Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

BearCare Malware Attach

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

BearCare Malware Attach

Unread postby CeeC » May 13th, 2011, 9:36 am

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by carol at 9:10:25.50 on Fri 05/13/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.411 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro PC-cillin Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: avast! Internet Security *Enabled*
FW: Trend Micro PC-cillin Internet Security (Firewall) *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LG Electronics\LGE LTE Driver\vmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\PC Tools Security\pctsGui.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\carol\My Documents\Downloads\HijackThis.exe
C:\Documents and Settings\carol\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
uURLSearchHooks: H - No File
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: PeoplePC Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\peoplepc, inc\toolbar\Toolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MobiLink 3] c:\program files\novatel wireless\mobilink3\MobiLink3.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [IRIS_S2P] "c:\program files\samsung\samsung clx-3160 series\spanel\psu\Scan2pc.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: PeoplePC Google Search - c:\program files\peoplepc, inc\toolbar\SearchUI.dll/search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 4494075296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
TCP: {4F372E77-52B1-4EAA-B3EE-298091DC8A48} = 66.174.95.44 69.78.96.14
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carol\applic~1\mozilla\firefox\profiles\zmz0qmib.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-4-9 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-4-9 192728]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-25 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-12-25 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-12-25 656320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-4-9 101976]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-9 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-10-18 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-18 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-16 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-4-9 121000]
R2 LGE NDIS Connection Service;LGE NDIS Connection Service;c:\program files\lg electronics\lge lte driver\vmsvc.exe [2010-10-11 238008]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-2-17 87176]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-12-25 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-12-25 1150936]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-11-10 174720]
S2 gupdate1c98881bde07843;Google Update Service (gupdate1c98881bde07843);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\tmntsrv.exe --> c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [?]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\tmpfw.exe --> c:\progra~1\trendm~1\intern~1\TmPfw.exe [?]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe --> c:\progra~1\trendm~1\intern~1\tmproxy.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\LGELTEBus.sys [2011-1-4 33408]
S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\LGELTEmdm.sys [2011-1-4 101888]
S3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\LGELTEMux.sys [2011-1-4 38144]
S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\LGELTENdis.sys [2011-1-4 49408]
S3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\LGELTEprt.sys [2011-1-4 102784]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-4-7 34064]
.
=============== Created Last 30 ================
.
2011-05-13 10:46:37 -------- d--h--w- c:\docume~1\alluse~1\applic~1\~0
2011-05-11 17:11:46 -------- d-----w- c:\docume~1\carol\applic~1\mediabarbs
2011-05-11 17:11:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\1B3A9
2011-05-11 17:10:44 -------- d-----w- c:\docume~1\carol\locals~1\applic~1\BearShare
2011-05-11 15:28:18 -------- d-----w- c:\program files\BearShare Applications
2011-05-11 15:23:36 -------- d-----w- c:\docume~1\carol\locals~1\applic~1\PackageAware
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2008-02-12 02:10:30 151552 ----a-w- c:\program files\SetAlti.exe
2008-02-12 02:10:28 172032 ----a-w- c:\program files\SecSNMP.dll
2007-11-09 03:59:00 3207168 ----a-w- c:\program files\Ssres.dll
2007-11-09 03:56:24 57000 ----a-w- c:\program files\Autorun.exe
2000-08-08 18:37:52 36864 ----a-w- c:\program files\BILLMIND.EXE
2000-05-31 19:20:34 57856 ----a-w- c:\program files\mrtProc.dll
2000-05-31 19:20:34 104448 ----a-w- c:\program files\mrbUpd.dll
.
============= FINISH: 9:16:29.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/3/2008 9:39:16 PM
System Uptime: 5/13/2011 6:59:56 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 9.472 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 1.837 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP724: 4/10/2011 6:52:49 PM - System Checkpoint
RP725: 4/11/2011 10:36:34 PM - System Checkpoint
RP726: 4/13/2011 4:54:29 PM - System Checkpoint
RP727: 4/15/2011 9:47:39 AM - System Checkpoint
RP728: 4/15/2011 9:56:12 PM - Software Distribution Service 3.0
RP729: 4/16/2011 10:16:39 PM - System Checkpoint
RP730: 4/17/2011 6:04:35 PM - Spyware Doctor: Cleaning Threats
RP731: 4/17/2011 11:14:54 PM - Software Distribution Service 3.0
RP732: 4/19/2011 12:02:19 AM - System Checkpoint
RP733: 4/20/2011 11:14:27 AM - System Checkpoint
RP734: 4/21/2011 11:58:36 AM - System Checkpoint
RP735: 4/22/2011 1:36:28 PM - System Checkpoint
RP736: 4/23/2011 2:03:58 AM - Spyware Doctor: Cleaning Threats
RP737: 4/24/2011 10:19:50 AM - System Checkpoint
RP738: 4/25/2011 11:15:23 AM - System Checkpoint
RP739: 4/27/2011 5:08:04 PM - System Checkpoint
RP740: 4/28/2011 3:00:23 AM - Software Distribution Service 3.0
RP741: 4/29/2011 8:40:53 AM - System Checkpoint
RP742: 4/29/2011 10:59:20 PM - Spyware Doctor: Cleaning Threats
RP743: 4/30/2011 11:31:42 PM - System Checkpoint
RP744: 5/2/2011 9:21:56 AM - System Checkpoint
RP745: 5/3/2011 9:53:16 AM - System Checkpoint
RP746: 5/4/2011 9:56:39 AM - System Checkpoint
RP747: 5/5/2011 10:16:42 AM - System Checkpoint
RP748: 5/6/2011 11:35:27 AM - System Checkpoint
RP749: 5/7/2011 4:00:41 PM - System Checkpoint
RP750: 5/7/2011 10:57:38 PM - Software Distribution Service 3.0
RP751: 5/9/2011 10:31:19 AM - System Checkpoint
RP752: 5/10/2011 11:14:11 AM - System Checkpoint
RP753: 5/11/2011 2:52:15 PM - System Checkpoint
RP754: 5/12/2011 3:01:09 AM - Software Distribution Service 3.0
RP755: 5/13/2011 6:44:29 AM - Restore Operation
RP756: 5/13/2011 6:48:57 AM - Restore Operation
RP757: 5/13/2011 6:53:17 AM - Restore Operation
RP758: 5/13/2011 6:58:02 AM - Restore Operation
RP759: 5/13/2011 7:01:40 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
AOLIcon
Apple Software Update
Ask Toolbar
avast! Internet Security
Business Plan Forms
Call Alert! 1.0
CCleaner (remove only)
CCScore
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Data Access Objects (DAO) 3.5
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
Doxillion Document Converter
E.M. Free Youtube Download Tool 3.06
EarthLink setup files
EducateU
ELIcon
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
FileZilla Client 3.3.1
Free PDF to Word Doc Converter v1.1
Free PS Convert driver 8.15
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
GIMP 2.6.11
Google Chrome
Google Earth
Google Gears
Google Update Helper
Google Updater
Granola
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallVC90Support
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Service Offers Launcher
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
kgcbase
kgcinvt
kgcmove
kgcvday
Kodak EasyShare software
Learn2 Player (Uninstall Only)
LGE LTE Driver Package
LiveUpdate 2.6 (Symantec Corporation)
MediaBar
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft FrontPage 2000
Microsoft Image Composer 1.5
Microsoft Office 97, Professional Edition
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Broadband Generic Drivers
MobiLink 3
Modem Helper
Mozilla Firefox 4.0.1 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
netbrdg
NetWaiting
NetZeroInstallers
OfotoXMI
Otto
Picasa 3
Quicken 2001 Deluxe
QuickTime
Readiris Pro 10
RealPlayer Basic
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Samsung CLX-3160 Series
Seating Arrangement for Weddings
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
Sibelius Scorch (Firefox, Opera, Netscape only)
skin0001
SKINXSDK
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spyware Doctor with AntiVirus 8.0
staticcr
Support 2009 Washington
tooltips
Trend Micro PC-cillin Internet Security 12
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
WebPage Designer GOLD+
WildTangent Web Driver
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPatrol 2008
WIRELESS
Word to PDF Converter 3.0
.
==== Event Viewer Messages From Past Week ========
.
5/6/2011 8:20:27 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Real-time Service service failed to start due to the following error: The system cannot find the path specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The system cannot find the path specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Personal Firewall service failed to start due to the following error: The system cannot find the path specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Central Control Component service failed to start due to the following error: The system cannot find the path specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
BearCare hijacked my browser.

I removed the program.

I tried system restore five times at different points. System Restore is unable to restore my system.

I downloaded HijackThis and ran the scan. Removed an RO file that looked like it was not needed.

Browser still was not restored.

Who knows what else this malware has done to my computer.

Thank you very much for your help.
CC
CeeC
Active Member
 
Posts: 1
Joined: May 13th, 2011, 9:07 am
Top
Advertisement
Register to Remove

Re: BearCare Malware Attach

Unread postby Gary R » May 15th, 2011, 1:50 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Top

Re: BearCare Malware Attach

Unread postby Gary R » May 15th, 2011, 2:21 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi CeeC

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, there's a few things on your computer need attention ....

First

Please go to Control Panel > Add/Remove Programs and Uninstall the following:


Ask Toolbar
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Trend Micro PC-cillin Internet Security 12


You have 2 security suites installed on your computer ... avast! Internet Security ... and ... Trend Micro PC-cillin Internet Security 12 ... this is a recipe for disaster. you must never have more than 1 of this type of program on your computer, otherwise they will conflict and cause all sorts of problems for you. Since the Trend Micro installation is faulting, I recommend you uninstall that one.

5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Real-time Service service failed to start due to the following error: The system cannot find the path specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The system cannot find the path specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Personal Firewall service failed to start due to the following error: The system cannot find the path specified.
5/6/2011 8:20:03 AM, error: Service Control Manager [7000] - The Trend Micro Central Control Component service failed to start due to the following error: The system cannot find the path


Ask Toolbar is a piece of foistware that comes as a "cash cow" with any number of free programs, it serves no purpose and reports on your browsing habits, you can safely uninstall it.

Old versions of Java can be exploited, we will replace them with the latest version of Java later on, but for the moment I'd like to leave that till later.

Once you've uninstalled the items listed, REBOOT YOUR COMPUTER

Next

To remove the other things I intend to use a tool called OTL, but first I need you to run an OTL scan for me.

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

QUESTION:You have entries from peoplepc, inc on your computer. Is this your Internet Service Provider (ISP) and if not, did you install these items ?

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • Answer to the question I asked.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Top

Re: BearCare Malware Attach

Unread postby Gary R » May 18th, 2011, 1:20 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index