BearDiag can be executed from anywhere, right, including using Run when the download is finished (so it's in a temporary folder). I put this copy in C:\ (just testing stuff).

I guess with BearShare missing, the script doesn't finish?, Hijack stays running and <ctrl-v> only has a filename, "Notepad.exe C:\\BearDIAG.txt".

HiJack log was in a notepad window, so I added it to this list and added [ code ] around it manually.

And since I've posted this anything I can do to get rid of Yahoo browser stuff and any other 'junk'? Thanks! :D


BEARDIAG ISSUES - brief summary: (Extracted on 2007/03/11 12:06:43)
BearShare installation unable to be verified. Information extracted so far by BearDiag will be reported
More technical diagnostic troubleshooting information follows:
BEARDIAG: Bearcare for BearShare.
Details collected on 2007/03/11 12:06:10, BEARDIAG Version 01.99.16.0 beta, expires 2007/07/30 (141 days), running from C:\BearDiag.exe
System Hardware Information
CPU Type is: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, CPU speed is approx: 2009Mhz, System BIOS date is: 2006/07/14
OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: TOLEDO
Browser name: C:\Program Files\Internet Explorer\IEXPLORE.EXE, version: 7.0.6000.16414, Admin user? YES
System Memory Parameters: Memory in use: 35%
Total Physical RAM: 894.5Mb Available Physical RAM: 576.1Mb
Total Pagefile: 8.8Gb Available Pagefile: 8.5Gb
Internet IP Address 71.123.xxx.xxx Local IP Address 192.168.1.46 You are behind a NAT firewall and/or router.
Sorry! It appears that BearShare is not correctly installed on your system.
This may be due to other peer-to-peer file sharing software overwriting important information.
This may also be due to rogue anti-spyware incorrectly giving a false positive detection on BearShare. (The beta tester version of Microsoft anti-spyware is one example)
You should re-install BearShare to fix this.
This program will now exit
Diagnostic code: INSTALL "C:\Program Files\BearFlix\BearFlix.exe" "%1"


StartupList report, 3/11/2007, 12:06:19 PM
StartupList version: 1.52
Started from : C:\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\BearDiag.exe
C:\StartupList.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------

Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
--------------------------------------------------
Enumerating Task Scheduler jobs:
User_Feed_Synchronization-{C6A58C9F-689D-4201-A9F1-14C98FBD2E2E}.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[DownloadManager Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX
CODEBASE = http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169926929265
[Crucial cpcScan]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\cpcScan.dll
CODEBASE = http://www.crucial.com/controls/cpcScanner.cab
[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
[IWinAmpActiveX Class]
InProcServer32 = C:\PROGRA~1\COMMON~1\Nullsoft\ActiveX\2.4\AmpX.dll
CODEBASE = http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 5,439 bytes
Report generated in 0.031 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Current task list information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/11 12:06:14
PID Process Name File Version Pk Mem Usg. Command line that invoked task
0 System Idle Process 0.0.0.0 0Mb ><
4 System 0.0.0.0 3.97Mb ><
852 smss.exe 5.1.2600.2180 0.88Mb >\SystemRoot\System32\smss.exe<
940 csrss.exe 0.0.0.0 5.65Mb ><
964 winlogon.exe 5.1.2600.2180 18.51Mb >winlogon.exe<
1012 services.exe 5.1.2600.2180 3.79Mb >C:\WINDOWS\system32\services.exe<
1024 lsass.exe 5.1.2600.2180 6.2Mb >C:\WINDOWS\system32\lsass.exe<
1192 svchost.exe 5.1.2600.2180 5.48Mb >C:\WINDOWS\system32\svchost -k DcomLaunch<
1276 svchost.exe 0.0.0.0 4.52Mb ><
1408 svchost.exe 5.1.2600.2180 26.67Mb >C:\WINDOWS\System32\svchost.exe -k netsvcs<
1532 svchost.exe 0.0.0.0 3.36Mb ><
1700 svchost.exe 0.0.0.0 3.98Mb ><
1956 spoolsv.exe 5.1.2600.2696 5.61Mb >C:\WINDOWS\system32\spoolsv.exe<
436 guard.exe 7.5.0.47 20.82Mb >"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"<
452 avgamsvr.exe 7.5.0.445 3.96Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe<
492 avgupsvc.exe 7.5.0.420 2.39Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe<
512 avgemc.exe 7.5.0.442 7.02Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe<
552 boinc.exe 0.0.0.0 32.46Mb ><
632 ehSched.exe 5.1.2710.2732 2.84Mb >C:\WINDOWS\eHome\ehSched.exe<
772 svchost.exe 0.0.0.0 3.9Mb ><
792 svchost.exe 5.1.2600.2180 4.85Mb >C:\WINDOWS\system32\svchost.exe -k imgsvc<
1148 mcrdsvc.exe 0.0.0.0 3.12Mb ><
1904 explorer.exe 6.0.2900.2180 25.59Mb >C:\WINDOWS\Explorer.EXE<
2512 dllhost.exe 5.1.2600.2180 6.22Mb >C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}<
2552 alg.exe 0.0.0.0 3.61Mb ><
3076 wuauclt.exe 5.8.0.2469 8.16Mb >"C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[580]SUSDS70ce530a924e904f921933ac8f77ca4f<
3188 taskmgr.exe 5.1.2600.2180 4.43Mb >taskmgr.exe<
3304 ctfmon.exe 5.1.2600.2180 3.65Mb >ctfmon.exe<
3564 primegen_5.13_window 0.0.0.0 11.05Mb >projects/www.primegrid.com/primegen_5.13_windows_intelx86.exe 88362600000 100000<
3596 primegen_5.13_window 0.0.0.0 10.96Mb >projects/www.primegrid.com/primegen_5.13_windows_intelx86.exe 88362700000 100000<
3852 BearDiag.exe 1.99.16.0 11.08Mb >"C:\BearDiag.exe" <
3948 wmiprvse.exe 0.0.0.0 5.63Mb ><

BearShare library folder information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/11 12:06:43


Firewall information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/11 12:06:47
Default gateway is 192.168.1.1

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Windows Messenger / C:\Program Files\Messenger\msmsgs.exe
Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Enable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exe
Enable BitTorrent / C:\Program Files\BitTorrent\bittorrent.exe
Enable Install Consumer Experience Network Plug in / C:\Documents and Settings\tom\Local Settings\Temp\temp\setup\HPZnet01.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Render Manager / C:\Program Files\Pinnacle\Studio 10\programs\RM.exe
Enable Studio / C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe
Enable PMSRegisterFile / C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe
Enable umi / C:\Program Files\Pinnacle\Studio 10\programs\umi.exe
Enable PMSManager / C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe
Enable avginet.exe / C:\Program Files\Grisoft\AVG Free\avginet.exe
Enable avgamsvr.exe / C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
Enable avgcc.exe / C:\Program Files\Grisoft\AVG Free\avgcc.exe
Enable avgemc.exe / C:\Program Files\Grisoft\AVG Free\avgemc.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Enable boinc.exe / C:\Program Files\BOINC\boinc.exe
Enable Beyond TV Registration Service / C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe
Enable Beyond TV Library Service / C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
Enable Beyond TV Network Service / C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
Enable Beyond TV Recording Engine / C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
Enable Beyond TV Guide Data Loader / C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe
Enable Beyond TV Settings Service / C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
Enable Beyond TV Task Manager Service / C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
Enable Beyond TV ViewScape / C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe
Enable Beyond TV Setup Wizard / C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe
Enable WISE-FTP application executable / C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe
Enable BearShare / C:\Program Files\BearShare Applications\BearShare\BearShare.exe
Enable BearFlix / C:\Program Files\BearFlix\bearflix.exe
Enable SightSpeed / C:\Program Files\SightSpeed\SightSpeed.exe
Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
1900 UDP Enable SSDP Component of UPnP Framework
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
1394 Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable

Important listing 'hijackthis.log' could not be found - details not available. Please re-run from C:\HijackThis.exe to generate and paste in your reply in the forum.

Logfile of HijackThis v1.99.1
Scan saved at 12:06:52 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\BearDiag.exe
C:\HijackThis.exe
C:\WINDOWS\system32\Notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169926929265
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BOINC - Unknown owner - C:\Program Files\BOINC\boinc.exe" -daemon (file missing)

Thanks for the feedback on BearDiag. BearDiag should be able to be run from anywhere. I'll check on the algorithms when running in the system root folder.

Is Yahoo mentioned in the control panel add/remove programs area? This may be the cleanest way of ridding your system of it, otherwise fire up C:\HiJackThis.exe and start ticking boxes to fix it.

Putting in a folder fixed that and I manually removed the Yahoo stuff--I had removed inside IE, first, this was 'junk' left-over.
BEARDIAG ISSUES - brief summary: (Extracted on 2007/03/11 19:59:36)
Warning: Possible disk errors present. See How to check your disk drive for errors (http://www.technutopia.com/forum/showthread.php?t=1260) - do not skip this step.
BearShare installation unable to be verified. Information extracted so far by BearDiag will be reported
More technical diagnostic troubleshooting information follows:
BEARDIAG: Bearcare for BearShare.
Details collected on 2007/03/11 19:58:03, BEARDIAG Version 01.99.16.0 beta, expires 2007/07/30 (141 days), running from C:\BearDiag\BearDiag.exe
System Hardware Information
CPU Type is: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, CPU speed is approx: 2009Mhz, System BIOS date is: 2006/07/14
OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: TOLEDO
Browser name: C:\Program Files\Internet Explorer\IEXPLORE.EXE, version: 7.0.6000.16414, Admin user? YES
System Memory Parameters: Memory in use: 62%
Total Physical RAM: 894.5Mb Available Physical RAM: 339.2Mb
Total Pagefile: 8.8Gb Available Pagefile: 8.4Gb
Internet IP Address 71.123.xxx.xxx Local IP Address 192.168.1.46 You are behind a NAT firewall and/or router.
Sorry! It appears that BearShare is not correctly installed on your system.
This may be due to other peer-to-peer file sharing software overwriting important information.
This may also be due to rogue anti-spyware incorrectly giving a false positive detection on BearShare. (The beta tester version of Microsoft anti-spyware is one example)
You should re-install BearShare to fix this.
This program will now exit
Diagnostic code: INSTALL "C:\Program Files\BearFlix\BearFlix.exe" "%1"


StartupList report, 3/11/2007, 7:58:13 PM
StartupList version: 1.52
Started from : C:\BearDiag\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\BOINC\projects\www.chess960athome.org_alpha\chess960_1.26_windows_intelx86.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\BOINC\slots\2\engine_r2.exe
C:\Program Files\BOINC\projects\xw01.lri.fr_4320\xtremlab_2.12_windows_intelx86.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\BearDiag\BearDiag.exe
C:\BearDiag\StartupList.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\tom\Start Menu\Programs\Startup]
Folding@Home 5.03.lnk = ?
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe = "1&1 EasyLogin" HIDE
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------

Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169926929265
[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 5,188 bytes
Report generated in 0.016 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Current task list information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/11 19:58:09
PID Process Name File Version Pk Mem Usg. Command line that invoked task
0 System Idle Process 0.0.0.0 0Mb ><
4 System 0.0.0.0 3.98Mb ><
852 smss.exe 5.1.2600.2180 0.9Mb >\SystemRoot\System32\smss.exe<
944 csrss.exe 0.0.0.0 8.7Mb ><
968 winlogon.exe 5.1.2600.2180 29.95Mb >winlogon.exe<
1016 services.exe 5.1.2600.2180 4.07Mb >C:\WINDOWS\system32\services.exe<
1028 lsass.exe 5.1.2600.2180 8.37Mb >C:\WINDOWS\system32\lsass.exe<
1192 svchost.exe 5.1.2600.2180 7.11Mb >C:\WINDOWS\system32\svchost -k DcomLaunch<
1276 svchost.exe 0.0.0.0 4.61Mb ><
1404 svchost.exe 5.1.2600.2180 43.82Mb >C:\WINDOWS\System32\svchost.exe -k netsvcs<
1532 svchost.exe 0.0.0.0 3.48Mb ><
1700 svchost.exe 0.0.0.0 4.04Mb ><
1960 spoolsv.exe 5.1.2600.2696 6.35Mb >C:\WINDOWS\system32\spoolsv.exe<
424 guard.exe 7.5.0.47 20.82Mb >"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"<
440 avgamsvr.exe 7.5.0.445 3.96Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe<
480 avgupsvc.exe 7.5.0.420 2.39Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe<
508 avgemc.exe 7.5.0.442 7.02Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe<
544 boinc.exe 0.0.0.0 37.97Mb ><
612 ehSched.exe 5.1.2710.2732 6.17Mb >C:\WINDOWS\eHome\ehSched.exe<
532 svchost.exe 0.0.0.0 3.91Mb ><
328 svchost.exe 5.1.2600.2180 6.66Mb >C:\WINDOWS\system32\svchost.exe -k imgsvc<
1096 mcrdsvc.exe 0.0.0.0 3.1Mb ><
2480 dllhost.exe 5.1.2600.2180 6.21Mb >C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}<
2540 alg.exe 0.0.0.0 3.68Mb ><
1180 explorer.exe 6.0.2900.2180 40.28Mb >C:\WINDOWS\Explorer.EXE<
2788 ctfmon.exe 5.1.2600.2180 4.08Mb >"C:\WINDOWS\system32\ctfmon.exe" <
3256 winFAH.exe 5.0.3.0 13.73Mb >"C:\Program Files\Folding@Home\winFAH.exe" <
3376 FahCore_78.exe 0.0.0.0 12.86Mb >FahCore_78.exe -dir work/ -suffix 01 -checkpoint 15 -lifeline 3256 -version 503
<
2276 chess960_1.26_window 0.0.0.0 1.85Mb >projects/www.chess960athome.org_alpha/chess960_1.26_windows_intelx86.exe -nodes 150000000 -engineid 0 -ag 29 -de 130 -mmg 200 -ps 100 -debug 2 -startup "fen bqnrkbrn/pppppppp/8/8/8/8/PPPPPPPP/BQNRKBRN w DGdg - 0 1 moves e2e3"<
4048 cmd.exe 5.1.2600.2180 1.71Mb >cmd /c launch.bat<
436 engine_r2.exe 0.0.0.0 72.92Mb >engine_r2.exe <
2760 xtremlab_2.12_window 0.0.0.0 2.37Mb >projects/xw01.lri.fr_4320/xtremlab_2.12_windows_intelx86.exe <
4064 primegen_5.13_window 0.0.0.0 30.95Mb >projects/www.primegrid.com/primegen_5.13_windows_intelx86.exe 88847100000 100000<
3480 primegen_5.13_window 0.0.0.0 19.05Mb >projects/www.primegrid.com/primegen_5.13_windows_intelx86.exe 88977100000 100000<
3724 wuauclt.exe 5.8.0.2469 6.87Mb >"C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[57c]SUSDSef0a396850690e4c89a75689023d9b45<
2828 wmiprvse.exe 0.0.0.0 6.52Mb ><
152 BearDiag.exe 1.99.16.0 11.04Mb >"C:\BearDiag\BearDiag.exe" <

BearShare library folder information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/11 19:59:36


Firewall information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/11 19:59:39
Default gateway is 192.168.1.1

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Windows Messenger / C:\Program Files\Messenger\msmsgs.exe
Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Enable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exe
Enable BitTorrent / C:\Program Files\BitTorrent\bittorrent.exe
Enable Install Consumer Experience Network Plug in / C:\Documents and Settings\tom\Local Settings\Temp\temp\setup\HPZnet01.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Render Manager / C:\Program Files\Pinnacle\Studio 10\programs\RM.exe
Enable Studio / C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe
Enable PMSRegisterFile / C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe
Enable umi / C:\Program Files\Pinnacle\Studio 10\programs\umi.exe
Enable PMSManager / C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe
Enable avginet.exe / C:\Program Files\Grisoft\AVG Free\avginet.exe
Enable avgamsvr.exe / C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
Enable avgcc.exe / C:\Program Files\Grisoft\AVG Free\avgcc.exe
Enable avgemc.exe / C:\Program Files\Grisoft\AVG Free\avgemc.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Enable boinc.exe / C:\Program Files\BOINC\boinc.exe
Enable Beyond TV Registration Service / C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe
Enable Beyond TV Library Service / C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
Enable Beyond TV Network Service / C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
Enable Beyond TV Recording Engine / C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
Enable Beyond TV Guide Data Loader / C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe
Enable Beyond TV Settings Service / C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
Enable Beyond TV Task Manager Service / C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
Enable Beyond TV ViewScape / C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe
Enable Beyond TV Setup Wizard / C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe
Enable WISE-FTP application executable / C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe
Enable BearShare / C:\Program Files\BearShare Applications\BearShare\BearShare.exe
Enable BearFlix / C:\Program Files\BearFlix\bearflix.exe
Enable SightSpeed / C:\Program Files\SightSpeed\SightSpeed.exe
Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
1900 UDP Enable SSDP Component of UPnP Framework
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
1394 Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable


Logfile of HijackThis v1.99.1
Scan saved at 7:58:16 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\BOINC\projects\www.chess960athome.org_alpha\chess960_1.26_windows_intelx86.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\BOINC\slots\2\engine_r2.exe
C:\Program Files\BOINC\projects\xw01.lri.fr_4320\xtremlab_2.12_windows_intelx86.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\Program Files\BOINC\projects\www.primegrid.com\primegen_5.13_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\BearDiag\BearDiag.exe
C:\BearDiag\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O4 - Startup: Folding@Home 5.03.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169926929265
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BOINC - Unknown owner - C:\Program Files\BOINC\boinc.exe" -daemon (file missing)

.

I'll check the BearDiag algorithms again for root folder processing. Thanks for the feedback and it looks like you have de-infested yourself of the Yahoo files after the next system restart.

IE loads much quicker now! I'm not sure how I missed them with msconfig, but they were persistant :(

Okay, testing with bearshare b25 and I get different 'end' screens.

hijackthis.log is opened in notepad and then I get the screen to copy to clipboard.

This appears to have confused at least one person as they posted the hijackthis.log and not what was in the last window.

BTW: How do I get rid of that snapstream stuff--must be left over after it was uninstalled--just delete the folder?


BEARDIAG ISSUES - brief summary: (Extracted on 2007/03/14 08:47:49)
BearShare installation configuration file 'FreePeers.ini' not found. Check for configuration or installation errors.
BearShare installation configuration file 'FreePeers.ini' not found. Check for configuration or installation errors.
More technical diagnostic troubleshooting information follows:
BEARDIAG: Bearcare for BearShare.
Details collected on 2007/03/14 08:47:02, BEARDIAG Version 01.99.16.0 beta, expires 2007/07/30 (138 days), running from C:\BearDiag\BearDiag.exe
System Hardware Information
CPU Type is: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+, CPU speed is approx: 2009Mhz, System BIOS date is: 2006/07/14
OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: TOLEDO
Browser name: C:\Program Files\Internet Explorer\IEXPLORE.EXE, version: 7.0.6000.16414, Admin user? YES
System Memory Parameters: Memory in use: 47%
Total Physical RAM: 894.5Mb Available Physical RAM: 471.9Mb
Total Pagefile: 8.8Gb Available Pagefile: 8.4Gb
Internet IP Address 71.123.xxx.xxx Local IP Address 192.168.1.46 You are behind a NAT firewall and/or router.
File Locations
Program files are at: C:\Program Files, System Temporary files are at: C:\DOCUME~1\tom\LOCALS~1\Temp, Common desktop is at:C:\Documents and Settings\All Users\Desktop
BearShare version installed is: 5.1.0.25, Gnutella servent BearShare full path is: C:\Program Files\BearShare Test\
Temporary downloads at: NOT AVAILABLE\, Completed downloads at: NOT AVAILABLE\
Disk statistics
Drive C: Total space: 113.76Gb Free: 44.75Gb Full: 60.7% Vol type: NTFS
Drive NO Total space: 0.00Mb Free: 0.00Mb Full: -1.$% Vol type:
Folder Statistics
Temporary downloads folder: Space used: , File count: , Write access allowed? , # of DAT files: , #BAK: , #TIGER: , #TMP: , Other: 0
Completed downloads folder: Space used: , File count: , Write access allowed?
BearShare library file 'library.db' size is 0, '/db' library folder size is 154.4Kb, console log size is 0
BearShare installation configuration file 'FreePeers.ini' not found. Check for configuration or installation errors.
C:\Program Files\BearShare Test\db\BearShareHostiles.zip: 1323908 bytes transferred over 14.21 seconds. Download speed is 745Kbps.
LSPFix.exe: 186880 bytes transferred over 1.61 seconds. Download speed is 926Kbps.


StartupList report, 3/14/2007, 8:47:10 AM
StartupList version: 1.52
Started from : C:\BearDiag\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\BOINC\projects\www.malariacontrol.net\malariacontrol_5.45_windows_intelx86
C:\Program Files\BOINC\projects\dist.ist.tugraz.at_cape5\tcape-crossing_5.49_windows_intelx86.exe
C:\BearDiag\BearDiag.exe
C:\BearDiag\StartupList.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe = "1&1 EasyLogin" HIDE
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------

Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Critical Battery Alarm Program.job
Low Battery Alarm Program.job
--------------------------------------------------
Enumerating Download Program Files:
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169926929265
[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 4,603 bytes
Report generated in 0.000 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Current task list information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/14 08:47:05
PID Process Name File Version Pk Mem Usg. Command line that invoked task
0 System Idle Process 0.0.0.0 0Mb ><
4 System 0.0.0.0 3.98Mb ><
852 smss.exe 5.1.2600.2180 0.9Mb >\SystemRoot\System32\smss.exe<
916 csrss.exe 0.0.0.0 9.05Mb ><
940 winlogon.exe 5.1.2600.2180 45.47Mb >winlogon.exe<
988 services.exe 5.1.2600.2180 22.24Mb >C:\WINDOWS\system32\services.exe<
1000 lsass.exe 5.1.2600.2180 8.21Mb >C:\WINDOWS\system32\lsass.exe<
1164 svchost.exe 5.1.2600.2180 6.8Mb >C:\WINDOWS\system32\svchost -k DcomLaunch<
1256 svchost.exe 0.0.0.0 4.54Mb ><
1384 svchost.exe 5.1.2600.2180 45.36Mb >C:\WINDOWS\System32\svchost.exe -k netsvcs<
1500 svchost.exe 0.0.0.0 3.5Mb ><
1680 svchost.exe 0.0.0.0 3.89Mb ><
1924 spoolsv.exe 5.1.2600.2696 6.2Mb >C:\WINDOWS\system32\spoolsv.exe<
2040 guard.exe 7.5.0.47 20.82Mb >"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"<
144 avgamsvr.exe 7.5.0.445 4.75Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe<
204 avgupsvc.exe 7.5.0.420 2.39Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe<
228 avgemc.exe 7.5.0.442 24.45Mb >C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe<
396 ehSched.exe 5.1.2710.2732 6.13Mb >C:\WINDOWS\eHome\ehSched.exe<
504 svchost.exe 0.0.0.0 3.91Mb ><
552 svchost.exe 5.1.2600.2180 4.36Mb >C:\WINDOWS\system32\svchost.exe -k imgsvc<
688 mcrdsvc.exe 0.0.0.0 3.09Mb ><
2100 dllhost.exe 5.1.2600.2180 6.21Mb >C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}<
2152 alg.exe 0.0.0.0 3.58Mb ><
3168 explorer.exe 6.0.2900.2180 49.79Mb >C:\WINDOWS\Explorer.EXE<
2260 ctfmon.exe 5.1.2600.2180 4.76Mb >"C:\WINDOWS\system32\ctfmon.exe" <
2732 taskmgr.exe 5.1.2600.2180 5.21Mb >taskmgr.exe<
2052 winFAH.exe 5.0.3.0 15.06Mb >winfah -oneunit<
2308 FahCore_78.exe 0.0.0.0 12.86Mb >FahCore_78.exe -dir work/ -suffix 01 -checkpoint 15 -lifeline 2052 -version 503
<
3336 boinc.exe 0.0.0.0 18.5Mb ><
3772 malariacontrol_5.45_ 0.0.0.0 65.86Mb >projects/www.malariacontrol.net/malariacontrol_5.45_windows_intelx86 <
804 tcape-crossing_5.49_ 0.0.0.0 3.11Mb >projects/dist.ist.tugraz.at_cape5/tcape-crossing_5.49_windows_intelx86.exe data11cr102 17 NMAX=20 TIME=14400 OUTPUTSIZE=18 OUTPUTFILE=tuedrei102_0339_0368_0495 FROM=339 TO=339 RECSTART=368,495 RECFINAL=368,496<
10988 wmiprvse.exe 0.0.0.0 6.51Mb ><
12232 BearDiag.exe 1.99.16.0 10.93Mb >"C:\BearDiag\BearDiag.exe" <

BearShare library folder information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/14 08:47:49
Volume in drive C is ACER
Volume Serial Number is 6074-DF77
Directory of C:\Program Files\BearShare Test\db
03/14/2007 08:47 AM <DIR> .
03/14/2007 08:47 AM <DIR> ..
03/14/2007 08:47 AM 1,323,908 BearShareHostiles.zip
06/20/2005 05:17 PM 158,148 connect.txt
03/03/2007 11:27 AM 9,934,065 Hostiles.txt
3 File(s) 11,416,121 bytes
2 Dir(s) 48,033,570,816 bytes free


Firewall information for TOLEDO, running WIN_XP, Service Pack 2, build 2600
Details collected on 2007/03/14 08:47:54
Default gateway is 192.168.1.1

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Windows Messenger / C:\Program Files\Messenger\msmsgs.exe
Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Enable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exe
Enable BitTorrent / C:\Program Files\BitTorrent\bittorrent.exe
Enable Install Consumer Experience Network Plug in / C:\Documents and Settings\tom\Local Settings\Temp\temp\setup\HPZnet01.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Render Manager / C:\Program Files\Pinnacle\Studio 10\programs\RM.exe
Enable Studio / C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe
Enable PMSRegisterFile / C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe
Enable umi / C:\Program Files\Pinnacle\Studio 10\programs\umi.exe
Enable PMSManager / C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe
Enable avginet.exe / C:\Program Files\Grisoft\AVG Free\avginet.exe
Enable avgamsvr.exe / C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
Enable avgcc.exe / C:\Program Files\Grisoft\AVG Free\avgcc.exe
Enable avgemc.exe / C:\Program Files\Grisoft\AVG Free\avgemc.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Enable boinc.exe / C:\Program Files\BOINC\boinc.exe
Enable Beyond TV Registration Service / C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe
Enable Beyond TV Library Service / C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
Enable Beyond TV Network Service / C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
Enable Beyond TV Recording Engine / C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
Enable Beyond TV Guide Data Loader / C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe
Enable Beyond TV Settings Service / C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
Enable Beyond TV Task Manager Service / C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
Enable Beyond TV ViewScape / C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe
Enable Beyond TV Setup Wizard / C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe
Enable WISE-FTP application executable / C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe
Enable BearShare / C:\Program Files\BearShare Applications\BearShare\BearShare.exe
Enable BearFlix / C:\Program Files\BearFlix\bearflix.exe
Enable SightSpeed / C:\Program Files\SightSpeed\SightSpeed.exe
Port configuration for Standard profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
1900 UDP Enable SSDP Component of UPnP Framework
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
1394 Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable


Logfile of HijackThis v1.99.1
Scan saved at 8:47:17 AM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\BOINC\projects\www.malariacontrol.net\malariacontrol_5.45_windows_intelx86
C:\Program Files\BOINC\projects\dist.ist.tugraz.at_cape5\tcape-crossing_5.49_windows_intelx86.exe
C:\BearDiag\BearDiag.exe
C:\BearDiag\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169926929265
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BOINC - Unknown owner - C:\Program Files\BOINC\boinc.exe" -daemon (file missing)

.

It must be beta software :D ran it again and there was no hijackthis.log in notepad.

What can/should I do to help with debugging?

BTW: How do I get rid of that snapstream stuff--must be left over after it was uninstalled--just delete the folder?

Firewall information for TOLEDO, running WIN_XP, Service Pack 2, build 2600

Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service

Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Windows Messenger / C:\Program Files\Messenger\msmsgs.exe
Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Enable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exe
Enable BitTorrent / C:\Program Files\BitTorrent\bittorrent.exe
Enable Install Consumer Experience Network Plug in / C:\Documents and Settings\tom\Local Settings\Temp\temp\setup\HPZnet01.exe
Enable Render Manager / C:\Program Files\Pinnacle\Studio 10\programs\RM.exe
Enable Studio / C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe
Enable PMSRegisterFile / C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe
Enable umi / C:\Program Files\Pinnacle\Studio 10\programs\umi.exe
Enable PMSManager / C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe
Enable Windows Live Messenger 8.0 (Phone) / C:\Program Files\MSN Messenger\msncall.exe
Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe
Enable Beyond TV Registration Service / C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe
Enable Beyond TV Library Service / C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe
Enable Beyond TV Network Service / C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe
Enable Beyond TV Recording Engine / C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
Enable Beyond TV Guide Data Loader / C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe
Enable Beyond TV Settings Service / C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe
Enable Beyond TV Task Manager Service / C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
Enable Beyond TV ViewScape / C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe
Enable Beyond TV Setup Wizard / C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe
Enable BearFlix / C:\Program Files\BearFlix\bearflix.exe
http://forums.snapstream.com/vb/showthread.php?t=31194 may be relevant.

You have a lot of firewall exceptions that may not be valid any more. These can be security loopholes that can be exploited by nastyware to access the Internet without your knowledge. Well worth cleaning up.

Maybe a FAQ on how to add and remove firewall exceptions in Windows may be in order. This could expand on the usual one we refer people to at http://www.bearshare.com/help/firewalls/windows-icf.htm

It must be beta software :D ran it again and there was no hijackthis.log in notepad.

What can/should I do to help with debugging?I suspect it's a timing issue with the speed at which BearDiag proceeds to close HiJackThis and Notepad windows - the timing settings are for average speed systems that aren't running CPU intensive things such as BOINC! :p

Increasing the time delays before closing certain windows makes BearDiag appear too unresponsive. I'll check if the alternate ways of detecting and closing certain open programs may be more reliable.

Thanks for the feedback.