Jump to content

Removing Bearshare


WGB
 Share

Recommended Posts

I've been trying to remove Bearshare and it seems there are pieces still hanging around.

IE seems OK (I can set homepage) but Firefox won't take the update to a new homepage.

If you notice anything else that should be cleaned up please let me know. My kids and my wife tend to click on links without regard to the consequences.

Thanks in advance for your time.

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello WGB! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Link to post
Share on other sites

i am a paying customer - but let's continue working together.

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 08:05:07

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Carol - WGBEECK-FAMILY2

# Boot Mode : Normal

# Running from : C:\Users\Carol\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

File Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\searchplugins\Search_Results.xml

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Found : C:\Program Files (x86)\PriceGong

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\Carol\AppData\LocalLow\mediabarim

Folder Found : C:\Users\Carol\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Found : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\mediabarim

Folder Found : C:\Users\Chelsea\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Found : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\FCTB

Folder Found : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\mediabarim

Folder Found : C:\Users\Christopher\AppData\LocalLow\mediabarim

Folder Found : C:\Users\Christopher\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\mediabarim

Folder Found : C:\Users\William\AppData\LocalLow\mediabarim

Folder Found : C:\Users\William\AppData\LocalLow\PriceGong

Folder Found : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Found : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\mediabarim

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Headlight

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO

Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1

Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl

Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

Key Found : HKLM\SOFTWARE\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Found : HKU\S-1-5-21-1243048483-1266450303-411617422-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKU\S-1-5-21-1243048483-1266450303-411617422-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0 (en-US)

Profile name : default

File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\prefs.js

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q=");

Profile name : default

File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\prefs.js

Found : user_pref("browser.search.selectedEngine", "Search Results");

Profile name : default

File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search Results");

Found : user_pref("browser.search.order.1", "Search Results");

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q=");

Profile name : default

File : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\prefs.js

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false);

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true);

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 8);

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false);

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false);

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.session", "598EBF29C083363C1BBCC47820EB7E199EA1[...]

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en");

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "20467347");

Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false);

*************************

AdwCleaner[R1].txt - [7521 octets] - [12/10/2012 08:05:07]

########## EOF - C:\AdwCleaner[R1].txt - [7581 octets] ##########

Link to post
Share on other sites

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Link to post
Share on other sites

As part of the delete, i got a notification that an attempt to switch my default search away from google was made. the update was blocked (google kept as default search).

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 11:17:56

# Updated 06/10/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Carol - WGBEECK-FAMILY2

# Boot Mode : Normal

# Running from : C:\Users\Carol\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

File Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\searchplugins\Search_Results.xml

Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com

Folder Deleted : C:\Program Files (x86)\PriceGong

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\Carol\AppData\LocalLow\mediabarim

Folder Deleted : C:\Users\Carol\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Deleted : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\mediabarim

Folder Deleted : C:\Users\Chelsea\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Deleted : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\FCTB

Folder Deleted : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\mediabarim

Folder Deleted : C:\Users\Christopher\AppData\LocalLow\mediabarim

Folder Deleted : C:\Users\Christopher\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\mediabarim

Folder Deleted : C:\Users\William\AppData\LocalLow\mediabarim

Folder Deleted : C:\Users\William\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

Folder Deleted : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\mediabarim

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO

Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl

Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0 (en-US)

Profile name : default

File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\prefs.js

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q=");

Profile name : default

File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "Search Results");

Profile name : default

File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Search Results");

Deleted : user_pref("browser.search.order.1", "Search Results");

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q=");

Profile name : default

File : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\prefs.js

C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\user.js ... Deleted !

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false);

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true);

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 8);

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false);

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false);

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.session", "598EBF29C083363C1BBCC47820EB7E199EA1[...]

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en");

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "20467347");

Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false);

*************************

AdwCleaner[R1].txt - [7640 octets] - [12/10/2012 08:05:07]

AdwCleaner[R2].txt - [7700 octets] - [12/10/2012 11:17:32]

AdwCleaner[s1].txt - [7579 octets] - [12/10/2012 11:17:56]

########## EOF - C:\AdwCleaner[s1].txt - [7639 octets] ##########

Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.