Results 1 to 12 of 12

Thread: [Resolved] BearShare crashes {database library corrupt and badware present}

  1. #1
    Join Date
    Aug 2006
    Posts
    6
    Rep Power
    0

    [Resolved] BearShare crashes {database library corrupt and badware present}

    I get this message and the opportunity to send an error report as soon as I open bearshare. If I ignore it the program runs fine but if I choose an option it closes. Appreciate the help. It a great thing you guys are doing here.

    Code:
    BEARDIAG: Bearcare for BearShare.
    Details collected on 2006/08/14 23:58:01, BEARDIAG Version 01.99.6.0 beta, expires 2006/12/16 (124 days), running from C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe
    System Hardware Information
    CPU Type is: AMD Athlon(tm) XP 2800+, CPU speed is approx: 2088Mhz, System BIOS date is: 2003/08/08
    OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: YOUR-IVC7XRN4YF
    Browser name: C:\Program Files\Internet Explorer\iexplore.exe, version: 6.0.2900.2180, Admin user? YES
    System Memory Parameters:  Memory in use:  77%
    Total Physical RAM:  447.5Mb Available Physical RAM:  99.1Mb
    Total Pagefile:     1.0Gb Available Pagefile:   740.8Mb
    Internet IP Address 4.178.xxx.xxx 
    File Locations
    Program files are at: C:\Program Files, System Temporary files are at: C:\DOCUME~1\Family\LOCALS~1\Temp, Common desktop is at:C:\Documents and Settings\All Users\Desktop
    BearShare version installed is: 5.2.5.3, Gnutella servent BearShare full path is: C:\Program Files\BearShare\
    Temporary downloads at: C:\Program Files\BearShare\Temp\, Completed downloads at: C:\Documents and Settings\Family\Desktop\Gareth\Bear\New\
    Disk statistics
    Drive C: Total space: 111.79Gb Free: 105.11Gb Full: 6.0% Vol type: NTFS
    Folder Statistics
    Temporary downloads folder:  Space used: 38.6Mb,  File count: 46,  Write access allowed? YES
    Completed downloads folder:  Space used: 0,  File count: 0,  Write access allowed? YES
    BearShare library file 'library.db' size is 268.0Kb, '/db' library folder size is 12.7Mb, console log size is 1.4Kb
    FreePeers.ini settings
    The freepeers.ini file is found at C:\Program Files\BearShare\FreePeers.ini. The extracted settings are as follows:
    ProductLogic
    Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc
    Network
    0 : connectionType; Network connection type
    (0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values)
    6346 : listenPort; TCP/IP port number to listen on
    Hosts
    Yes : bNeverBecomeUltrapeer; Disable UltraPeer mode
    Authentication
    No bAuthenticateHosts; Authenticate host connections
    No bAuthenticateDownloads; Authenticate search results and downloads
    GBandwidthLogic
    Yes : bSymmetric; Is Internet connection symmetric
    56 : totalKbps; Maximum bandwidth for symmetric connections
    56 : sendKbps; Maximum outbound bandwidth for asymmetric connections
    56 : recvKbps; Maximum inbound bandwidth for asymmetric connections
    No : bMaxHostsKbps; Limit host bandwidth
    0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts
    No : bMaxUploadsKbps; Limit upload bandwidth
    0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads
    No : bMaxDownloadsKbps; Limit download bandwidth
    0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads
    HostLogic
    No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?
    FirewallLogic
    Yes : bTcpNFW; yes if TCP is not firewalled
    Yes : bUdpNFW; yes if UDP is not firewalled
    6346 : UDP Port; UDP port
    Downloads
    C:\Documents and Settings\Family\Desktop\Gareth\Bear\New : szDownloadsDir; Directory where completed and hashed downloads are moved to
    C:\Program Files\BearShare\Temp : szTempDir; Directory where partial downloads are kept
    1 : dlMaxFiles; Maximum files to download at once
    4 : dlMaxStreams; Maximum connections total
    4 : dlMaxStreamsFile; Maximum connections per file
    No : bDelCompletedDownloads;  ; Automatically remove completed downloads
    Yes : bEnableSparseFiles; Enable Sparse files for temporary files
    No : bDisablePushSources; Never send Push messages
    No : bDisablePushProxySources; Never send Push Proxy requests
    Uploads
    1 : maxTotUploads; Maximum files to upload at once
    0 : lastSendBpsMaxAvg; last session average outgoing bandwidth
    Code:
    StartupList report, 8/14/2006, 11:58:14 PM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\StartupList.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\eM\Bay Reader\Shwicon2k.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\WINDOWS\system32\slrundll.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\StartupList.exe
    --------------------------------------------------
    Listing of startup folders:
    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    CHotkey = mHotkey.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    showicon2k = C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
    9FD3E257 = C:\WINDOWS\System32\kifyypiz.exe
    REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    --------------------------------------------------
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ss3dfo.scr
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------
    
    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    Need2Find Bar BHO - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
    (no name) - (no file) - {549B5CA7-4A86-11D7-A4DF-000874180BB3}
    (no name) - C:\Program Files\RXToolBar\sfcont.dll (file missing) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483}
    (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
    (no name) - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    Symantec NetDetect.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
    [VerifyGMN Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
    CODEBASE = http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    [QDiagHUpdateObj Class]
    InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
    CODEBASE = http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
    --------------------------------------------------
    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*
    Windows NT checkdisk command:
    BootExecute = autocheck autochk *
    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\DOCUME~1\Family\LOCALS~1\Temp\GLB1A2B.EXE
    
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    --------------------------------------------------
    End of report, 6,556 bytes
    Report generated in 0.359 seconds
    Command line options:
       /verbose  - to add additional info on each section
       /complete - to include empty sections and unsuspicious data
       /full     - to include several rarely-important sections
       /force9x  - to include Win9x-only startups even if running on WinNT
       /forcent  - to include WinNT-only startups even if running on Win9x
       /forceall - to include all Win9x and WinNT startups, regardless of platform
       /history  - to list version history only
    Code:
    Current task list information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/14 23:58:08
     PID  Process Name            File Version  Pk Mem Usg. Command line that invoked task
        0 System Idle Process          0.0.0.0         0Mb  ><
        4 System                       0.0.0.0      3.25Mb  ><
      520 smss.exe               5.1.2600.2180      0.87Mb  >\SystemRoot\System32\smss.exe<
      584 csrss.exe                    0.0.0.0      6.63Mb  ><
      608 winlogon.exe           5.1.2600.2180     27.63Mb  >winlogon.exe<
      652 services.exe           5.1.2600.2180      6.52Mb  >C:\WINDOWS\system32\services.exe<
      664 lsass.exe              5.1.2600.2180       6.2Mb  >C:\WINDOWS\system32\lsass.exe<
      816 svchost.exe            5.1.2600.2180      5.32Mb  >C:\WINDOWS\system32\svchost -k DcomLaunch<
      884 svchost.exe                  0.0.0.0      4.19Mb  ><
      920 svchost.exe            5.1.2600.2180     38.51Mb  >C:\WINDOWS\System32\svchost.exe -k netsvcs<
      964 svchost.exe                  0.0.0.0       3.2Mb  ><
     1032 svchost.exe                  0.0.0.0      4.17Mb  ><
     1340 spoolsv.exe            5.1.2600.2696      5.39Mb  >C:\WINDOWS\system32\spoolsv.exe<
     1376 explorer.exe           6.0.2900.2180     26.29Mb  >C:\WINDOWS\Explorer.EXE<
     1476 AluSchedulerSvc.exe        3.0.0.166      2.27Mb  >"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"<
     1520 CCEVTMGR.EXE                 1.0.3.4      4.65Mb  >"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"<
     1564 LxrJD31s.exe                 0.0.0.0      0.92Mb  >LxrJD31s.exe<
     1624 NAVAPSVC.EXE              9.0.5.1015     17.51Mb  >"C:\Program Files\Norton AntiVirus\navapsvc.exe"<
     1644 nvsvc32.exe             6.14.10.4403      3.13Mb  >C:\WINDOWS\System32\nvsvc32.exe<
     1688 ccApp.exe                   1.0.10.6      9.08Mb  >"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <
     1744 mHotkey.exe                  2.2.2.0      7.24Mb  >"C:\WINDOWS\mHotkey.exe" <
     1780 shwicon2k.exe                1.0.0.5      2.78Mb  >"C:\Program Files\eM\Bay Reader\Shwicon2k.exe" <
     1812 slserv.exe                   1.0.0.1      0.98Mb  >slserv.exe<
     1864 svchost.exe            5.1.2600.2180      4.06Mb  >C:\WINDOWS\System32\svchost.exe -k imgsvc<
     1972 WkUFind.exe                9.0.912.0      0.66Mb  >"C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" <
     2036 SymWSC.exe               2005.1.2.20      7.47Mb  >"C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"<
      392 BigFix.exe                   1.7.6.0     12.34Mb  >"C:\Program Files\BigFix\BigFix.exe"  /atstartup<
     2260 alg.exe                      0.0.0.0      3.34Mb  ><
     2696 logonmgr.exe               2.0.284.0      2.68Mb  >"C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe" -Embedding<
     2728 msncc.exe                  2.0.284.0     18.13Mb  >"C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe" -Embedding<
     3192 msnmsgr.exe                7.5.324.0     17.52Mb  >"C:\Program Files\MSN Messenger\msnmsgr.exe" -Embedding<
     2280 msn.exe                 9.20.29.3000     73.55Mb  >"C:\Program Files\MSN\MSNCoreFiles\msn.exe" <
     4028 slrundll.exe                3.80.1.0      3.66Mb  >slrundll.exe SLGen.dll,SLRunServ SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000<
     1064 MSNAccel.exe               2.6.694.0     27.93Mb  >"C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe"<
      976 ntvdm.exe              5.1.2600.2180     11.42Mb  >"C:\WINDOWS\system32\ntvdm.exe" -f -i1 -w -a C:\WINDOWS\system32\krnl386.exe<
     3280 iexplore.exe           6.0.2900.2180     67.63Mb  >"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding<
     2228 AcroRd32.exe               7.0.8.218     21.49Mb  >"C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" /o /eo /l<
     1308 BearDiag[1].exe             1.99.6.0      8.38Mb  >"C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe" <
     1428 wmiprvse.exe                 0.0.0.0      5.34Mb  ><
    
    BearShare library folder information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/14 23:58:32
     Volume in drive C has no label.
     Volume Serial Number is C8DC-65E8
     Directory of C:\Program Files\BearShare\db
    08/14/2006  12:49 PM    <DIR>          .
    08/14/2006  12:49 PM    <DIR>          ..
    08/07/2006  06:10 PM         1,361,560 BearShareHostiles.zip
    08/01/2006  04:25 PM             3,103 config.bin
    08/14/2006  11:29 PM           111,397 connect.txt
    08/11/2006  08:28 PM            15,373 gnucache.dat
    08/04/2006  11:54 AM             1,483 gwebcache.dat
    08/11/2006  08:28 PM            15,374 hbcache.dat
    05/19/2004  10:09 PM             1,846 Hostiles.old
    04/30/2006  08:37 PM        10,384,336 Hostiles.txt
    08/04/2006  11:54 AM                 0 Hostiles-Chat.txt
    08/13/2006  07:23 PM           274,432 library.2.db
    08/13/2006  07:23 PM           273,408 library.2.db.lastgoodload.bak
    08/13/2006  07:23 PM            12,404 library.2.db-journal.bak
    03/01/2006  12:42 PM             7,453 library.dat
    08/13/2006  07:23 PM           274,432 library.db
    08/13/2006  07:23 PM           273,408 library.db.lastgoodload.bak
    08/13/2006  07:23 PM           274,432 library.db.sync
    08/13/2006  07:23 PM            12,404 library.db-journal.bak
    08/14/2006  11:33 PM                19 searches.ini
                  18 File(s)     13,296,864 bytes
                   2 Dir(s)  112,864,919,552 bytes free
    Code:
    Firewall information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/14 23:58:35
    Default gateway is 4.178.xxx.xxx
    
    Domain profile configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    Allowed programs configuration for Domain profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   MSN Messenger 7.5 / C:\Program Files\MSN Messenger\msnmsgr.exe
    Standard profile configuration (current):
    -------------------------------------------------------------------
    Operational mode                  = Disable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    Allowed programs configuration for Standard profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   MSN Messenger 7.5 / C:\Program Files\MSN Messenger\msnmsgr.exe
    Enable   P2P Networking / C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
    Enable   Kazaa / C:\Program Files\Kazaa\kazaa.exe
    Enable   BearShare / C:\Program Files\BearShare\BearShare.exe
    Log configuration:
    -------------------------------------------------------------------
    File location   = C:\WINDOWS\pfirewall.log
    Max file size   = 4096 KB
    Dropped packets = Disable
    Connections     = Disable
    Local Area Connection firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    MSN Explorer firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    MSN firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 11:58:19 PM, on 8/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\eM\Bay Reader\Shwicon2k.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\WINDOWS\system32\slrundll.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
    O4 - HKLM\..\Run: [9FD3E257] C:\WINDOWS\System32\kifyypiz.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
    O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8553EFF6-FA52-4317-B594-A90A76622CF5}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    
    .

  2. #2
    rumbach's Avatar
    rumbach is offline Beta Member Chief Warrant Officer 3rd Class
    Join Date
    Jul 2005
    Location
    Twin Falls Idaho
    Age
    67
    Posts
    1,259
    Rep Power
    11

    Re: BearShare has encountered a problem...

    I found two adware that you should get rid of, they are rxtoolbar and need2find bar.

    Download and update then run adaware se, delete anything it finds. The link is below.

    http://fileforum.betanews.com/sendfi...sepersonal.exe adaware se personal free

    When you have done that download and run beardiag from the link below and post the results.

    http://downloads.technutopia.com/beardiag/BearDiag.exe

  3. #3
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10

    Re: BearShare has encountered a problem...

    As well as doing the above, uninstall BigFix (it doesn't!).
    Dear Santa, please send more bandwidth. Same request as last year...

  4. #4
    Join Date
    Aug 2006
    Posts
    6
    Rep Power
    0

    Re: BearShare has encountered a problem...

    I run and update adaware religiously. I was able to delete bigfix and one of the others, need2find I think, with the remove program tool but RXTool Bar wasn't listed to I just deleted the file. It was empty. Here's the results:

    Code:
    BEARDIAG: Bearcare for BearShare.
    Details collected on 2006/08/15 21:21:55, BEARDIAG Version 01.99.6.0 beta, expires 2006/12/16 (123 days), running from C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe
    System Hardware Information
    CPU Type is: AMD Athlon(tm) XP 2800+, CPU speed is approx: 2088Mhz, System BIOS date is: 2003/08/08
    OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: YOUR-IVC7XRN4YF
    Browser name: C:\Program Files\Internet Explorer\iexplore.exe, version: 6.0.2900.2180, Admin user? YES
    System Memory Parameters:  Memory in use:  75%
    Total Physical RAM:  447.5Mb Available Physical RAM:  110.3Mb
    Total Pagefile:     1.0Gb Available Pagefile:   783.6Mb
    Internet IP Address 4.178.xxx.xxx 
    File Locations
    Program files are at: C:\Program Files, System Temporary files are at: C:\DOCUME~1\Family\LOCALS~1\Temp, Common desktop is at:C:\Documents and Settings\All Users\Desktop
    BearShare version installed is: 5.2.5.3, Gnutella servent BearShare full path is: C:\Program Files\BearShare\
    Temporary downloads at: C:\Program Files\BearShare\Temp\, Completed downloads at: C:\Documents and Settings\Family\Desktop\Gareth\Bear\New\
    Disk statistics
    Drive C: Total space: 111.79Gb Free: 105.11Gb Full: 6.0% Vol type: NTFS
    Folder Statistics
    Temporary downloads folder:  Space used: 45.7Mb,  File count: 56,  Write access allowed? YES
    Completed downloads folder:  Space used: 3.6Mb,  File count: 1,  Write access allowed? YES
    BearShare library file 'library.db' size is 268.0Kb, '/db' library folder size is 12.7Mb, console log size is 1.4Kb
    FreePeers.ini settings
    The freepeers.ini file is found at C:\Program Files\BearShare\FreePeers.ini. The extracted settings are as follows:
    ProductLogic
    Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc
    Network
    0 : connectionType; Network connection type
    (0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values)
    6346 : listenPort; TCP/IP port number to listen on
    Hosts
    Yes : bNeverBecomeUltrapeer; Disable UltraPeer mode
    Authentication
    No bAuthenticateHosts; Authenticate host connections
    No bAuthenticateDownloads; Authenticate search results and downloads
    GBandwidthLogic
    Yes : bSymmetric; Is Internet connection symmetric
    56 : totalKbps; Maximum bandwidth for symmetric connections
    56 : sendKbps; Maximum outbound bandwidth for asymmetric connections
    56 : recvKbps; Maximum inbound bandwidth for asymmetric connections
    No : bMaxHostsKbps; Limit host bandwidth
    0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts
    No : bMaxUploadsKbps; Limit upload bandwidth
    0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads
    No : bMaxDownloadsKbps; Limit download bandwidth
    0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads
    HostLogic
    No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?
    FirewallLogic
    Yes : bTcpNFW; yes if TCP is not firewalled
    Yes : bUdpNFW; yes if UDP is not firewalled
    6346 : UDP Port; UDP port
    Downloads
    C:\Documents and Settings\Family\Desktop\Gareth\Bear\New : szDownloadsDir; Directory where completed and hashed downloads are moved to
    C:\Program Files\BearShare\Temp : szTempDir; Directory where partial downloads are kept
    1 : dlMaxFiles; Maximum files to download at once
    4 : dlMaxStreams; Maximum connections total
    4 : dlMaxStreamsFile; Maximum connections per file
    No : bDelCompletedDownloads;  ; Automatically remove completed downloads
    Yes : bEnableSparseFiles; Enable Sparse files for temporary files
    No : bDisablePushSources; Never send Push messages
    No : bDisablePushProxySources; Never send Push Proxy requests
    Uploads
    1 : maxTotUploads; Maximum files to upload at once
    0 : lastSendBpsMaxAvg; last session average outgoing bandwidth
    Code:
    StartupList report, 8/15/2006, 9:22:11 PM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\StartupList.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\eM\Bay Reader\Shwicon2k.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
    C:\WINDOWS\system32\slrundll.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\StartupList.exe
    --------------------------------------------------
    Listing of startup folders:
    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    CHotkey = mHotkey.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    showicon2k = C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
    9FD3E257 = C:\WINDOWS\System32\kifyypiz.exe
    REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    --------------------------------------------------
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ss3dfo.scr
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------
    
    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - (no file) - {549B5CA7-4A86-11D7-A4DF-000874180BB3}
    (no name) - C:\Program Files\RXToolBar\sfcont.dll (file missing) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483}
    (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
    (no name) - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    Symantec NetDetect.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
    [VerifyGMN Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
    CODEBASE = http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    [QDiagHUpdateObj Class]
    InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
    CODEBASE = http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
    --------------------------------------------------
    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*
    Windows NT checkdisk command:
    BootExecute = autocheck autochk *
    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\PROGRA~1\UNINST~1.DLL
    
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    --------------------------------------------------
    End of report, 6,443 bytes
    Report generated in 0.047 seconds
    Command line options:
       /verbose  - to add additional info on each section
       /complete - to include empty sections and unsuspicious data
       /full     - to include several rarely-important sections
       /force9x  - to include Win9x-only startups even if running on WinNT
       /forcent  - to include WinNT-only startups even if running on Win9x
       /forceall - to include all Win9x and WinNT startups, regardless of platform
       /history  - to list version history only
    Code:
    Current task list information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/15 21:22:02
     PID  Process Name            File Version  Pk Mem Usg. Command line that invoked task
        0 System Idle Process          0.0.0.0         0Mb  ><
        4 System                       0.0.0.0      3.25Mb  ><
      520 smss.exe               5.1.2600.2180      0.87Mb  >\SystemRoot\System32\smss.exe<
      584 csrss.exe                    0.0.0.0      6.71Mb  ><
      608 winlogon.exe           5.1.2600.2180      31.8Mb  >winlogon.exe<
      652 services.exe           5.1.2600.2180      6.55Mb  >C:\WINDOWS\system32\services.exe<
      664 lsass.exe              5.1.2600.2180      9.21Mb  >C:\WINDOWS\system32\lsass.exe<
      816 svchost.exe            5.1.2600.2180      5.33Mb  >C:\WINDOWS\system32\svchost -k DcomLaunch<
      884 svchost.exe                  0.0.0.0      4.11Mb  ><
      920 svchost.exe            5.1.2600.2180     38.06Mb  >C:\WINDOWS\System32\svchost.exe -k netsvcs<
      972 svchost.exe                  0.0.0.0      3.19Mb  ><
     1036 svchost.exe                  0.0.0.0       4.2Mb  ><
     1336 spoolsv.exe            5.1.2600.2696      5.42Mb  >C:\WINDOWS\system32\spoolsv.exe<
     1372 explorer.exe           6.0.2900.2180     22.21Mb  >C:\WINDOWS\Explorer.EXE<
     1460 AluSchedulerSvc.exe        3.0.0.166      2.75Mb  >"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"<
     1504 CCEVTMGR.EXE                 1.0.3.4      4.66Mb  >"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"<
     1560 LxrJD31s.exe                 0.0.0.0      0.92Mb  >LxrJD31s.exe<
     1580 NAVAPSVC.EXE              9.0.5.1015      17.5Mb  >"C:\Program Files\Norton AntiVirus\navapsvc.exe"<
     1604 nvsvc32.exe             6.14.10.4403      3.13Mb  >C:\WINDOWS\System32\nvsvc32.exe<
     1696 slserv.exe                   1.0.0.1      0.98Mb  >slserv.exe<
     1776 svchost.exe            5.1.2600.2180      4.06Mb  >C:\WINDOWS\System32\svchost.exe -k imgsvc<
     1864 SymWSC.exe               2005.1.2.20      6.69Mb  >"C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"<
     1896 ccApp.exe                   1.0.10.6      9.45Mb  >"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <
     1940 mHotkey.exe                  2.2.2.0      7.02Mb  >"C:\WINDOWS\mHotkey.exe" <
     1968 shwicon2k.exe                1.0.0.5       2.8Mb  >"C:\Program Files\eM\Bay Reader\Shwicon2k.exe" <
     1992 WkUFind.exe                9.0.912.0      0.66Mb  >"C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" <
      408 HPOstr05.exe                 2.0.0.0     16.53Mb  >"C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe" <
      556 hpovdx05.exe                1.4.23.0      8.29Mb  >"C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE" /H /P0<
     2060 alg.exe                      0.0.0.0      3.33Mb  ><
     3024 msn.exe                 9.20.29.3000     52.75Mb  >"C:\Program Files\MSN\MSNCoreFiles\msn.exe" <
     3056 logonmgr.exe               2.0.284.0       2.7Mb  >"C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe" -Embedding<
     3088 msncc.exe                  2.0.284.0     14.19Mb  >"C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe" -Embedding<
     3240 slrundll.exe                3.80.1.0      3.66Mb  >slrundll.exe SLGen.dll,SLRunServ SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000<
     3412 MSNAccel.exe               2.6.694.0     16.94Mb  >"C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe"<
     3556 msnmsgr.exe                7.5.324.0     11.14Mb  >"C:\Program Files\MSN Messenger\msnmsgr.exe" -Embedding<
     2092 AcroRd32.exe               7.0.8.218     21.28Mb  >"C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe" /o /eo /l<
     2248 msmsgs.exe                4.7.0.3001       4.5Mb  >"C:\Program Files\Messenger\msmsgs.exe" -Embedding<
      364 BearDiag[1].exe             1.99.6.0      8.42Mb  >"C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe" <
     2436 wmiprvse.exe                 0.0.0.0      5.33Mb  ><
    
    BearShare library folder information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/15 21:22:29
     Volume in drive C has no label.
     Volume Serial Number is C8DC-65E8
     Directory of C:\Program Files\BearShare\db
    08/14/2006  12:49 PM    <DIR>          .
    08/14/2006  12:49 PM    <DIR>          ..
    08/07/2006  06:10 PM         1,361,560 BearShareHostiles.zip
    08/01/2006  04:25 PM             3,103 config.bin
    08/15/2006  09:03 PM           112,396 connect.txt
    08/11/2006  08:28 PM            15,373 gnucache.dat
    08/04/2006  11:54 AM             1,483 gwebcache.dat
    08/11/2006  08:28 PM            15,374 hbcache.dat
    05/19/2004  10:09 PM             1,846 Hostiles.old
    04/30/2006  08:37 PM        10,384,336 Hostiles.txt
    08/04/2006  11:54 AM                 0 Hostiles-Chat.txt
    08/13/2006  07:23 PM           274,432 library.2.db
    08/13/2006  07:23 PM           273,408 library.2.db.lastgoodload.bak
    08/13/2006  07:23 PM            12,404 library.2.db-journal.bak
    03/01/2006  12:42 PM             7,453 library.dat
    08/13/2006  07:23 PM           274,432 library.db
    08/13/2006  07:23 PM           273,408 library.db.lastgoodload.bak
    08/13/2006  07:23 PM           274,432 library.db.sync
    08/13/2006  07:23 PM            12,404 library.db-journal.bak
    08/15/2006  09:06 PM                19 searches.ini
                  18 File(s)     13,297,863 bytes
                   2 Dir(s)  112,859,828,224 bytes free
    Code:
    Firewall information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/15 21:22:32
    Default gateway is 4.178.xxx.xxx
    
    Domain profile configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    Allowed programs configuration for Domain profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   MSN Messenger 7.5 / C:\Program Files\MSN Messenger\msnmsgr.exe
    Standard profile configuration (current):
    -------------------------------------------------------------------
    Operational mode                  = Disable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    Allowed programs configuration for Standard profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   MSN Messenger 7.5 / C:\Program Files\MSN Messenger\msnmsgr.exe
    Enable   P2P Networking / C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
    Enable   Kazaa / C:\Program Files\Kazaa\kazaa.exe
    Enable   BearShare / C:\Program Files\BearShare\BearShare.exe
    Log configuration:
    -------------------------------------------------------------------
    File location   = C:\WINDOWS\pfirewall.log
    Max file size   = 4096 KB
    Dropped packets = Disable
    Connections     = Disable
    Local Area Connection firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    MSN Explorer firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    MSN firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 9:22:13 PM, on 8/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\eM\Bay Reader\Shwicon2k.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
    C:\WINDOWS\system32\slrundll.exe
    C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\BearDiag[1].exe
    C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
    O4 - HKLM\..\Run: [9FD3E257] C:\WINDOWS\System32\kifyypiz.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
    O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8553EFF6-FA52-4317-B594-A90A76622CF5}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    
    .

  5. #5
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10

    Re: BearShare has encountered a problem...

    MSN Accelerator may be interfering with BearShare. Try uninstalling it and see if it makes a big difference.

    BearShare doesn't like proxies. Is that setup that way on purpose?

    9FD3E257 = C:\WINDOWS\System32\kifyypiz.exe reeks of an infection. If Symantec won't remove it with all the latest updates installed, uninstall Symantec and use AVG to find and zap it instead. Download it from here: AVG (free)

    Tick off the following in HijackThis (found at C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\HijackThis.exe on your PC), close all browser windows (this is important to do this before the remove stage and keep them closed until you restart), and then remove them:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [9FD3E257] C:\WINDOWS\System32\kifyypiz.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8553EFF6-FA52-4317-B594-A90A76622CF5}: NameServer = 209.244.0.3 & 209.244.0.4 - check with your ISP support area if these Name Servers should be there and remove if they don't know or they shouldn't be - a popular way of hijacking an Internet connection
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    Shut down Windows and restart and verify they have not reappeared by running HijackThis again.

    You may wish to remove P2P Networking and Kazaa as enabled applications from your Windows firewall to prevent a security exposure.

    Advise on progress and post a fresh BearDiag listing.
    Dear Santa, please send more bandwidth. Same request as last year...

  6. #6
    Join Date
    Aug 2006
    Posts
    6
    Rep Power
    0

    Re: BearShare has encountered a problem...

    MSN Accelerator wasn't the problem. Also, I never had a problem like this with previous versions of BS. Forgive my ignorance, but I'm not familiar with HijackThis. What is it and where can I get it?

  7. #7
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10

    Re: BearShare has encountered a problem...

    Quote Originally Posted by MoreBandwidthPls
    Tick off the following in HijackThis (found at C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\CNNRAKTX\HijackThis.exe on your PC
    It is where you downloaded and ran BearDiag on your computer.

    Later versions of BearShare may have the Zango spyware which may be getting blocked on your computer. Consider using the older beta version at Recommended BearShare downloads in combination with BearStart.
    Dear Santa, please send more bandwidth. Same request as last year...

  8. #8
    Join Date
    Aug 2006
    Posts
    6
    Rep Power
    0

    Re: BearShare has encountered a problem...

    Alrighty, I ran HiJack this and fixed recommended problems except:

    9FD3E257 = C:\WINDOWS\System32\kifyypiz.exe reeks of an infection. If Symantec won't remove it with all the latest updates installed, uninstall Symantec and use AVG to find and zap it instead. Download it from here: AVG (free)

    Niether symantec or AVG found it. Is there a way to take it down manually?

    Problem remains. If there is a way to fix this without running a beta I'd like to find it.

    Code:
    BEARDIAG: Bearcare for BearShare.
    Details collected on 2006/08/19 12:59:37, BEARDIAG Version 01.99.6.0 beta, expires 2006/12/16 (119 days), running from C:\Documents and Settings\Family\Desktop\Gareth\BearDiag.exe
    System Hardware Information
    CPU Type is: AMD Athlon(tm) XP 2800+, CPU speed is approx: 2088Mhz, System BIOS date is: 2003/08/08
    OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: YOUR-IVC7XRN4YF
    Browser name: C:\Program Files\Internet Explorer\iexplore.exe, version: 6.0.2900.2180, Admin user? YES
    System Memory Parameters:  Memory in use:  69%
    Total Physical RAM:  447.5Mb Available Physical RAM:  135.0Mb
    Total Pagefile:     1.0Gb Available Pagefile:   808.8Mb
    Internet IP Address 65.54.xxx.xxx IP Address 4.178.xxx.xxx  You are behind a NAT firewall and/or router.
    File Locations
    Program files are at: C:\Program Files, System Temporary files are at: C:\DOCUME~1\Family\LOCALS~1\Temp, Common desktop is at:C:\Documents and Settings\All Users\Desktop
    BearShare version installed is: 5.2.5.3, Gnutella servent BearShare full path is: C:\Program Files\BearShare\
    Temporary downloads at: C:\Program Files\BearShare\Temp\, Completed downloads at: C:\Documents and Settings\Family\Desktop\Gareth\Bear\New\
    Disk statistics
    Drive C: Total space: 111.79Gb Free: 105.17Gb Full: 5.9% Vol type: NTFS
    Folder Statistics
    Temporary downloads folder:  Space used: 31.9Mb,  File count: 44,  Write access allowed? YES
    Completed downloads folder:  Space used: 0,  File count: 0,  Write access allowed? YES
    BearShare library file 'library.db' size is 268.0Kb, '/db' library folder size is 12.7Mb, console log size is 1.4Kb
    FreePeers.ini settings
    The freepeers.ini file is found at C:\Program Files\BearShare\FreePeers.ini. The extracted settings are as follows:
    ProductLogic
    Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc
    Network
    0 : connectionType; Network connection type
    (0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values)
    6346 : listenPort; TCP/IP port number to listen on
    Hosts
    Yes : bNeverBecomeUltrapeer; Disable UltraPeer mode
    Authentication
    No bAuthenticateHosts; Authenticate host connections
    No bAuthenticateDownloads; Authenticate search results and downloads
    GBandwidthLogic
    Yes : bSymmetric; Is Internet connection symmetric
    56 : totalKbps; Maximum bandwidth for symmetric connections
    56 : sendKbps; Maximum outbound bandwidth for asymmetric connections
    56 : recvKbps; Maximum inbound bandwidth for asymmetric connections
    No : bMaxHostsKbps; Limit host bandwidth
    0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts
    No : bMaxUploadsKbps; Limit upload bandwidth
    0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads
    No : bMaxDownloadsKbps; Limit download bandwidth
    0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads
    HostLogic
    No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?
    FirewallLogic
    Yes : bTcpNFW; yes if TCP is not firewalled
    Yes : bUdpNFW; yes if UDP is not firewalled
    6346 : UDP Port; UDP port
    Downloads
    C:\Documents and Settings\Family\Desktop\Gareth\Bear\New : szDownloadsDir; Directory where completed and hashed downloads are moved to
    C:\Program Files\BearShare\Temp : szTempDir; Directory where partial downloads are kept
    1 : dlMaxFiles; Maximum files to download at once
    4 : dlMaxStreams; Maximum connections total
    4 : dlMaxStreamsFile; Maximum connections per file
    No : bDelCompletedDownloads;  ; Automatically remove completed downloads
    Yes : bEnableSparseFiles; Enable Sparse files for temporary files
    No : bDisablePushSources; Never send Push messages
    No : bDisablePushProxySources; Never send Push Proxy requests
    Uploads
    1 : maxTotUploads; Maximum files to upload at once
    0 : lastSendBpsMaxAvg; last session average outgoing bandwidth
    
    LSPFix.exe: 186880 bytes transferred over 64.47 seconds. Download speed is 23Kbps.
    Code:
    StartupList report, 8/19/2006, 12:59:47 PM
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Family\Desktop\Gareth\StartupList.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\eM\Bay Reader\Shwicon2k.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\WINDOWS\system32\hpoipm07.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\MSN\MSNIA\msniasvc.exe
    C:\WINDOWS\system32\slrundll.exe
    C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Family\Desktop\Gareth\BearDiag.exe
    C:\Documents and Settings\Family\Desktop\Gareth\StartupList.exe
    --------------------------------------------------
    Listing of startup folders:
    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    CHotkey = mHotkey.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    showicon2k = C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
    REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    --------------------------------------------------
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ss3dfo.scr
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------
    
    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
    (no name) - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    Symantec NetDetect.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [VerifyGMN Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\hpobjinstaller_gmn.dll
    CODEBASE = http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    [QDiagHUpdateObj Class]
    InProcServer32 = C:\WINDOWS\system32\qdiagh.ocx
    CODEBASE = http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    --------------------------------------------------
    End of report, 5,418 bytes
    Report generated in 0.047 seconds
    Command line options:
       /verbose  - to add additional info on each section
       /complete - to include empty sections and unsuspicious data
       /full     - to include several rarely-important sections
       /force9x  - to include Win9x-only startups even if running on WinNT
       /forcent  - to include WinNT-only startups even if running on Win9x
       /forceall - to include all Win9x and WinNT startups, regardless of platform
       /history  - to list version history only
    Code:
    Current task list information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/19 12:59:42
     PID  Process Name            File Version  Pk Mem Usg. Command line that invoked task
        0 System Idle Process          0.0.0.0         0Mb  ><
        4 System                       0.0.0.0      3.25Mb  ><
      520 smss.exe               5.1.2600.2180      0.45Mb  >\SystemRoot\System32\smss.exe<
      584 csrss.exe                    0.0.0.0       4.5Mb  ><
      608 winlogon.exe           5.1.2600.2180     13.27Mb  >winlogon.exe<
      652 services.exe           5.1.2600.2180      4.14Mb  >C:\WINDOWS\system32\services.exe<
      664 lsass.exe              5.1.2600.2180      6.45Mb  >C:\WINDOWS\system32\lsass.exe<
      816 svchost.exe            5.1.2600.2180      4.64Mb  >C:\WINDOWS\system32\svchost -k DcomLaunch<
      884 svchost.exe                  0.0.0.0      4.17Mb  ><
      920 svchost.exe            5.1.2600.2180     28.33Mb  >C:\WINDOWS\System32\svchost.exe -k netsvcs<
      972 svchost.exe                  0.0.0.0       3.2Mb  ><
     1040 svchost.exe                  0.0.0.0      4.17Mb  ><
     1284 explorer.exe           6.0.2900.2180     23.06Mb  >C:\WINDOWS\Explorer.EXE<
     1380 spoolsv.exe            5.1.2600.2696      5.04Mb  >C:\WINDOWS\system32\spoolsv.exe<
     1480 AluSchedulerSvc.exe        3.0.0.166      2.27Mb  >"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"<
     1516 CCEVTMGR.EXE                 1.0.3.4      4.66Mb  >"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"<
     1560 LxrJD31s.exe                 0.0.0.0       0.9Mb  >LxrJD31s.exe<
     1592 NAVAPSVC.EXE              9.0.5.1015     17.44Mb  >"C:\Program Files\Norton AntiVirus\navapsvc.exe"<
     1612 nvsvc32.exe             6.14.10.4403      3.13Mb  >C:\WINDOWS\System32\nvsvc32.exe<
     1712 slserv.exe                   1.0.0.1      0.98Mb  >slserv.exe<
     1744 svchost.exe            5.1.2600.2180      3.87Mb  >C:\WINDOWS\System32\svchost.exe -k imgsvc<
     1828 SymWSC.exe               2005.1.2.20      6.59Mb  >"C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"<
      264 ccApp.exe                   1.0.10.6      9.09Mb  >"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" <
      304 mHotkey.exe                  2.2.2.0      7.26Mb  >"C:\WINDOWS\mHotkey.exe" <
      376 shwicon2k.exe                1.0.0.5      2.71Mb  >"C:\Program Files\eM\Bay Reader\Shwicon2k.exe" <
      540 HPOstr05.exe                 2.0.0.0      7.82Mb  >"C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe" <
      588 alg.exe                      0.0.0.0      3.33Mb  ><
     1204 hpovdx05.exe                1.4.23.0      8.35Mb  >"C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE" /H /P0<
     2092 hpoipm07.exe               4.5.0.767      1.58Mb  >hpoipm07.exe<
     2544 wuauclt.exe               5.8.0.2469     11.94Mb  >"C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[398]SUSDSa76f0f2ad5d44642a33511345f060a3f<
     2972 msn.exe                 9.20.29.3000      43.5Mb  >"C:\Program Files\MSN\MSNCoreFiles\msn.exe" <
     3000 msniasvc.exe               1.2.751.0      5.27Mb  >"C:\Program Files\MSN\MSNIA\msniasvc.exe" -Embedding<
     3132 slrundll.exe                3.80.1.0      3.93Mb  >slrundll.exe SLGen.dll,SLRunServ SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000<
     3320 ClientSideProxy.exe        2.5.317.2     15.27Mb  >"C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe"<
     3496 msnmsgr.exe                7.5.324.0     14.23Mb  >"C:\Program Files\MSN Messenger\msnmsgr.exe" -Embedding<
     3836 wmplayer.exe              9.0.0.3250      16.3Mb  >"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /SHELLHLP_V9 Play /DataObject:NEFEPEHFBAAAAAAAOABAAAAAAAAAAAAAAMAAAAAAAAAAAAGEAAAAAAAAFAAAAAAAHACIACKKJHFMDOKMCCHNBAEOALDELJOMEAILAAAAEAFAAPOAHJIGPPMGOMOIDABNAAAAAAAA<
     2348 msmsgs.exe                4.7.0.3001      4.48Mb  >"C:\Program Files\Messenger\msmsgs.exe" -Embedding<
      128 BearDiag.exe                1.99.6.0       8.5Mb  >"C:\Documents and Settings\Family\Desktop\Gareth\BearDiag.exe" <
     2172 wmiprvse.exe                 0.0.0.0      5.31Mb  ><
    
    BearShare library folder information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/19 13:01:11
     Volume in drive C has no label.
     Volume Serial Number is C8DC-65E8
     Directory of C:\Program Files\BearShare\db
    08/14/2006  12:49 PM    <DIR>          .
    08/14/2006  12:49 PM    <DIR>          ..
    08/07/2006  06:10 PM         1,361,560 BearShareHostiles.zip
    08/01/2006  04:25 PM             3,103 config.bin
    08/17/2006  11:16 AM           114,548 connect.txt
    08/11/2006  08:28 PM            15,373 gnucache.dat
    08/04/2006  11:54 AM             1,483 gwebcache.dat
    08/11/2006  08:28 PM            15,374 hbcache.dat
    05/19/2004  10:09 PM             1,846 Hostiles.old
    04/30/2006  08:37 PM        10,384,336 Hostiles.txt
    08/04/2006  11:54 AM                 0 Hostiles-Chat.txt
    08/13/2006  07:23 PM           274,432 library.2.db
    08/13/2006  07:23 PM           273,408 library.2.db.lastgoodload.bak
    08/13/2006  07:23 PM            12,404 library.2.db-journal.bak
    03/01/2006  12:42 PM             7,453 library.dat
    08/13/2006  07:23 PM           274,432 library.db
    08/13/2006  07:23 PM           273,408 library.db.lastgoodload.bak
    08/13/2006  07:23 PM           274,432 library.db.sync
    08/13/2006  07:23 PM            12,404 library.db-journal.bak
    08/17/2006  11:19 AM                19 searches.ini
                  18 File(s)     13,300,015 bytes
                   2 Dir(s)  112,923,361,280 bytes free
    Code:
    Firewall information for YOUR-IVC7XRN4YF, running WIN_XP, Service Pack 2, build 2600
    Details collected on 2006/08/19 13:01:15
    Default gateway is 4.178.xxx.xxx
    
    Domain profile configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    Allowed programs configuration for Domain profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   MSN Messenger 7.5 / C:\Program Files\MSN Messenger\msnmsgr.exe
    Standard profile configuration (current):
    -------------------------------------------------------------------
    Operational mode                  = Disable
    Exception mode                    = Enable
    Multicast/broadcast response mode = Enable
    Notification mode                 = Enable
    Allowed programs configuration for Standard profile:
    Mode     Name / Program
    -------------------------------------------------------------------
    Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
    Enable   MSN Messenger 7.5 / C:\Program Files\MSN Messenger\msnmsgr.exe
    Enable   P2P Networking / C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
    Enable   Kazaa / C:\Program Files\Kazaa\kazaa.exe
    Enable   BearShare / C:\Program Files\BearShare\BearShare.exe
    Log configuration:
    -------------------------------------------------------------------
    File location   = C:\WINDOWS\pfirewall.log
    Max file size   = 4096 KB
    Dropped packets = Disable
    Connections     = Disable
    Local Area Connection firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    MSN Explorer firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    MSN firewall configuration:
    -------------------------------------------------------------------
    Operational mode                  = Enable
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 12:59:49 PM, on 8/19/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LxrJD31s.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\eM\Bay Reader\Shwicon2k.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
    C:\WINDOWS\system32\hpoipm07.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\MSN\MSNIA\msniasvc.exe
    C:\WINDOWS\system32\slrundll.exe
    C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Family\Desktop\Gareth\BearDiag.exe
    C:\Documents and Settings\Family\Desktop\Gareth\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
    O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm
    O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8553EFF6-FA52-4317-B594-A90A76622CF5}: NameServer = 209.244.0.3 209.244.0.4
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    
    .

  9. #9
    Join Date
    Aug 2006
    Posts
    6
    Rep Power
    0

    Re: BearShare has encountered a problem...

    And I disabled the programs that were recommended on Windows Firewall.

  10. #10
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10

    Re: BearShare has encountered a problem...

    kifyypiz.exe appears to be gone now. Good.

    Delete the 8 files beginning with library in the folder C:\Program Files\BearShare\db\. BearShare will rebuild them the next time it is run.

    Did you check the NameServers 209.244.0.3 & 209.244.0.4 with your ISP support area if they should be there?

    I vaguely recall discussion quite a while back by the BearShare developers about it not working with proxies. Others may be able to chip in and make suggestions here on this topic.
    Dear Santa, please send more bandwidth. Same request as last year...

  11. #11
    Join Date
    Aug 2006
    Posts
    6
    Rep Power
    0

    Re: BearShare has encountered a problem...

    Holy crap you did it! Deleteing those files seem to have fixed the problem. What was wrong?

  12. #12
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10

    Re: BearShare has encountered a problem...

    Good news.

    Your library database files were probably corrupted when BearShare crashed earlier due to the other problems with badware, and deleting them and getting BearShare to rebuild them has allowed it to continue without problems.

    Happy BearSharing!
    Dear Santa, please send more bandwidth. Same request as last year...

Similar Threads

  1. [Resolved] Bearshare and Windows 7 {corrupt library database needs fixing}
    By Team in forum Technical Support
    Replies: 1
    Last Post: 12-19-2009, 08:53 PM
  2. Replies: 8
    Last Post: 09-27-2006, 08:43 PM
  3. Replies: 3
    Last Post: 08-02-2006, 05:16 PM
  4. Replies: 8
    Last Post: 07-14-2006, 04:42 AM
  5. Replies: 8
    Last Post: 11-05-2005, 10:15 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •