Results 1 to 21 of 21

Thread: CAJ Media browser extension error {removed malware}

  1. #1
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0

    CAJ Media browser extension error {removed malware}

    Just rebooted my PC (Windows 7), and I got a small pop-up error message telling me that a "browser extension has fired an exception". This happens whenever I browse to a new page. Here are the details of the error:



    Detailed technical information follows:
    ---
    (Inner Exception)
    Date and Time: 3/9/2011 8:58:48 PM
    Machine Name: OWNER-HP
    IP Address: fe80::f001:e3e2:57a5:e63d%12
    Current User: Owner-HP\Owner
    Application Domain: C:\Program Files (x86)\CAJ Media\Browser Enhancer\
    Assembly Codebase: file:///C:/Program Files (x86)/CAJ Media/Browser Enhancer/AddinExpress.IE.DLL
    Assembly Full Name: AddinExpress.IE, Version=6.2.373.0, Culture=neutral, PublicKeyToken=4416dd98f0861965
    Assembly Version: 6.2.373.0
    Assembly Build Date: 1/13/2011 3:12:37 PM
    Exception Source: Logic
    Exception Type: System.IO.FileLoadException
    Exception Message: Could not load file or assembly 'System.Data.SQLite, Version=1.0.65.0, Culture=neutral, PublicKeyToken=db937bc2d44ff139' or one of its dependencies. The file exists. (Exception from HRESULT: 0x80070050)
    Exception Target Site: cfe297a8208a84d08b35c22adefddcfde
    ---- Stack Trace ----
    Logic.Logic.cfe297a8208a84d08b35c22adefddcfde( As Int32, As String)
    AddinExpress.IE.DLL: N 00000 (0x0) JIT
    Logic.Logic.c7d28ce8adab792a80a84d1e3003bf48a( As Object, As String)
    AddinExpress.IE.DLL: N 0049 (0x31) IL
    AddinExpress.IE.ADXIEModule.DoDocumentComplete(pDisp As Object, url As Object&)
    AddinExpress.IE.DLL: N 0000 (0x0) IL

    (Outer Exception)
    Date and Time: 3/9/2011 8:58:48 PM
    Machine Name: OWNER-HP
    IP Address: fe80::f001:e3e2:57a5:e63d%12
    Current User: Owner-HP\Owner
    Application Domain: C:\Program Files (x86)\CAJ Media\Browser Enhancer\
    Assembly Codebase: file:///C:/Program Files (x86)/CAJ Media/Browser Enhancer/AddinExpress.IE.DLL
    Assembly Full Name: AddinExpress.IE, Version=6.2.373.0, Culture=neutral, PublicKeyToken=4416dd98f0861965
    Assembly Version: 6.2.373.0
    Assembly Build Date: 1/13/2011 3:12:37 PM
    Exception Source:
    Exception Type: AddinExpress.IE.ADXIEExternalException
    Exception Message: An error has occured in the code of the extension.
    Exception Target Site: Object reference not set to an instance of an object.
    ---- Stack Trace ----


    Easiest way to repair? Thanks!

  2. #2
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    I see your system has been 'enhanced'!!!

    Run BearDiag and post the results it produces in your reply.
    This may clearly help identify that all the problems you are experiencing are probably all related.


    Edit: After looking back at your post history, I note in each case you posted a problem a BearDiag listing was requested and was not supplied. Do you want reasonable help or not? You have to do your bit! I've deleted the suggestions I was going to make until I get this essential information! Annoyed.
    Dear Santa, please send more bandwidth. Same request as last year...

  3. #3
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    I solved my browser extension problem. I simply went into tools -> internet options -> advanced -> browsing, and unchecked the "allow third party extensions", and that solved the problem.

    I have, in fact, posted BearDiags in the past, especially as they pertained to Bearshare. But when I find a solution to my problem, there's no need to do so. Why waste your time and mine?

  4. #4
    Join Date
    Jun 2005
    Location
    Technutopia City
    Posts
    7,213
    Rep Power
    10
    Beardiag is our diagnostic tool--when anyone asks for technical assistance it's the tool we use. It's just the opposite, without the standardized information it is as waste of time and frustrating for those that try to help everyone.

    also, we like to include the 'solution' to problems so others with the same problem know how to get it resolved.

  5. #5
    Join Date
    Jul 2005
    Location
    The land of 100Mbps
    Age
    25
    Posts
    2,033
    Rep Power
    10
    Quote Originally Posted by actfray View Post
    I solved my browser extension problem. I simply went into tools -> internet options -> advanced -> browsing, and unchecked the "allow third party extensions", and that solved the problem.

    I have, in fact, posted BearDiags in the past, especially as they pertained to Bearshare. But when I find a solution to my problem, there's no need to do so. Why waste your time and mine?
    Unchecking that box will disable *all* third party extensions, not just the quirky one.

    Running a BearDiag is recommended so we can see what other badware was added to your system. The toolbar could just be the tip of the iceberg of problems. But, it is obviously up to you, we simply like fixing things before they become/cause bigger problems

  6. #6
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    I appreciate all the help I've received from everyone on this site. If I have a problem in the future that I can't resolve myself, I will gladly post a BearDiag if it will also help other folks wo may have similar issues. I just don't visit here as often as some of you, so that's why my postings are fewer and farther between.

  7. #7
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    We're glad we helped in whatever small way we could.

    Unfortunately, your computer still has the badware present - it is probably just not as evident any more.

    Masking a problem is liking using a condom with a hole in it - you get a lousy sense of satisfaction and the other party still gets pregnant.

    The other thing is you could be still assisting bad people to spread their nastyware. That is the bit that has me worried.

    Think of the kittens...

  8. #8
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    Well, I just tried to run a BearDiag (twice) to cover all my bases, and it was detected as malware by my AVG protection. It got a level 4 security threat rating and gave me the option to either "Move to vault and quarantine" or "Leave as is until later". I moved it to the vault just to be safe, but I would like to be able to run it and post here on the boards.

  9. #9
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    What version of AVG are you running? The latest pattern update is 1498/3534 at the moment. What version of BearDiag are you attempting to run? The latest version is 1.99.29.0 beta at the moment. Has your AVG been updated in the last six months or so? What does the AVG update log say - any errors?

    Please be confident that all updates to BearDiag are submitted to multiple anti-virus vendors and checked for nasties before being uploaded to the TechNutopia downloads area.

    Can you be a bit more specific as to what variety of malware AVG is reporting that BearDiag contains?
    Dear Santa, please send more bandwidth. Same request as last year...

  10. #10
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    I'm running AVG 2011. But I was able to run a BearDiag this time (not sure what happened before), so here it is:

    Code:
    BEARDIAG ISSUES - brief summary: (Extracted on 2011/03/28 13:32:34) 
    Network configuration is not set for Static IP address. DHCP Server is 10.62.144.1 
    Apple QuickTime taskbar player found - resource waster - not necessary. Use the inbuilt Microsoft program MSCONFIG to disable from the startup list
    Sun Java update scheduler found - does not need to be running constantly. Use the inbuilt Microsoft program MSCONFIG to disable from the startup list
    Java update scheduler version 2.0.2.4 was found running. Choice to check for updates was YES
    Adobe Reader Speed Launch entry present in startups - not necessary. Use the inbuilt Microsoft program MSCONFIG to disable from the startup list
    BearShare currently shows port 6346 for TCP and port 0 for UDP that need to match with your firewall/router configuration
    BearShare "UDP port" setting is 0 - this usually indicates firewall problems with UDP traffic, or that BearShare has not connected properly since installation.
    You are behind a NAT firewall and/or router. They need to be correctly configured to allow BearShare to access the Internet.
     This is a common cause of problems with BearShare - it can't communicate.
     Check your firewall allows BearShare to communicate on TCP port 6346 and UDP port 6346
     If your connection is via a router, make sure it can forward BearShare traffic to a static IP address on your computer
     Refer to the following guidelines to correctly configure your firewall and router for use:
     - https://technutopia.com/bearshare/he...alls/index.htm - the Firewall FAQ from the old archived official BearShare Help site, 
     - www.portforward.com/english/applications/port_forwarding/BearS/BearSindex.htm - the definitive guide to port forwarding and setting up a static IP address.
       (Hint: use static IP address 98.154.129.106, TCP Port 6346, and UDP port 6346).
    FixLSP.BAT was generated on the desktop and may need to be run (subject to advice) to rectify LSP chain issues.
    Network configuration is not set for Static IP address. DHCP Server is 10.62.144.1 
    More technical diagnostic troubleshooting information follows:
    Code:
    BEARDIAG: Bearcare for BearShare. The latest version is always available from technutopia.com
    Details collected on 2011/03/28 13:29:12, BEARDIAG Version 01.99.29.0 beta, expires 2011/12/30 (277 days), running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\BearDiag[1].exe
    System Information
    CPU Type is: Pentium(R) Dual-Core  CPU      E5500  @ 2.80GHz, CPU speed is approx: 2800Mhz, System BIOS date is: 2010/08/12, CPUid is: BFEBFBFF0001067A
    OS Version is: Microsoft Windows 7 Home Premium , OS Build: 7600, 64 bit, Computer Name: OWNER-HP
    Program files at C:\Program Files (x86) (7.0Gb), user temporary files at C:\Users\Owner\AppData\Local\Temp (750.0Mb), Windows temp files at C:\Windows\Temp\ (12.9Mb), 
    My Documents total 18.2Gb, common desktop 24.7Kb, user desktop 2.8Gb, application data 52.9Mb, user profile data 26.3Gb
    Browser name: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE, version: 8.0.7600.16722, Admin user? YES, Locale: 0409-English
    System Memory Parameters:  Memory in use:  42%
    Total Physical RAM:  4.0Gb Available Physical RAM:  2.3Gb
    Total Pagefile:     7.9Gb Available Pagefile:   6.0Gb
    Internet IP Address 98.154.xxx.xxx  
    Local IP Address 10.62.144.1 
    Located c:\program files (x86)\java\jre6\bin\java.exe Version: 6.0.230.5 on computer. 
    Located c:\windows\syswow64\java.exe Version: 6.0.230.5 on computer. 
    Located c:\program files (x86)\bearshare test\BearShare.exe Version: 5.1.0.25 on computer. 
    BearShare version installed is: 5.1.0.25, Gnutella servent BearShare full path is: C:\Program Files (x86)\BearShare Test\
    Temporary downloads at: C:\Program Files (x86)\BearShare Test\Temp\, Completed downloads at: C:\My Downloads\
    Disk statistics
    Drive C: Total space: 919.49Gb Free: 845.25Gb Full: 8.1% Vol type: NTFS Drive No: 984150372
    Folder Statistics
    Temporary downloads folder:  Space used: 0,  File count: 0,  Write access allowed? YES,  # of DAT files: 0, #BAK: 0, #TIGER: 0, #TMP: 0, Other: 0
    Completed downloads folder:  Space used: 0,  File count: 0,  Write access allowed? YES
    BearShare library file 'library.db' size is 58.0Kb, '/db' library folder size is 18.5Mb, console log size is 0
    FreePeers.ini settings
    The freepeers.ini file is found at C:\Program Files (x86)\BearShare Test\FreePeers.ini. The extracted settings are as follows:
    ProductLogic
    Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc
    Network
    1 : connectionType; Network connection type
    (0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values)
    6346 : listenPort; TCP/IP port number to listen on
    Hosts
    No : bNeverBecomeUltrapeer; Disable UltraPeer mode
    Authentication
    No : bAuthenticateHosts; Authenticate host connections
    No : bAuthenticateDownloads; Authenticate search results and downloads
    GBandwidthLogic
    Yes : bSymmetric; Is Internet connection symmetric
    1024 : totalKbps; Maximum bandwidth for symmetric connections
    256 : sendKbps; Maximum outbound bandwidth for asymmetric connections
    1024 : recvKbps; Maximum inbound bandwidth for asymmetric connections
    No : bMaxHostsKbps; Limit host bandwidth
    0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts
    No : bMaxUploadsKbps; Limit upload bandwidth
    0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads
    No : bMaxDownloadsKbps; Limit download bandwidth
    0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads
    Server
    Yes : Is Globally Unique Identifier valid
    0x40E0 *deleted for privacy* : 16 character Server Globally Unique Identifier
    HostLogic
    No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?
    FirewallLogic
    Yes : bTcpNFW; yes if TCP is not firewalled
    No : bUdpNFW; yes if UDP is not firewalled
    0 : UDP Port
    Downloads
    C:\My Downloads : szDownloadsDir; Directory where completed and hashed downloads are moved to
    C:\Program Files (x86)\BearShare Test\Temp : szTempDir; Directory where partial downloads are kept
    8 : dlMaxFiles; Maximum files to download at once
    20 : dlMaxStreams; Maximum connections total
    8 : dlMaxStreamsFile; Maximum connections per file
    No : bDelCompletedDownloads;  ; Automatically remove completed downloads
    Yes : bEnableSparseFiles; Enable Sparse files for temporary files
    No : bDisablePushSources; Never send Push messages
    No : bDisablePushProxySources; Never send Push Proxy requests
    Uploads
    8 : maxTotUploads; Maximum files to upload at once
    0 : lastSendBpsMaxAvg; last session average outgoing bandwidth
    Firewall testing
    Wasn't able to test ports with http://www3.limewire.com - the website is non-functional
    Anti-hostiles list
    The current Anti-Hostiles list available on the Internet is dated 16-Aug-2010
    LSPFix.exe:  bytes transferred over 3.66 seconds. Download speed is 0Kbps.
    Connect list
    The current Connect list available on the Internet is dated 06-Sep-2010
    Connect.zip on the computer is the current version
    Local IP Address 10.62.144.1
    Code:
    StartupList report, 3/28/2011, 1:30:00 PM
    StartupList version: 1.52
    Started from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\StartupList.EXE
    Detected: Unknown Windows (WinNT 6.01.3504)
    Detected: Internet Explorer v8.00 (8.00.7600.16722)
    * Using default options
    ==================================================
    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\BearDiag[1].exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\StartupList.exe
    --------------------------------------------------
    Listing of startup folders:
    Shell folders Common Startup:
    [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
    Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    PDF Complete = "C:\Program Files (x86)\PDF Complete\pdfsty.exe"
    HP Software Update = "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
    (Default) = 
    Norton Online Backup = "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
    WebrootTrayApp = "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    Lexmark 5400 Series = "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
    ISUSScheduler = "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    TaskTray = 
    QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    AVG_TRAY = "C:\Program Files (x86)\AVG\AVG10\avgtray.exe"
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HPAdvisorDock = "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe"
    IE New Window Maximizer = "C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe"
    ISUSPM Startup = "C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    [OptionalComponents]
     = 
    --------------------------------------------------
    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command
    (Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*
    --------------------------------------------------
    Shell & screensaver key from C:\Windows\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------
     
    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    (no name) - C:\Program Files\Lexmark Toolbar\toolband.dll - {1017A80C-6F09-4548-A84D-EDD6AC9525F0}
    AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    WormRadar.com IESiteBlocker.NavFilter - C:\Program Files (x86)\AVG\AVG10\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    (no name) - C:\Program Files (x86)\CAJ Media\Browser Enhancer\adxloader.dll - {86ef8bd1-47f3-4322-923f-f29cdf477eb0}
    (no name) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll - {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    (no name) - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll - {A3BC75A2-1F87-4686-AA43-5347D756017C}
    (no name) - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    (no name) - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
    NetAssistantBHO - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    (no name) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    GoogleUpdateTaskMachineCore.job
    GoogleUpdateTaskMachineUA.job
    HPCeeScheduleForOwner.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [QuickTime Object]
    InProcServer32 = C:\Program Files (x86)\QuickTime\QTPlugin.ocx
    CODEBASE = http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    --------------------------------------------------
    Enumerating Winsock LSP files:
    NameSpace #1: C:\Windows\system32\NLAapi.dll
    NameSpace #4: C:\Windows\system32\napinsp.dll
    NameSpace #5: C:\Windows\system32\pnrpnsp.dll
    NameSpace #6: C:\Windows\system32\pnrpnsp.dll
    NameSpace #7: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    NameSpace #8: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    WebCheck: *Registry key not found*
    --------------------------------------------------
    End of report, 8,435 bytes
    Report generated in 0.063 seconds
    Command line options:
       /verbose  - to add additional info on each section
       /complete - to include empty sections and unsuspicious data
       /full     - to include several rarely-important sections
       /force9x  - to include Win9x-only startups even if running on WinNT
       /forcent  - to include WinNT-only startups even if running on Win9x
       /forceall - to include all Win9x and WinNT startups, regardless of platform
       /history  - to list version history only
    Code:
    Current task list information for OWNER-HP, running WIN_7, , build 7600
    Details collected on 2011/03/28 13:29:43
     PID  Process Name            File Version  Pk Mem Usg. Command line that invoked task
        0 System Idle Process          0.0.0.0         0Mb  ><
        4 System                       0.0.0.0      0.13Mb  ><
      268 smss.exe                     0.0.0.0         0Mb  >\SystemRoot\System32\smss.exe<
      368 avgchsva.exe             10.0.0.1185      0.03Mb  >C:\PROGRA~2\AVG\AVG10\avgchsva.exe /boot<
      568 csrss.exe             6.1.7600.16385         0Mb  >%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16<
      636 wininit.exe           6.1.7600.16385         0Mb  >wininit.exe<
      648 csrss.exe             6.1.7600.16385      0.03Mb  >%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16<
      684 services.exe          6.1.7600.16385      0.01Mb  >C:\Windows\system32\services.exe<
      708 lsass.exe             6.1.7600.16385      0.01Mb  >C:\Windows\system32\lsass.exe<
      716 lsm.exe               6.1.7600.16385         0Mb  >C:\Windows\system32\lsm.exe<
      764 winlogon.exe          6.1.7600.16447      0.01Mb  >winlogon.exe<
      864 svchost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\system32\svchost.exe -k DcomLaunch<
      924 WRConsumerService.ex       7.0.5.229      0.02Mb  >"C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe"<
      956 svchost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\system32\svchost.exe -k RPCSS<
     1016 svchost.exe           6.1.7600.16385      0.02Mb  >C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted<
      536 svchost.exe           6.1.7600.16385      0.13Mb  >C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted<
      624 svchost.exe           6.1.7600.16385      0.09Mb  >C:\Windows\system32\svchost.exe -k netsvcs<
     1100 svchost.exe           6.1.7600.16385      0.02Mb  >C:\Windows\system32\svchost.exe -k LocalService<
     1212 svchost.exe           6.1.7600.16385      0.02Mb  >C:\Windows\system32\svchost.exe -k NetworkService<
     1376 spoolsv.exe           6.1.7600.16661      0.02Mb  >C:\Windows\System32\spoolsv.exe<
     1412 svchost.exe           6.1.7600.16385      0.06Mb  >C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork<
     1592 svchost.exe           6.1.7600.16385      0.02Mb  >C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation<
     1636 svchost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\SysWOW64\svchost.exe -k Akamai<
     1668 avgwdsvc.exe             10.0.0.1160      0.02Mb  >"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"<
     1712 CinemaNowSvc.exe             1.9.2.0      0.03Mb  >"C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe"<
     1764 HPDrvMntSvc.exe             4.0.76.1      0.03Mb  >"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"<
     1800 LSSrvc.exe                 1.18.15.1         0Mb  >"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"<
     1844 lxctcoms.exe             99.99.99.99      0.01Mb  >C:\Windows\system32\lxctcoms.exe -service<
     1876 NOBuAgent.exe            2.1.17869.0      0.01Mb  >"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE<
     2016 avgnsa.exe               10.0.0.1201      0.02Mb  >"C:\Program Files (x86)\AVG\AVG10\avgnsa.exe"<
     2224 pdfsvc.exe              3.5.111.2001      0.01Mb  >"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService<
     2280 taskhost.exe          6.1.7600.16385      0.01Mb  >"taskhost.exe"<
     2360 dwm.exe               6.1.7600.16385      0.05Mb  >"C:\Windows\system32\Dwm.exe"<
     2528 explorer.exe          6.1.7600.16450      0.07Mb  >C:\Windows\Explorer.EXE<
     2724 sftvsa.exe               4.6.0.10191         0Mb  >"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"<
     2748 svchost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\system32\svchost.exe -k imgsvc<
     3000 AEI.exe                     7.0.5.50       0.1Mb  >"C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe"<
     3060 WLIDSVC.EXE             7.250.4225.0      0.01Mb  >"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"<
     2576 YahooAUService.exe          1.0.0.53      0.01Mb  >"C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"<
     2516 hpsysdrv.exe                2.10.0.0         0Mb  >"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe" <
     3024 WLIDSVCM.EXE            7.250.4225.0         0Mb  >WLIDSvcM.exe 3060<
      584 hkcmd.exe               7.15.10.2119      0.01Mb  >"C:\Windows\System32\hkcmd.exe" <
      420 igfxpers.exe            7.15.10.2119      0.01Mb  >"C:\Windows\System32\igfxpers.exe" <
     3104 SmartMenu.exe               3.1.1.12      0.02Mb  >"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background<
     3228 sftlist.exe              4.6.0.10191      0.02Mb  >"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"<
     3236 lxctmon.exe                 0.1.25.0      0.03Mb  >"C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe" <
     3248 ezprint.exe                 3.15.0.0      0.03Mb  >"C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe" <
     3336 iemaximizer.exe              2.4.0.1      0.01Mb  >"C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe" <
     3356 GoogleToolbarNotifie    4.1.509.1944      0.03Mb  >"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <
     3836 hpwuschd2.exe               80.1.0.0         0Mb  >"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe" <
     3868 WRTray.exe                 7.0.5.229      0.01Mb  >"C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" <
     3920 issch.exe              3.10.100.1155         0Mb  >"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start<
     2956 jusched.exe                  2.0.2.4      0.01Mb  >"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <
     1812 avgtray.exe              10.0.0.1201      0.04Mb  >"C:\Program Files (x86)\AVG\AVG10\avgtray.exe" <
     3584 AVGIDSAgent.exe           10.0.0.367      0.03Mb  >"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"<
     2236 HPAdvisor.exe         3.4.10262.3295      0.14Mb  >"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=SYSTRAY<
     2820 AVGIDSMonitor.exe         10.0.0.367      0.03Mb  >"C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe"<
     3100 conhost.exe           6.1.7600.16385         0Mb  >\??\C:\Windows\system32\conhost.exe<
     4220 CVHSVC.EXE            14.0.4750.1000      0.01Mb  >"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"<
     4916 SSU.exe                     7.0.5.50      0.02Mb  >"C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE" 2715385856<
     3176 SearchIndexer.exe     7.0.7600.16385      0.03Mb  >C:\Windows\system32\SearchIndexer.exe /Embedding<
      892 svchost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted<
     4968 wmpnetwk.exe         12.0.7600.16385      0.03Mb  >"C:\Program Files\Windows Media Player\wmpnetwk.exe"<
     5172 WUDFHost.exe          6.1.7600.16385      0.01Mb  >"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f1a9d42e-53f0-4f0d-bae7-d68f893f71f1 -SystemEventPortName:HostProcess-e39aa52d-4130-4c1a-a5c8-92033cd2f3a7 -IoCancelEventPortName:HostProcess-7e9784d0-47f2-4fd1-9068-8aeceec97963 -NonStateChangingEventPortName:HostProcess-573c469c-0a6a-4bbd-a80c-fb9f4236fcd2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:fd09eb99-eca4-4ea1-b12a-f73cac428619<
     1444 svchost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\System32\svchost.exe -k LocalServicePeerNet<
     5608 iemaximizer.exe              2.4.0.1      0.01Mb  >"C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe" <
     5488 dllhost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}<
     5048 avgrsa.exe               10.0.0.1185         0Mb  ><
      984 avgcsrva.exe             10.0.0.1160      0.09Mb  >C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe /pipeName=507b9e5f-0d7a-4a33-a99c-1e112e43ac40 /coreSdkOptions=30 /logConfFile="C:\ProgramData\AVG10\temp\93e36248-16c0-4a32-b89f-b474da264827-13b8-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG10\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg10" /tempPath="C:\ProgramData\AVG10\temp\"<
     1260 taskhost.exe          6.1.7600.16385      0.01Mb  >"taskhost.exe"<
     5244 FlashUtil10m_ActiveX     10.2.152.26      0.01Mb  >C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe -Embedding<
     3192 wmplayer.exe         12.0.7600.16667      0.08Mb  >"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1<
     5280 iexplore.exe          8.0.7600.16722      0.04Mb  >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" <
     5000 iexplore.exe          8.0.7600.16722      0.21Mb  >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:5280 CREDAT:6407<
     4788 audiodg.exe                  0.0.0.0      0.02Mb  ><
     3520 iexplore.exe          8.0.7600.16722      0.04Mb  >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:5280 CREDAT:203013<
     4428 svchost.exe           6.1.7600.16385      0.01Mb  >C:\Windows\system32\svchost.exe -k SDRSVC<
     4932 iexplore.exe          8.0.7600.16722      0.03Mb  >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:5280 CREDAT:203014<
     5684 BearDiag[1].exe            1.99.29.0      0.02Mb  >"C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\BearDiag[1].exe" <
     6084 GoogleUpdaterService   2.4.1441.4352         0Mb  >"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"<
     2180 WmiPrvSE.exe          6.1.7600.16385      0.01Mb  >C:\Windows\system32\wbem\wmiprvse.exe<
     
    BearShare library folder information for OWNER-HP, running WIN_7, , build 7600
    Details collected on 2011/03/28 13:32:34
     Volume in drive C is OS
     Volume Serial Number is 3AA8-F164
     Directory of C:\Program Files (x86)\BearShare Test\db
    02/23/2011  10:19 PM    <DIR>          .
    02/23/2011  10:19 PM    <DIR>          ..
    07/01/2005  04:23 PM         1,866,262 BearShareHostiles.zip
    07/02/2005  02:36 PM           158,148 connect.txt
    07/01/2005  04:23 PM            34,429 connect.zip
    01/29/2011  11:18 PM               351 gwebcache.dat
    08/15/2010  10:53 PM        17,138,300 hostiles.txt
    02/23/2011  10:16 PM                 0 Hostiles-Chat.txt
    07/01/2005  03:59 PM            59,392 library.2.db
    07/01/2005  03:59 PM            59,392 library.2.db.lastgoodload.bak
    07/01/2005  03:59 PM            59,392 library.db
    07/01/2005  03:59 PM            59,392 library.db.lastgoodload.bak
    02/23/2011  10:16 PM                19 searches.ini
                  11 File(s)     19,435,077 bytes
                   2 Dir(s)  907,602,477,056 bytes free
    Code:
    Firewall information for OWNER-HP, running WIN_7, , build 7600
    Details collected on 2011/03/28 13:32:34
    IP Address is      98.154.xxx.xxx 
    Subnet mask is     255.255.240.0
    Default gateway is 98.154.xxx.xxx  
    DHCP is enabled.
    Valid Firewall exception for program C:\Program Files (x86)\BearShare Test\BearShare.exe found
     
    Allowed programs configuration for Domain profile:
    Mode     Traffic direction    Name / Program
    -------------------------------------------------------------------
    Enable   Inbound              BearShare / C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    Allowed programs configuration for Standard profile:
    Mode     Traffic direction    Name / Program
    -------------------------------------------------------------------
    Enable   Inbound              Personal E-mail Scanner / C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    Enable   Inbound              AVG Installer / C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    Enable   Inbound              Online Shield / C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    Enable   Inbound              BearShare / C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
    Enable   Inbound              BearShare Music / C:\program files (x86)\bearshare music\bearshare music.exe
    Enable   Inbound              Google Earth / C:\program files (x86)\google\google earth\client\googleearth.exe
    Enable   Inbound              BearShare / C:\program files (x86)\bearshare test\bearshare.exe
    Enable   Inbound              All In One Center / C:\Program Files (x86)\Lexmark 5400 Series\LXCTaiox.exe
    Enable   Inbound              Device Monitor / C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    Enable   Inbound              Printer Status Window / C:\Windows\System32\spool\drivers\x64\3\lxctpswx.exe
    Enable   Inbound              Lexmark Communications System / C:\Windows\System32\lxctcoms.exe
    Enable   Inbound              BearShare / C:\program files (x86)\bearshare test\bearshare.exe
    IMPORTANT: Command executed successfully.
    However, "netsh firewall" is deprecated;
    use "netsh advfirewall firewall" instead.
    For more information on using "netsh advfirewall firewall" commands
    instead of "netsh firewall", see KB article 947709
    at http://go.microsoft.com/fwlink/?linkid=121488 .
     
    uPnP devices
    2 devices found
    Manufacturer: Microsoft Corporation
    Model: Windows Media Player, Model Number: 12
    Model URL: http://go.microsoft.com/fwlink/?LinkId=105927
    Manufacturer URL: http://www.microsoft.com/
    Presentation URL: 0
    Manufacturer: Microsoft Corporation
    Model: Windows Media Player Sharing, Model Number: 12.0
    Model URL: http://go.microsoft.com/fwlink/?LinkId=105926
    Manufacturer URL: http://www.microsoft.com/
    Presentation URL: 0
    Important listing 'hijackthis.log' could not be found - details not available. Please re-run from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\HijackThis2.exe to generate and paste in your reply in the forum.


    I can see some programs need to be disabled from my start-up. But I'd still like to solve the .NETFramework window that keeps popping up.

    Thanks again for all your help!

  11. #11
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    Important listing 'hijackthis.log' could not be found - details not available. Please re-run from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\HijackThis2.exe to generate and paste in your reply in the forum.
    Dear Santa, please send more bandwidth. Same request as last year...

  12. #12
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    Not sure how to do this.

  13. #13
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    Use <CTRL> R and run the program from your browser cache (this is evidence that you have risky Internet habits) C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\HijackThis2.exe

    Press the first button down (do a scan and save the logfile), wait a few minutes for the analysis to be performed, and then copy the full contents of the resulting notepad screen in your reply.
    Dear Santa, please send more bandwidth. Same request as last year...

  14. #14
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    Okay, if I did this correctly, here are the results:


    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 4:10:48 PM, on 4/3/2011
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16722)
    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSL7QITO\C__Users_Owner_AppData_Local_Microsoft_Windows_Temporary_Internet_Files_Content.IE5_YIV0NZ79_HijackThis2[1].exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youcansearch.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: Browser Enhancer - {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - C:\Program Files (x86)\CAJ Media\Browser Enhancer\adxloader.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files (x86)\PDF Complete\pdfsty.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Norton Online Backup] "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
    O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe" -update activex
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix: 
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs:   
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxct_device -   - C:\Windows\system32\lxctcoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE (file missing)
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    Last edited by iissmart; 04-06-2011 at 02:26 AM. Reason: Added code tags

  15. #15
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    Wild Tangent has been known to act as spyware. Do you need it running?

    Freeze.com NetAssistant is not on my list of goodware.

    CAJ media browser assistant is also suspect, especially as the web site registration details appear to be forged, and the problem appears to be related to writing to a database (why would a browser enhancer be writing to a database - extremely suspicious activity). Your Internet Explorer start page is pointing to youcansearch . com which may be a base for further exploits. This is most likely the initial cause of your problem in this thread. Even though you have disabled it from the browser enhancers in your browser, it still is there, waiting to pounce again. You need to uninstall it, remove it, entirely nuke it!

    Check you have the latest version of Flash installed. Same for Acrobat Reader, Java, and QuickTime. These are common avenues for compromise as the older versions have known malware exploits. Check Webroot Security and your Lexmark drivers are also current.

    New Window Maximiser is possibly obsolete with the later browser versions. Do you need it running? (Hint: Open a new window to maximum size and hold down the shift button as you close it to change the default action settings for further new windows)

    There is evidence of a previous Trojan infection. Maybe a sweep by Malwarebytes for a second opinion may be in order?

    After you have addressed these issues, maybe post a further new (full) BearDiag listing to confirm all is well.
    Dear Santa, please send more bandwidth. Same request as last year...

  16. #16
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    I can't find "youcanstart.com" or CAJ media browser assistant in either my start-up menu or program removal menu. How do I locate these so I can nuke 'em for good?

    I did remove the Wild Tangent and Freeze.com programs.

    Thank you.

  17. #17
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    Can you attach a MSINFO32 report as shown in https://technutopia.com/forum/showthread.php?t=5909
    Dear Santa, please send more bandwidth. Same request as last year...

  18. #18
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    OK, let's see if this worked.
    Attached Files Attached Files

  19. #19
    Join Date
    Jun 2005
    Posts
    7,486
    Rep Power
    10
    Did MalwareBytes report anything suspicious?

    Is the .NET message still popping up?

    Is 'IE New Window Maximizer' showing in add/remove programs? I strongly suggest you uninstall it.

    Run HiJackThis again (from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIV0NZ79\HijackThis2.exe) and select the second button (do a system scan only)

    Select the following entries (tick the box next to these)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http ://www. youcansearch. com
    R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)
    O2 - BHO: Browser Enhancer - {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - C:\Program Files (x86)\CAJ Media\Browser Enhancer\adxloader.dll
    O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe"
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    Note: If the entries do not appear, it is possibly that they have already been cleared up.
    Press the 'Fix Checked' button to remove the entries.
    Exit HiJackThis.

    Shut down your computer normally and restart. Do not skip this step.

    Delete the folders:
    C:\Program Files (x86)\Freeze.com\
    C:\Program Files (x86)\CAJ Media\
    C:\Program Files (x86)\IE New Window Maximizer\
    C:\Program Files (x86)\WildTangent Games\
    Advise if any files cannot be removed.

    Shut down your computer normally and restart again. Check that none of the folders you just deleted have re-appeared. Advise the results of your check.

    Do a fresh BearDiag and post the results.

    (Unrelated comment from analysis of the MSINFO32 listing: I see you had problems with the Lexmark Printer drivers. I see you also have Brother Multifunction device drivers installed - any clashes? Was the many errors recently reported related to a faulty DVD drive, or a faulty disc?)
    Dear Santa, please send more bandwidth. Same request as last year...

  20. #20
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    Did MalwareBytes report anything suspicious?
    No.

    Is the .NET message still popping up?
    Yes.

    Is 'IE New Window Maximizer' showing in add/remove programs? I strongly suggest you uninstall it.
    This was uninstalled a few weeks ago.

    All unwanted folders have been deleted as well as specified entries from HiJack This.

    Holding down the 'shift' key when I minimized a page did not fix the problem of a page automatically maximizing. I have also gone to IE, clicked on 'properties', and applied the 'maximization' selection. This did not fix the problem either.

    Here is my latest BearDiag:


    Code:
    BEARDIAG ISSUES - brief summary: (Extracted on 2011/04/17 16:23:25) 
    Network configuration is not set for Static IP address. DHCP Server is 10.62.144.1 
    Apple QuickTime taskbar player found - resource waster - not necessary. Use the inbuilt Microsoft program MSCONFIG to disable from the startup list
    Adobe Reader Speed Launch entry present in startups - not necessary. Use the inbuilt Microsoft program MSCONFIG to disable from the startup list
    BearShare installation unable to be verified. Information extracted so far by BearDiag will be reported
    More technical diagnostic troubleshooting information follows:
    Code:
    BEARDIAG: Bearcare for BearShare. The latest version is always available from technutopia.com
    Details collected on 2011/04/17 16:19:15, BEARDIAG Version 01.99.29.0 beta, expires 2011/12/30 (257 days), running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL9FNMY9\BearDiag[1].exe
    System Information
    CPU Type is: Pentium(R) Dual-Core  CPU      E5500  @ 2.80GHz, CPU speed is approx: 2800Mhz, System BIOS date is: 2010/08/12, CPUid is: BFEBFBFF0001067A
    OS Version is: Microsoft Windows 7 Home Premium , OS Build: 7600, 64 bit, Computer Name: OWNER-HP
    Program files at C:\Program Files (x86) (7.0Gb), user temporary files at C:\Users\Owner\AppData\Local\Temp (757.3Mb), Windows temp files at C:\Windows\Temp\ (22.5Mb), 
    My Documents total 18.3Gb, common desktop 20.9Kb, user desktop 1.8Gb, application data 53.6Mb, user profile data 25.8Gb
    Browser name: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE, version: 8.0.7600.16766, Admin user? YES, Locale: 0409-English
    System Memory Parameters:  Memory in use:  39%
    Total Physical RAM:  4.0Gb Available Physical RAM:  2.4Gb
    Total Pagefile:     7.9Gb Available Pagefile:   6.3Gb
    Internet IP Address 98.154.xxx.xxx  
    Local IP Address 10.62.144.1 
    Located c:\program files (x86)\java\jre6\bin\java.exe Version: 6.0.240.7 on computer. 
    Located c:\windows\syswow64\java.exe Version: 6.0.240.7 on computer. 
    BearShare Installation error!
    BearDiag is primarily a utility to troubleshoot BearShare problems,
    although it is often used for other problem isolation purposes.
    Couldn't find the recommended version of BearShare installed on your system.
    It may not be installed correctly, or other peer-to-peer file sharing software has overwritten important information.
    You may also be running the non-recommended version 6 or later of BearShare
     - use the beta version 5.1.0b25 with BearStart instead (see https://technutopia.com/forum/showthread.php?t=2002 for further information)
    This program will now exit
    Diagnostic code: INSTALL  Unidentified
    Code:
    StartupList report, 4/17/2011, 4:20:23 PM
    StartupList version: 1.52
    Started from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL9FNMY9\StartupList.EXE
    Detected: Unknown Windows (WinNT 6.01.3504)
    Detected: Internet Explorer v8.00 (8.00.7600.16766)
    * Using default options
    ==================================================
    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL9FNMY9\BearDiag[1].exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL9FNMY9\StartupList.exe
    --------------------------------------------------
    Listing of startup folders:
    Shell folders Common Startup:
    [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
    Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    PDF Complete = "C:\Program Files (x86)\PDF Complete\pdfsty.exe"
    HP Software Update = "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
    (Default) = 
    Norton Online Backup = "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
    WebrootTrayApp = "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    Lexmark 5400 Series = "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
    ISUSScheduler = "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    TaskTray = 
    QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    AVG_TRAY = "C:\Program Files (x86)\AVG\AVG10\avgtray.exe"
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ISUSPM Startup = "C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    [OptionalComponents]
     = 
    --------------------------------------------------
    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command
    (Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*
    --------------------------------------------------
    Shell & screensaver key from C:\Windows\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------
     
    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    (no name) - C:\Program Files\Lexmark Toolbar\toolband.dll - {1017A80C-6F09-4548-A84D-EDD6AC9525F0}
    AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    WormRadar.com IESiteBlocker.NavFilter - C:\Program Files (x86)\AVG\AVG10\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    (no name) - C:\Program Files (x86)\CAJ Media\Browser Enhancer\adxloader.dll (file missing) - {86ef8bd1-47f3-4322-923f-f29cdf477eb0}
    (no name) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll - {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    (no name) - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll - {A3BC75A2-1F87-4686-AA43-5347D756017C}
    (no name) - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    (no name) - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
    (no name) - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    GoogleUpdateTaskMachineCore.job
    GoogleUpdateTaskMachineUA.job
    HPCeeScheduleForOwner.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [QuickTime Object]
    InProcServer32 = C:\Program Files (x86)\QuickTime\QTPlugin.ocx
    CODEBASE = http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    --------------------------------------------------
    Enumerating Winsock LSP files:
    NameSpace #1: C:\Windows\system32\NLAapi.dll
    NameSpace #4: C:\Windows\system32\napinsp.dll
    NameSpace #5: C:\Windows\system32\pnrpnsp.dll
    NameSpace #6: C:\Windows\system32\pnrpnsp.dll
    NameSpace #7: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    NameSpace #8: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    WebCheck: *Registry key not found*
    --------------------------------------------------
    End of report, 7,736 bytes
    Report generated in 0.047 seconds
    Command line options:
       /verbose  - to add additional info on each section
       /complete - to include empty sections and unsuspicious data
       /full     - to include several rarely-important sections
       /force9x  - to include Win9x-only startups even if running on WinNT
       /forcent  - to include WinNT-only startups even if running on Win9x
       /forceall - to include all Win9x and WinNT startups, regardless of platform
       /history  - to list version history only
    Code:
    Current task list information for OWNER-HP, running WIN_7, , build 7600
    Details collected on 2011/04/17 16:20:08
    PID Process Name File Version Pk Mem Usg. Command line that invoked task
    0 System Idle Process 0.0.0.0 0Mb ><
    4 System 0.0.0.0 0.13Mb ><
    268 smss.exe 0.0.0.0 0Mb >\SystemRoot\System32\smss.exe<
    368 avgchsva.exe 10.0.0.1185 0.03Mb >C:\PROGRA~2\AVG\AVG10\avgchsva.exe /boot<
    424 avgrsa.exe 10.0.0.1185 0.03Mb >C:\PROGRA~2\AVG\AVG10\avgrsa.exe /restart /boot<
    568 csrss.exe 6.1.7600.16385 0Mb >%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16<
    632 wininit.exe 6.1.7600.16385 0Mb >wininit.exe<
    648 csrss.exe 6.1.7600.16385 0.04Mb >%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16<
    680 services.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\services.exe<
    696 lsass.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\lsass.exe<
    704 lsm.exe 6.1.7600.16385 0Mb >C:\Windows\system32\lsm.exe<
    812 winlogon.exe 6.1.7600.16447 0.01Mb >winlogon.exe<
    864 svchost.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\svchost.exe -k DcomLaunch<
    928 WRConsumerService.ex 7.0.8.7 0.03Mb >"C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe"<
    972 svchost.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\svchost.exe -k RPCSS<
    1020 svchost.exe 6.1.7600.16385 0.02Mb >C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted<
    576 svchost.exe 6.1.7600.16385 0.13Mb >C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted<
    600 svchost.exe 6.1.7600.16385 0.03Mb >C:\Windows\system32\svchost.exe -k netsvcs<
    544 audiodg.exe 0.0.0.0 0Mb ><
    1080 svchost.exe 6.1.7600.16385 0.02Mb >C:\Windows\system32\svchost.exe -k LocalService<
    1388 svchost.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\svchost.exe -k NetworkService<
    1560 spoolsv.exe 6.1.7600.16661 0.02Mb >C:\Windows\System32\spoolsv.exe<
    1588 svchost.exe 6.1.7600.16385 0.06Mb >C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork<
    1716 svchost.exe 6.1.7600.16385 0.02Mb >C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation<
    1748 svchost.exe 6.1.7600.16385 0.01Mb >C:\Windows\SysWOW64\svchost.exe -k Akamai<
    1768 avgwdsvc.exe 10.0.0.1160 0.02Mb >"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"<
    1792 CinemaNowSvc.exe 1.9.2.0 0.01Mb >"C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe"<
    1848 HPDrvMntSvc.exe 4.0.76.1 0Mb >"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"<
    1888 LSSrvc.exe 1.18.15.1 0Mb >"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"<
    1916 lxctcoms.exe 99.99.99.99 0.01Mb >C:\Windows\system32\lxctcoms.exe -service<
    1356 NOBuAgent.exe 2.1.17869.0 0.01Mb >"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE<
    1124 pdfsvc.exe 3.5.111.2001 0.01Mb >"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService<
    2256 sftvsa.exe 4.6.0.10191 0Mb >"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"<
    2280 svchost.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\svchost.exe -k imgsvc<
    2312 AEI.exe 7.0.8.3 0.1Mb >"C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe"<
    2564 WLIDSVC.EXE 7.250.4225.0 0.01Mb >"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"<
    2624 YahooAUService.exe 1.0.0.53 0.01Mb >"C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"<
    2692 WLIDSVCM.EXE 7.250.4225.0 0Mb >WLIDSvcM.exe 2564<
    2772 avgnsa.exe 10.0.0.1201 0.02Mb >"C:\Program Files (x86)\AVG\AVG10\avgnsa.exe"<
    3024 sftlist.exe 4.6.0.10191 0.02Mb >"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"<
    2376 taskhost.exe 6.1.7600.16385 0.01Mb >"taskhost.exe"<
    2388 taskeng.exe 6.1.7600.16699 0.01Mb >taskeng.exe {EBB8D1B6-CDF0-4043-BCC5-9C5A0333B9E4}<
    2936 dwm.exe 6.1.7600.16385 0.05Mb >"C:\Windows\system32\Dwm.exe"<
    2436 explorer.exe 6.1.7600.16450 0.05Mb >C:\Windows\Explorer.EXE<
    3100 AVGIDSAgent.exe 10.0.0.367 0.04Mb >"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"<
    3144 hpsysdrv.exe 2.10.0.0 0Mb >"C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe" <
    3160 hkcmd.exe 7.15.10.2119 0.01Mb >"C:\Windows\System32\hkcmd.exe" <
    3184 igfxpers.exe 7.15.10.2119 0.01Mb >"C:\Windows\System32\igfxpers.exe" <
    3212 SmartMenu.exe 3.1.1.12 0.02Mb >"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background<
    3264 lxctmon.exe 0.1.25.0 0.01Mb >"C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe" <
    3292 ezprint.exe 3.15.0.0 0.01Mb >"C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe" <
    3380 GoogleToolbarNotifie 4.1.509.1944 0.01Mb >"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <
    3500 hpwuschd2.exe 80.1.0.0 0Mb >"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe" <
    3564 WRTray.exe 7.0.8.7 0.01Mb >"C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" <
    3644 issch.exe 3.10.100.1155 0Mb >"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start<
    3960 avgtray.exe 10.0.0.1201 0.01Mb >"C:\Program Files (x86)\AVG\AVG10\avgtray.exe" <
    4032 AVGIDSMonitor.exe 10.0.0.367 0.01Mb >"C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe"<
    4048 conhost.exe 6.1.7600.16385 0Mb >\??\C:\Windows\system32\conhost.exe<
    4384 iexplore.exe 8.0.7600.16766 0.03Mb >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" <
    4720 CVHSVC.EXE 14.0.4750.1000 0.01Mb >"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"<
    4824 SearchIndexer.exe 7.0.7600.16385 0.02Mb >C:\Windows\system32\SearchIndexer.exe /Embedding<
    5112 WUDFHost.exe 6.1.7600.16385 0.01Mb >"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-531b40cf-302a-4243-aab5-3699d6315f20 -SystemEventPortName:HostProcess-fc56dddd-0911-4809-9e51-09ab151b3c26 -IoCancelEventPortName:HostProcess-7c3c7d8c-9a51-4b92-bbe7-e2b1403fcde9 -NonStateChangingEventPortName:HostProcess-851b5cbc-49fd-45ee-b713-bccdc5dcdbe7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:676fbd2f-5b1d-4797-b162-ff01e7a34f02<
    4536 svchost.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted<
    4672 iexplore.exe 8.0.7600.16766 0.13Mb >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4384 CREDAT:71937<
    5216 wmpnetwk.exe 12.0.7600.16385 0.03Mb >"C:\Program Files\Windows Media Player\wmpnetwk.exe"<
    5696 SearchProtocolHost.e 7.0.7600.16385 0.01Mb >"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" <
    5740 WmiPrvSE.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\wbem\wmiprvse.exe<
    5920 svchost.exe 6.1.7600.16385 0.01Mb >C:\Windows\System32\svchost.exe -k LocalServicePeerNet<
    6064 FlashUtil10o_ActiveX 10.2.153.1 0.01Mb >C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -Embedding<
    5288 SSU.exe 7.0.8.3 0.01Mb >"C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE" 3083960320<
    4920 iexplore.exe 8.0.7600.16766 0.04Mb >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4384 CREDAT:203009<
    5992 dllhost.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}<
    5212 iexplore.exe 8.0.7600.16766 0.03Mb >"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4384 CREDAT:203010<
    3412 sppsvc.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\sppsvc.exe<
    1968 WmiPrvSE.exe 6.1.7600.16385 0.01Mb >C:\Windows\system32\wbem\wmiprvse.exe<
    1308 BearDiag[1].exe 1.99.29.0 0.02Mb >"C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL9FNMY9\BearDiag[1].exe" <
    5020 SearchProtocolHost.e 7.0.7600.16385 0.01Mb >"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1668296556-39166251-2201499717-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1668296556-39166251-2201499717-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"<
    3704 SearchFilterHost.exe 7.0.7600.16385 0Mb >"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512 <
    Code:
    Firewall information for OWNER-HP, running WIN_7, , build 7600
    Details collected on 2011/04/17 16:23:25
    IP Address is      98.154.xxx.xxx 
    Subnet mask is     255.255.240.0
    Default gateway is 98.154.xxx.xxx  
    DHCP is enabled.
     
    Allowed programs configuration for Domain profile:
    Mode     Traffic direction    Name / Program
    -------------------------------------------------------------------
    Enable   Inbound              BearShare / C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    Allowed programs configuration for Standard profile:
    Mode     Traffic direction    Name / Program
    -------------------------------------------------------------------
    Enable   Inbound              Personal E-mail Scanner / C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    Enable   Inbound              Online Shield / C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    Enable   Inbound              AVG Diagnostics 2011 / C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
    Enable   Inbound              AVG Installer / C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    Enable   Inbound              BearShare / C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
    Enable   Inbound              BearShare Music / C:\program files (x86)\bearshare music\bearshare music.exe
    Enable   Inbound              Google Earth / C:\program files (x86)\google\google earth\client\googleearth.exe
    Enable   Inbound              BearShare / C:\program files (x86)\bearshare test\bearshare.exe
    Enable   Inbound              All In One Center / C:\Program Files (x86)\Lexmark 5400 Series\LXCTaiox.exe
    Enable   Inbound              Device Monitor / C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    Enable   Inbound              Printer Status Window / C:\Windows\System32\spool\drivers\x64\3\lxctpswx.exe
    Enable   Inbound              Lexmark Communications System / C:\Windows\System32\lxctcoms.exe
    Enable   Inbound              BearShare / C:\program files (x86)\bearshare test\bearshare.exe
    IMPORTANT: Command executed successfully.
    However, "netsh firewall" is deprecated;
    use "netsh advfirewall firewall" instead.
    For more information on using "netsh advfirewall firewall" commands
    instead of "netsh firewall", see KB article 947709
    at http://go.microsoft.com/fwlink/?linkid=121488 .
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 4:20:49 PM, on 4/17/2011
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16766)
    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL9FNMY9\BearDiag[1].exe
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IL9FNMY9\HijackThis2.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youcansearch.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: Browser Enhancer - {86ef8bd1-47f3-4322-923f-f29cdf477eb0} - C:\Program Files (x86)\CAJ Media\Browser Enhancer\adxloader.dll (file missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files (x86)\PDF Complete\pdfsty.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Norton Online Backup] "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
    O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG10\avgtray.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix: 
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: 
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - Unknown owner - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE (file missing)
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    On a completely unrelated note (or maybe it isn't), sinced I switched from Windows XP to Windows 7 a few months ago (on a new computer), I can't get any version of Bearshare to work.

    Thanks again for all your help!

  21. #21
    actfray is offline Beta Member Cadet 2nd Class
    Join Date
    Jun 2009
    Posts
    59
    Rep Power
    0
    Forgot to mention, my Lexmark printer seems to have fixed itself. I can't remember what steps I took, but I believe I uninstalled and reinstalled the drivers via the internet. I did not use a disc. I was also unaware of any Brother Multifunction device drivers being present.

Similar Threads

  1. Replies: 106
    Last Post: 06-07-2009, 06:47 AM
  2. Replies: 13
    Last Post: 03-20-2009, 12:50 AM
  3. Replies: 24
    Last Post: 09-07-2008, 03:36 PM
  4. [Resolved] Can not get rid of this Spyware / Adware - Please Help {removed malware}
    By gaz_0001 in forum Software Support
    Replies: 12
    Last Post: 11-01-2006, 02:44 AM
  5. iso extension ?
    By Godsey in forum Technical Support
    Replies: 1
    Last Post: 11-12-2005, 11:41 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •