.EXE
C:\WINDOWS\SYSTEM32\EXUL.EXE
C:\WINDOWS\SYSTEM32\JAVEXULM.VXD
C:\WINDOWS\SYSTEM32\NVMS.DLL
C:\WINDOWS\SYSTEM32\MQEXDLM.SRG
C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\A~NSISU_.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076355.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076356.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076358.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076359.EXE

Adware.Webext
C:\WINDOWS\SYSTEM32\FRAN-HOT.EXE

Adware.Spyware Labs
C:\WINDOWS\SYSTEM32\VB1.EXE

TargetSaver, Inc. Process
C:\WINDOWS\SYSTEM32\TSUNINST.EXE

Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT

Trojan.ErrorSafe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UERS_0001_N68M1801NETINSTALLER.EXE
C:\DOCUMENTS AND SETTINGS\LAUREN\LOCAL SETTINGS\TEMP\ICD2.TMP\UERS_0001_N68M1801NETINSTALLER.EXE

Trojan.Override
C:\WINDOWS\PMYVBOBW.EXE

Adware.IWinGames
C:\DOCUMENTS AND SETTINGS\LAUREN\DESKTOP\BACKUPS\BACKUP-20071113-200722-717.DLL
C:\_OTMOVEIT\MOVEDFILES\PROGRA~1\IWINGA~1\IWINGAMESHOOKIE.DLL

Adware.SearchClickAds
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F22137D4-D593-45F2-B28A-2E6B194C5E47}\RP489\A0076365.DLL

cybertech · Nov 14, 2007

Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun

Close all applications and browser windows before you click "fix checked".

Looks good. If you don't have any problems you should do a few things to your machine now.

It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Log in or Sign up

help remove mirarsearch!

daisymahem Thread Starter

daisymahem Thread Starter

cybertech Retired Moderator

daisymahem Thread Starter

cybertech Retired Moderator

daisymahem Thread Starter

cybertech Retired Moderator

Sponsor

Welcome to Tech Support Guy!

In Progress i need help really bad..

In Progress StartupCheckLibrary.dll &winscomrssrv.dll Missing, help!

New Slow laptop need help

New Laptop plagued by browser hijacker....help!

New Help Please

Log in or Sign up

help remove mirarsearch!

daisymahem Thread Starter

daisymahem Thread Starter

cybertech Retired Moderator

daisymahem Thread Starter

cybertech Retired Moderator

daisymahem Thread Starter

cybertech Retired Moderator

Sponsor

Welcome to Tech Support Guy!

In Progress i need help really bad..

In Progress StartupCheckLibrary.dll &winscomrssrv.dll Missing, help!

New Slow laptop need help

New Laptop plagued by browser hijacker....help!

New Help Please

Useful Searches