Mirer Related Page Tool Bar

[tyoung]

Has anybody ever heard of this?

I can find no way to get rid of it. Searched system with Spybot and Ad Aware and didn't find.
Searched Registry with no results.
Google search shows nothing.

Any ideas?

Thanks in advance,

[Pancake]

Run "HijackThis" You will see it hiding in the files.

[tyoung]

Where can "HijackThis" be downloaded?

Broken links on google search.

[tyoung]

Ok finally found it and downloaded.
Can somebody read this log and tell me what I am missing, I deleted all mention of Mirar but still shows up.


StartupList report, 3/4/2004, 10:22:49 AM
StartupList version: 1.52
Started from : C:\DOCUME~1\Todd\LOCALS~1\Temp\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ctsvccda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\TrayIcon.exe
F:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Save\Save.exe
C:\Program Files\DS Clock\dsclock.exe
C:\Temp Install\StatBar.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Todd\LOCALS~1\Temp\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Todd\Start Menu\Programs\Startup]
PowerReg Scheduler V3.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
Microsoft Office.lnk = F:\Office10\Office10\OSA.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DisplayTrayIcon = C:\WINDOWS\System32\TrayIcon.exe
nwiz = nwiz.exe /install
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
UpdReg = C:\WINDOWS\UpdReg.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DS Clock = "C:\Program Files\DS Clock\dsclock.exe"
StatBar = C:\Temp Install\StatBar.exe
STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\TEMPIN~1\Fish.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\System32\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\WINDOWS\System32\WinNB41.dll - {B90D7271-CFA5-44DE-89FB-C999ED83A4AB}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Scheduled Checkpoint.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[Web P2P Installer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeup...ntent/opuc.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe

[InstallFromTheWeb ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\iftw.dll
CODEBASE = http://tw.msi.com.tw/autobios/client/iftwclix.cab

[Info Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Si.dll
CODEBASE = http://www.blizzard.com/support/includes/cabs/si.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.co...924.3476736111

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,767 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[tyoung]

Ok figured out how to get rid of it.
After going into my registry and finding nothing, I resorted to my last choice before reformatting. I began renaming all .dll files until I found one that change my browser with success after about 2 1/2 hours.

In Windows XP go into your windows file, then system 32.
In this folder you will find a file named one of the following:
WinNB40.dll or WinNB41.dll rename these files to .txt and the tool bar is gone.

Good luck to anybody who gets this toolbar.

[glc]

You have some more work to do - there's more spyware on there from reading your log. Update and run Spybot and Ad-Aware.