Thread Closed 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
I cannot remove BearShare (SOLVED)
06-02-2011, 05:18 PM
Post: #1
I cannot remove BearShare (SOLVED)
Hi guys I really hope you can help me. I am trying to remove BearShare, my husband downloaded it without actually knowing what it does.

I have used the uninstall tool to remove the programme but having looked at msconfig the following still appears in the startup:

C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE

I have run DDS and logs are below:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Marbellys at 15:06:59.46 on 06/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3711.2586 [GMT 0:00]

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\hpzipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marbellys\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearch Bar = hxxp://www.live.com/?searchonly=true&mkt=en-gb
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Norton Safety Minder: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files\norton online\addons\norton safety minder\engine\2.1.0.37\coIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sonic RecordNow!]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\orderreminder\OrderReminder.exe
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Search - http://edits.mywebsearch.com/toolbaredit...xdm021LDGB
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?15e39d6ae3ab44f58b6819bda2d53b61
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?15e39d6ae3ab44f58b6819bda2d53b61
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: barclays.co.uk\ibank
Trusted Zone: gov.uk\www.taxcredits.inlandrevenue
Trusted Zone: westlaw.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://bayneazcaratefamily.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-21 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-19 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-21 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-21 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-21 126392]
R2 NOF;Norton Online;c:\program files\norton online\engine\2.1.0.21\ccSvcHst.exe [2010-12-28 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-19 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20110204.001\IDSXpx86.sys [2011-2-6 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110205.002\NAVENG.SYS [2011-2-6 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20110205.002\NAVEX15.SYS [2011-2-6 1360760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-18 136176]
S2 HPPECP00;HPPECP00; [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0201000.025\symrdr.sys [2010-12-28 181296]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\U2KG54.SYS [2005-10-17 245376]

=============== Created Last 30 ================

2011-01-21 19:47:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\22251
2011-01-21 19:45:58 -------- d-----w- c:\program files\BearShare Applications

==================== Find3M ====================

2011-02-06 14:38:16 1409 ----a-w- c:\windows\QTFont.for
2010-12-28 20:46:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 16:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 15:08:55.54 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 26/03/2004 18:00:14
System Uptime: 06/02/2011 14:32:04 (1 hours ago)

Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 84.262 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891043&REV_01\4&1C660DD6&0&08F0
Manufacturer: Conexant
Name: Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891043&REV_01\4&1C660DD6&0&08F0
Service: Modem

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01741028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01741028&REV_02\4&1C660DD6&0&40F0
Service: E100B

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Unsupported Device
Device ID: ROOT\LEGACY_HPPECP00\0000
Manufacturer: Unknown
Name: Unsupported Device
PNP Device ID: ROOT\LEGACY_HPPECP00\0000
Service:

==== System Restore Points ===================

RP1073: 06/11/2010 21:50:44 - System Checkpoint
RP1074: 07/11/2010 21:54:02 - System Checkpoint
RP1075: 09/11/2010 16:53:36 - System Checkpoint
RP1076: 10/11/2010 18:06:58 - System Checkpoint
RP1077: 10/11/2010 23:02:03 - Software Distribution Service 3.0
RP1078: 12/11/2010 07:48:21 - System Checkpoint
RP1079: 13/11/2010 10:04:48 - System Checkpoint
RP1080: 14/11/2010 10:21:26 - System Checkpoint
RP1081: 15/11/2010 16:31:55 - System Checkpoint
RP1082: 16/11/2010 17:21:19 - System Checkpoint
RP1083: 17/11/2010 19:59:40 - System Checkpoint
RP1084: 18/11/2010 20:45:57 - System Checkpoint
RP1085: 19/11/2010 21:08:00 - System Checkpoint
RP1086: 20/11/2010 21:29:54 - System Checkpoint
RP1087: 21/11/2010 22:01:43 - System Checkpoint
RP1088: 23/11/2010 18:03:09 - System Checkpoint
RP1089: 24/11/2010 18:08:41 - System Checkpoint
RP1090: 25/11/2010 18:16:32 - System Checkpoint
RP1091: 26/11/2010 18:40:31 - System Checkpoint
RP1092: 27/11/2010 19:19:36 - System Checkpoint
RP1093: 28/11/2010 20:36:03 - System Checkpoint
RP1094: 29/11/2010 21:14:57 - System Checkpoint
RP1095: 30/11/2010 22:11:42 - System Checkpoint
RP1096: 02/12/2010 09:38:25 - System Checkpoint
RP1097: 03/12/2010 10:21:12 - System Checkpoint
RP1098: 04/12/2010 14:52:36 - System Checkpoint
RP1099: 05/12/2010 20:02:48 - System Checkpoint
RP1100: 06/12/2010 20:52:10 - System Checkpoint
RP1101: 07/12/2010 21:46:22 - System Checkpoint
RP1102: 08/12/2010 21:51:56 - System Checkpoint
RP1103: 09/12/2010 22:34:54 - System Checkpoint
RP1104: 10/12/2010 22:48:52 - System Checkpoint
RP1105: 11/12/2010 23:38:24 - System Checkpoint
RP1106: 13/12/2010 00:30:35 - System Checkpoint
RP1107: 14/12/2010 17:39:40 - System Checkpoint
RP1108: 15/12/2010 17:55:31 - System Checkpoint
RP1109: 15/12/2010 22:46:48 - Software Distribution Service 3.0
RP1110: 17/12/2010 08:33:27 - System Checkpoint
RP1111: 18/12/2010 11:21:28 - System Checkpoint
RP1112: 19/12/2010 11:32:43 - System Checkpoint
RP1113: 21/12/2010 18:28:31 - System Checkpoint
RP1114: 22/12/2010 18:44:11 - System Checkpoint
RP1115: 23/12/2010 19:15:27 - System Checkpoint
RP1116: 25/12/2010 10:27:22 - System Checkpoint
RP1117: 27/12/2010 12:28:31 - System Checkpoint
RP1118: 28/12/2010 12:57:10 - System Checkpoint
RP1119: 28/12/2010 19:02:32 - Installed Microsoft Office Professional 2010
RP1120: 28/12/2010 19:20:07 - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP1121: 28/12/2010 20:28:31 - Software Distribution Service 3.0
RP1122: 29/12/2010 20:38:34 - System Checkpoint
RP1123: 31/12/2010 11:17:00 - System Checkpoint
RP1124: 31/12/2010 16:33:30 - Installed Java™ 6 Update 23
RP1125: 01/01/2011 17:05:15 - System Checkpoint
RP1126: 02/01/2011 17:43:29 - System Checkpoint
RP1127: 03/01/2011 19:33:43 - System Checkpoint
RP1128: 04/01/2011 20:23:15 - System Checkpoint
RP1129: 05/01/2011 20:35:26 - System Checkpoint
RP1130: 06/01/2011 20:43:52 - System Checkpoint
RP1131: 07/01/2011 22:35:16 - System Checkpoint
RP1132: 09/01/2011 18:51:32 - System Checkpoint
RP1133: 10/01/2011 18:53:45 - System Checkpoint
RP1134: 11/01/2011 19:45:30 - System Checkpoint
RP1135: 12/01/2011 19:39:17 - Software Distribution Service 3.0
RP1136: 13/01/2011 20:27:23 - System Checkpoint
RP1137: 14/01/2011 21:16:28 - System Checkpoint
RP1138: 15/01/2011 21:32:54 - System Checkpoint
RP1139: 16/01/2011 21:38:47 - System Checkpoint
RP1140: 18/01/2011 18:35:13 - System Checkpoint
RP1141: 19/01/2011 18:38:51 - System Checkpoint
RP1142: 20/01/2011 19:02:19 - System Checkpoint
RP1143: 21/01/2011 20:30:17 - System Checkpoint
RP1144: 22/01/2011 16:12:29 - Removed Ask Toolbar.
RP1145: 23/01/2011 16:46:28 - System Checkpoint
RP1146: 25/01/2011 20:41:42 - System Checkpoint
RP1147: 26/01/2011 21:39:48 - System Checkpoint
RP1148: 29/01/2011 11:24:27 - System Checkpoint
RP1149: 31/01/2011 16:28:07 - System Checkpoint
RP1150: 02/02/2011 20:50:58 - System Checkpoint
RP1151: 04/02/2011 18:36:10 - System Checkpoint
RP1152: 06/02/2011 14:25:48 - Removed CrazyTalk for Skype Plug-in

==== Installed Programs ======================


Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
CDDRV_Installer
Children's Encyclopedia
Classic PhoneTools
Conexant SmartHSFi V.9x 56K Speakerphone PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Definition update for Microsoft Office 2010 (KB982726)
Dell Media Experience
Dell Solution Center
DVDSentry
ETerminal
GearDrvs
Google Chrome
Google Earth
Google Update Helper
Great Migrations
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet-all-in-one
HP Update
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Q903235
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 23
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
LaserAIO
Logitech QuickCam Software
Logitech Registration
Logitech SetPoint
Logitech® Camera Driver
Macromedia Shockwave Player
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Helper
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Norton 360
Norton Online
Norton Safety Minder
NVIDIA Windows 2000/XP Display Drivers
PowerDVD
QFolder
QuickTime
Readiris Pro 9
RealPlayer
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Tabbed Browsing (Windows Live Toolbar)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows Support Tools
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

02/02/2011 16:36:01, error: DCOM [10009] - DCOM was unable to communicate with the computer MARBELLYS using any of the configured protocols.

==== End Of File ===========================
Find all posts by this user
07-02-2011, 04:20 PM
Post: #2
I cannot remove BearShare (SOLVED)
Hi And Welcome to Techmonkeys.co.uk!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Next


  1. Download ComboFix from below:

    Combofix download


    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [Image: cfRC_screen_1.png]


    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.

    [Image: cfRC_screen_2.png]

    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Unanswered threads for 4 days will no longer be Helped

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
08-02-2011, 10:49 PM
Post: #3
I cannot remove BearShare (SOLVED)
RE: I cannot remove BearShare
Hi many thanks for your help... i have followed all the steps and below is the log from ComboFix
ComboFix 11-02-08.02 - Marbellys 08/02/2011 20:04:31.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3711.2872 [GMT 0:00]
Running from: c:\documents and settings\Marbellys\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michael\My Documents\Readiris.DUS
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system32\service

.
((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-02-08 17:12 . 2011-02-08 17:12 -------- d-----w- c:\documents and settings\Marbellys\Application Data\Motive
2011-02-08 17:01 . 2011-02-08 17:01 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Motive
2011-02-08 16:57 . 2011-02-08 16:57 -------- d-----w- c:\documents and settings\Michael\Application Data\Motive
2011-02-08 16:55 . 2011-02-08 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2011-02-08 16:55 . 2011-02-08 16:55 -------- d-----w- c:\program files\Common Files\Motive
2011-02-08 16:54 . 2011-02-08 16:54 -------- d-----w- c:\program files\BT Broadband Desktop Help
2011-02-06 19:47 . 2011-02-06 19:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-02-06 15:47 . 2011-02-06 15:47 -------- d-----w- c:\documents and settings\Marbellys\Local Settings\Application Data\Google
2011-01-31 17:46 . 2011-01-31 17:47 -------- d-----w- c:\documents and settings\Andrea\Application Data\bearsharemediabartb
2011-01-26 17:12 . 2011-01-26 17:13 -------- d-----w- c:\documents and settings\Baby\Application Data\bearsharemediabartb
2011-01-26 16:36 . 2011-01-26 16:36 -------- d-----w- c:\documents and settings\Luca\Local Settings\Application Data\Google
2011-01-21 19:47 . 2011-01-21 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\22251
2011-01-21 19:47 . 2011-01-22 20:57 -------- d-----w- c:\documents and settings\Michael\Application Data\bearsharemediabartb
2011-01-21 19:47 . 2011-01-21 19:47 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\BearShare
2011-01-21 19:45 . 2011-02-06 14:29 -------- d-----w- c:\program files\BearShare Applications
2011-01-21 19:41 . 2011-01-21 19:41 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\PackageAware
2011-01-19 18:22 . 2011-01-19 18:22 -------- d-----w- c:\documents and settings\Baby\Local Settings\Application Data\Google
2011-01-19 17:00 . 2011-01-19 17:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-18 20:43 . 2011-02-08 18:47 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Temp
2011-01-18 20:42 . 2011-01-18 20:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-01-18 20:42 . 2011-01-19 22:52 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Google
2011-01-18 20:42 . 2011-01-18 20:48 -------- d-----w- c:\program files\Google
2011-01-12 19:27 . 2011-01-12 19:38 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\AskToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 20:11 . 2010-03-28 18:08 1409 ----a-w- c:\windows\QTFont.for
2010-12-28 20:46 . 2010-09-18 12:51 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-28 20:46 . 2010-09-18 12:51 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-18 18:12 . 2008-09-20 14:16 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:53 . 2010-08-01 12:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 16:34 . 2007-05-03 08:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-15 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-1 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecu​​teHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGrou​​p]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorize​​dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [21/09/2010 21:41 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [21/09/2010 21:41 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [19/01/2011 17:20 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [21/09/2010 21:41 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [21/09/2010 21:41 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [21/09/2010 21:41 126392]
R2 NOF;Norton Online;c:\program files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe [28/12/2010 20:45 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [19/09/2010 15:58 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110207.001\IDSXpx86.sys [08/02/2011 13:45 341944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/01/2011 20:42 136176]
S2 HPPECP00;HPPECP00; [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\SYSTEM32\DRIVERS\NSM\0201000.025\symrdr.sys [28/12/2010 20:46 181296]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\SYSTEM32\DRIVERS\U2KG54.SYS [17/10/2005 10:50 245376]
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 20:42]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 20:42]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?15e39d6ae3ab44f58b6819bda2d53b61
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?15e39d6ae3ab44f58b6819bda2d53b61
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: barclays.co.uk\ibank
Trusted Zone: gov.uk\www.taxcredits.inlandrevenue
Trusted Zone: westlaw.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-OrderReminder - c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
AddRemove-Children's Encyclopedia - c:\windows\uninst.exe -rDK Multimedia\Children's Encyclopedia\1.0.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOF]
"ImagePath"="\"c:\program files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files\Norton Online\Engine\2.1.0.21\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-985285517-1698950164-637119873-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(6368)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\hpzipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-02-08 20:28:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-08 20:28

Pre-Run: 89,737,412,608 bytes free
Post-Run: 90,451,369,984 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 97F348FC266A61BF8D94B0D5EBDDF58C
Find all posts by this user
08-02-2011, 11:05 PM
Post: #4
I cannot remove BearShare (SOLVED)
Run CFScript
  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:
Code:
KILLALL::
Folder::
c:\documents and settings\Baby\Application Data\bearsharemediabartb
c:\documents and settings\Andrea\Application Data\bearsharemediabartb
c:\documents and settings\Michael\Application Data\bearsharemediabartb
c:\documents and settings\Michael\Local Settings\Application Data\BearShare
c:\program files\BearShare Applications
c:\documents and settings\Michael\Local Settings\Application Data\Temp

Save the file to your desktop and name it CFScript.txt


Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




[Image: CFScriptB-4.gif]


This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Unanswered threads for 4 days will no longer be Helped

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
14-02-2011, 11:15 PM
Post: #5
Wink I cannot remove BearShare (SOLVED)
Thank you for your last post. Please see below Combofix log:


ComboFix 11-02-13.04 - Marbellys 14/02/2011 20:21:56.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3711.2976 [GMT 0:00]
Running from: c:\documents and settings\Marbellys\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marbellys\Desktop\CFScript.tx.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Andrea\Application Data\bearsharemediabartb
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\dtx.ini
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\games\GameTypes.xml
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\guid.dat
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\preferences.dat
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\stats.dat
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\uninstallIE.dat
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\widgets_cache\category_cache.xml
c:\documents and settings\Andrea\Application Data\bearsharemediabartb\widgets_cache\widget_cache.xml
c:\documents and settings\Baby\Application Data\bearsharemediabartb
c:\documents and settings\Baby\Application Data\bearsharemediabartb\dtx.ini
c:\documents and settings\Baby\Application Data\bearsharemediabartb\preferences.dat
c:\documents and settings\Marbellys\Local Settings\Temporary Internet Files\mcc16.tmp
c:\documents and settings\Michael\Application Data\bearsharemediabartb
c:\documents and settings\Michael\Application Data\bearsharemediabartb\dtx.ini
c:\documents and settings\Michael\Application Data\bearsharemediabartb\games\GameTypes.xml
c:\documents and settings\Michael\Application Data\bearsharemediabartb\guid.dat
c:\documents and settings\Michael\Application Data\bearsharemediabartb\preferences.dat
c:\documents and settings\Michael\Application Data\bearsharemediabartb\stats.dat
c:\documents and settings\Michael\Application Data\bearsharemediabartb\uninstallIE.dat
c:\documents and settings\Michael\Application Data\bearsharemediabartb\version.xml
c:\documents and settings\Michael\Application Data\bearsharemediabartb\widgets_cache\9f9d921adaa38d5368da64c4eca671a7
c:\documents and settings\Michael\Application Data\bearsharemediabartb\widgets_cache\c2aa2d5455a96425c82f2c63f7bc461e
c:\documents and settings\Michael\Application Data\bearsharemediabartb\widgets_cache\category_cache.xml
c:\documents and settings\Michael\Application Data\bearsharemediabartb\widgets_cache\widget_cache.xml
c:\documents and settings\Michael\Local Settings\Application Data\BearShare
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Creatives.xml
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\10.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1040.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1043.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1044.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1050.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1054.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1055.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1057.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1058.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1060.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1062.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1063.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\1070.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\11.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\12.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\13.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\14.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\15.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\16.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\17.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\18.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\19.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\2.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\20.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\21.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\22.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\23.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\24.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\25.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\26.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\27.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\28.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\29.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\3.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\30.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\31.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\32.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\33.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\34.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\35.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\36.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\37.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\38.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\4.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\5.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\6.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\7.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\8.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\CreativesFiles\9.gif
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\BitTorrent.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\Cddb.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\ContentDirs.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\ContentFile.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\DownloadFile.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\PartsHashes.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\Playlists.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BackUp\VirtualFile.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\BitTorrent.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\Cddb.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\ContentDirs.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\ContentFile.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\DownloadFile.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\PartsHashes.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\Playlists.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Data\VirtualFile.db
c:\documents and settings\Michael\Local Settings\Application Data\BearShare\Player.swf
c:\documents and settings\Michael\Local Settings\Application Data\Temp
c:\program files\BearShare Applications

.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-14 20:37 . 2011-02-14 20:37 1409 ----a-w- c:\windows\QTFont.for
2011-02-11 18:32 . 2011-02-11 18:32 -------- d-----w- c:\documents and settings\Baby\Application Data\Motive
2011-02-11 18:20 . 2011-02-11 18:20 -------- d-----w- c:\documents and settings\Luca\Application Data\Motive
2011-02-10 17:17 . 2011-02-10 17:18 -------- d-----w- C:\eed6a10827e2c061deed54e9294e3a
2011-02-08 17:12 . 2011-02-08 17:12 -------- d-----w- c:\documents and settings\Marbellys\Application Data\Motive
2011-02-08 17:01 . 2011-02-08 17:01 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Motive
2011-02-08 16:57 . 2011-02-08 16:57 -------- d-----w- c:\documents and settings\Michael\Application Data\Motive
2011-02-08 16:55 . 2011-02-08 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2011-02-08 16:55 . 2011-02-08 16:55 -------- d-----w- c:\program files\Common Files\Motive
2011-02-08 16:54 . 2011-02-08 16:54 -------- d-----w- c:\program files\BT Broadband Desktop Help
2011-02-06 19:47 . 2011-02-13 12:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-02-06 15:47 . 2011-02-06 15:47 -------- d-----w- c:\documents and settings\Marbellys\Local Settings\Application Data\Google
2011-01-26 16:36 . 2011-01-26 16:36 -------- d-----w- c:\documents and settings\Luca\Local Settings\Application Data\Google
2011-01-21 19:47 . 2011-01-21 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\22251
2011-01-21 19:41 . 2011-01-21 19:41 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\PackageAware
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-19 18:22 . 2011-01-19 18:22 -------- d-----w- c:\documents and settings\Baby\Local Settings\Application Data\Google
2011-01-19 17:00 . 2011-01-19 17:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-01-18 20:42 . 2011-01-18 20:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-01-18 20:42 . 2011-01-19 22:52 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Google
2011-01-18 20:42 . 2011-01-18 20:48 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2008-09-20 14:15 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-09-20 14:16 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-09-20 14:15 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 20:46 . 2010-09-18 12:51 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-28 20:46 . 2010-09-18 12:51 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-22 12:34 . 2008-09-20 14:16 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2005-06-17 22:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2002-08-29 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2002-08-29 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2008-09-20 14:15 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2008-09-20 14:17 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-09-20 14:15 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-09-20 14:15 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2008-09-20 14:15 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-09-20 14:15 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-09-20 14:16 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-09-15 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-1 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecu​teHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGrou​p]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorize​dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symds.sys [21/09/2010 21:41 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\symefa.sys [21/09/2010 21:41 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110114.001\BHDrvx86.sys [19/01/2011 17:20 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\cchpx86.sys [21/09/2010 21:41 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0403000.005\ironx86.sys [21/09/2010 21:41 116784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [19/09/2010 15:58 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110211.002\IDSXpx86.sys [13/02/2011 12:29 341944]
S2 HPPECP00;HPPECP00; [x]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\SYSTEM32\DRIVERS\NSM\0201000.025\symrdr.sys [28/12/2010 20:46 181296]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\SYSTEM32\DRIVERS\U2KG54.SYS [17/10/2005 10:50 245376]
.
Contents of the 'Scheduled Tasks' folder

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 20:42]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 20:42]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?15e39d6ae3ab44f58b6819bda2d53b61
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?15e39d6ae3ab44f58b6819bda2d53b61
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: barclays.co.uk\ibank
Trusted Zone: gov.uk\www.taxcredits.inlandrevenue
Trusted Zone: westlaw.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOF]
"ImagePath"="\"c:\program files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files\Norton Online\Engine\2.1.0.21\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-985285517-1698950164-637119873-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(4900)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
c:\program files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\hpzipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
c:\program files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\program files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-02-14 20:49:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-14 20:49
ComboFix2.txt 2011-02-08 20:28

Pre-Run: 90,088,177,664 bytes free
Post-Run: 90,087,157,760 bytes free

- - End Of File - - 1FAB1E4D740FCA09DFA224539AF873DC
Find all posts by this user
15-02-2011, 02:51 PM
Post: #6
I cannot remove BearShare (SOLVED)
[Image: bf_new.gif] Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Unanswered threads for 4 days will no longer be Helped

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
02-03-2011, 08:20 PM
Post: #7
I cannot remove BearShare (SOLVED)
Hi there, sorry for the delay in responding to the post. i have done as you said and the log is below:



Malwarebytes' Anti-Malware 1.50 Public Beta
http://www.malwarebytes.org

Database version: 5935

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/03/2011 18:15:44
mbam-log-2011-03-02 (18-15-44).txt

Scan type: Quick scan
Objects scanned: 206523
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)
Find all posts by this user
02-03-2011, 09:00 PM
Post: #8
I cannot remove BearShare (SOLVED)
How is your PC doing?

Unanswered threads for 4 days will no longer be Helped

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
11-03-2011, 07:27 PM
Post: #9
I cannot remove BearShare (SOLVED)
Hi thanks for all your very helpful advice... the pc seems to be running ok
Find all posts by this user
11-03-2011, 07:39 PM
Post: #10
I cannot remove BearShare (SOLVED)
Your Computer is Clean
[Image: mr-clean.gif]


Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    [Image: CF_Uninstall-1.jpg]
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial for Spywareblaster can be found [url="http://www.bleepingcomputer.com/tutorials/tutorial49.html"]here[/url].

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Secunia software inspector & update checker

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer.

Visit My Blog for Malware and Spyware Tips


[Image: 6567E80CC55576485246E130E48A9FA8.png]

Unanswered threads for 4 days will no longer be Helped

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Thread Closed 


Forum Jump: