bearshare diag results.doc.doc

[CODE]BEARDIAG ISSUES - brief summary: (Extracted on 2007/07/08 19:22:33)

Warning: Possible disk errors present. See [url=http://www.technutopia.com/forum/showthread.php?t=1260]How to check your disk drive for errors[/url] - do not skip this step.BearShare version 5.2.5.1 found. We recommend the 5.1.0.b25 beta version - see [URL=http://www.technutopia.com/forum/showthread.php?t=2002]Recommended BearShare downloads[/URL]The Completed Downloads folder (C:\Documents and Settings\Andy\My Documents\My Music\) contains 2268 files. This may need to be reduced for optimum performance.BearShare currently shows port 6348 for TCP and port 6348 for UDP that need to match with your firewall/router configurationBearShare configured 'Connection Type' is satellite - may need checking in Setup/Connection.You are behind a NAT firewall and/or router. They need to be correctly configured to allow BearShare to access the Internet. This is a common cause of problems with BearShare - it can't communicate. Check your firewall allows BearShare to communicate on TCP port 6348 and UDP port 6348 If your connection is via a router, make sure it can forward BearShare traffic to a static IP address on your computer Refer to the following guidelines to correctly configure your firewall and router for use: - www.bearshare.com/help/firewalls/index.htm - the Firewall FAQ at the official BearShare Help site, - www.portforward.com/english/applications/port_forwarding/BearS/BearSindex.htm - the definitive guide to port forwarding and setting up a static IP address. (Hint: use static IP address 192.168.2.6, TCP Port 6348, and UDP port 6348).

More technical diagnostic troubleshooting information follows:[/CODE][CODE]BEARDIAG: Bearcare for BearShare.Details collected on 2007/07/08 19:20:25, BEARDIAG Version 01.99.17.0 beta, expires 2007/09/15 (69 days), running from C:\Documents and Settings\Andy\Desktop\BearDiag(2).exe

System Hardware InformationCPU Type is: Intel(R) Pentium(R) D CPU 2.80GHz, CPU speed is approx: 2793Mhz, System BIOS date is: 2005/09/01OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: ANDREW-AC80395DBrowser name: C:\Program Files\Internet Explorer\iexplore.exe, version: 6.0.2900.2180, Admin user? YES, AntiVirus engine present:

System Memory Parameters: Memory in use: 74%Total Physical RAM: 510.1Mb Available Physical RAM: 128.7MbTotal Pagefile: 1.2Gb Available Pagefile: 716.5Mb

Process info for BearSharePagefile peak usage: 0, Number of threads: 21, Number of handles: 455, Virtual memory usage: 0

Internet IP Address 67.175.xxx.xxx Local IP Address 192.168.2.6 You are behind a NAT firewall and/or router.

File LocationsProgram files are at: C:\Program Files, System Temporary files are at: C:\DOCUME~1\Andy\LOCALS~1\Temp, Common desktop is at:C:\Documents and Settings\All Users\DesktopBearShare version installed is: 5.2.5.1, Gnutella servent BearShare full path is: C:\Program Files\BearShare\Temporary downloads at: C:\Program Files\BearShare\Temp\, Completed downloads at: C:\Documents and Settings\Andy\My Documents\My Music\

Disk statisticsDrive C: Total space: 149.00Gb Free: 62.11Gb Full: 58.3% Vol type: NTFS

Folder StatisticsTemporary downloads folder: Space used: 0, File count: 0, Write access allowed? YES, # of DAT files: 0, #BAK: 0, #TIGER: 0, #TMP: 0, Other: 0Completed downloads folder: Space used: 6.5Gb, File count: 2268, Write access allowed? YESBearShare library file 'library.db' size is 3.6Mb, '/db' library folder size is 14.6Mb, console log size is 0

FreePeers.ini settingsThe freepeers.ini file is found at C:\Program Files\BearShare\FreePeers.ini. The extracted settings are as follows:

ProductLogicYes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc

Network2 : connectionType; Network connection type(0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values)6348 : listenPort; TCP/IP port number to listen on

HostsNo : bNeverBecomeUltrapeer; Disable UltraPeer mode

AuthenticationNo bAuthenticateHosts; Authenticate host connectionsNo bAuthenticateDownloads; Authenticate search results and downloads

GBandwidthLogicYes : bSymmetric; Is Internet connection symmetric1500 : totalKbps; Maximum bandwidth for symmetric connections1500 : sendKbps; Maximum outbound bandwidth for asymmetric connections1500 : recvKbps; Maximum inbound bandwidth for asymmetric connectionsNo : bMaxHostsKbps; Limit host bandwidth0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hostsNo : bMaxUploadsKbps; Limit upload bandwidth0 : maxUploadsKbps; Kbps of send bandwidth to limit uploadsNo : bMaxDownloadsKbps; Limit download bandwidth0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads

HostLogicNo : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?

FirewallLogicNo : bTcpNFW; yes if TCP is not firewalledNo : bUdpNFW; yes if UDP is not firewalled6348 : UDP Port; UDP port

DownloadsC:\Documents and Settings\Andy\My Documents\My Music : szDownloadsDir; Directory where completed and hashed downloads are moved toC:\Program Files\BearShare\Temp : szTempDir; Directory where partial downloads are kept30 : dlMaxFiles; Maximum files to download at once20 : dlMaxStreams; Maximum connections total8 : dlMaxStreamsFile; Maximum connections per fileNo : bDelCompletedDownloads; ; Automatically remove completed downloadsYes : bEnableSparseFiles; Enable Sparse files for temporary filesNo : bDisablePushSources; Never send Push messagesNo : bDisablePushProxySources; Never send Push Proxy requests

Uploads16 : maxTotUploads; Maximum files to upload at once0 : lastSendBpsMaxAvg; last session average outgoing bandwidth

Firewall testingCould not communicate with http://www3.limewire.com:6348/ - possible firewall configuration needed

C:\Program Files\BearShare\db\BearShareHostiles.zip: 1380942 bytes transferred over 3.06 seconds. Download speed is 3608Kbps.LSPFix.exe: 186880 bytes transferred over 1.28 seconds. Download speed is 1169Kbps.

[/CODE][CODE]StartupList report, 7/8/2007, 7:20:45 PMStartupList version: 1.52Started from : C:\Documents and Settings\Andy\Desktop\StartupList.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)* Using default options==================================================

Running processes:

C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exeC:\Program Files\AIM\aim.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\RoboMagic\MoonPhase\moon.exeC:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe

C:\Program Files\NETGEAR\WPN311\wlancfg5.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\AIM+\AIM+.exeC:\PROGRA~1\AIM\AIM95_c0\aim.exeC:\Program Files\AIM+\AIM+.exeC:\PROGRA~1\AIM\AIM95_c2\aim.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\Andy\LOCALS~1\Temp\Rar$EX03.469\BearShare\BearShare.exeC:\Documents and Settings\Andy\Desktop\BearDiag(2).exeC:\Documents and Settings\Andy\Desktop\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]Adobe Acrobat Speed Launcher.lnk = ?Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeGoogle Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeHP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeMoonPhase.lnk = C:\Program Files\RoboMagic\MoonPhase\moon.exeNETGEAR WG111T Smart Wizard.lnk = ?NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exeATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeTkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootAdobe Version Cue CS2 = "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"(Default) = iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"Microsoft Update Machine = iukjhq.exeavast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startBearShare = "C:\Program Files\BearShare\BearShare.exe" /pause

--------------------------------------------------

Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Update Machine = iukjhq.exe

--------------------------------------------------

Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\Run

swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeSMSystemAnalyzer = "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"System Mechanic Popup Blocker = "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"AIM = "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odlYahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietMSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /backgroundmsnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

File association entry for .HTA:HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exeSCRNSAVE.EXE=C:\WINDOWS\WICCA_SS.SCRdrivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}(no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}(no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Installation Support]InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dllCODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[ScorchPlugin Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\NPSibelius.dllCODEBASE = http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:*No scripts set to run*

Windows NT checkdisk command:BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':PendingFileRenameOperations: C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: C:\WINDOWS\system32\webcheck.dllSysTray: C:\WINDOWS\system32\stobject.dllWPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------End of report, 9,070 bytes

Report generated in 0.547 seconds

Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

[/CODE][CODE]Current task list information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600Details collected on 2007/07/08 19:20:30

PID Process Name File Version Pk Mem Usg. Command line that invoked task 0 System Idle Process 0.0.0.0 0Mb >< 4 System 0.0.0.0 2.43Mb >< 500 smss.exe 5.1.2600.2180 0.49Mb >\SystemRoot\System32\smss.exe< 556 csrss.exe 0.0.0.0 4.04Mb >< 580 winlogon.exe 5.1.2600.2180 15.39Mb >winlogon.exe< 624 services.exe 5.1.2600.2180 4.11Mb >C:\WINDOWS\system32\services.exe< 636 lsass.exe 5.1.2600.2180 6.17Mb >C:\WINDOWS\system32\lsass.exe< 780 ati2evxx.exe 6.14.10.4114 2.16Mb >C:\WINDOWS\system32\Ati2evxx.exe< 828 svchost.exe 5.1.2600.2180 5.45Mb >C:\WINDOWS\system32\svchost -k DcomLaunch< 884 svchost.exe 0.0.0.0 4.71Mb >< 940 svchost.exe 5.1.2600.2180 26.51Mb >C:\WINDOWS\System32\svchost.exe -k netsvcs< 1036 svchost.exe 0.0.0.0 3.29Mb >< 1084 svchost.exe 0.0.0.0 3.42Mb >< 1212 aswUpdSv.exe 4.7.997.0 1.69Mb >"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"< 1272 ashServ.exe 4.7.997.0 66.08Mb >"C:\Program Files\Alwil Software\Avast4\ashServ.exe"< 1404 explorer.exe 6.0.2900.2180 20.34Mb >C:\WINDOWS\Explorer.EXE< 1672 spoolsv.exe 5.1.2600.2696 5.23Mb >C:\WINDOWS\system32\spoolsv.exe< 1848 acs.exe 0.0.0.0 5.6Mb >C:\WINDOWS\system32\acs.exe< 1920 ehtray.exe 5.1.2710.2732 4.59Mb >"C:\WINDOWS\ehome\ehtray.exe" <

1980 realsched.exe 0.1.0.3760 2.68Mb >"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot< 212 ehrecvr.exe 5.1.2715.2773 4.41Mb >C:\WINDOWS\eHome\ehRecvr.exe< 228 acrotray.exe 6.0.1.1333 2.71Mb >"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" < 256 ehSched.exe 5.1.2710.2732 4.58Mb >C:\WINDOWS\eHome\ehSched.exe< 260 iTunesHelper.exe 7.2.0.34 3.8Mb >"C:\Program Files\iTunes\iTunesHelper.exe" < 320 GoogleUpdaterService 2.2.824.5515 3.23Mb >"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"< 328 ashDisp.exe 4.7.997.0 4.98Mb >"C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" < 428 mm_tray.exe 9.0.5.100 4.34Mb >"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" < 520 HPZipm12.exe 10.1.1.4 1.68Mb >C:\WINDOWS\system32\HPZipm12.exe< 684 issch.exe 3.10.100.1155 0.91Mb >"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start< 836 svchost.exe 0.0.0.0 3.74Mb >< 1392 SMSystemAnalyzer.exe 6.0.23.0 6.44Mb >"C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" < 1388 mcrdsvc.exe 0.0.0.0 2.95Mb >< 2096 aim.exe 5.9.6089.0 27.81Mb >"C:\Program Files\AIM\aim.exe" -cnetwait.odl< 2184 msmsgs.exe 4.7.0.3001 4.67Mb >"C:\Program Files\Messenger\msmsgs.exe" /background< 2528 GoogleUpdater.exe 2.1.871.19925 5.64Mb >"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup< 2548 hpqtra08.exe 70.0.170.0 10.28Mb >"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" < 2572 moon.exe 2.4.1.35 1.92Mb >"C:\Program Files\RoboMagic\MoonPhase\moon.exe" < 2616 wlan111t.exe 1.1.0.1 3.49Mb >"C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe" < 2744 wlancfg5.exe 1.1.7.306 7.46Mb >"C:\Program Files\NETGEAR\WPN311\wlancfg5.exe" /HIDE< 2856 ashMaiSv.exe 4.7.997.0 17.04Mb >"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service< 2988 ashWebSv.exe 4.7.997.0 15.21Mb >"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service< 3080 ehmsas.exe 5.1.2710.2732 2.68Mb >C:\WINDOWS\eHome\ehmsas.exe -Embedding< 3508 firefox.exe 1.8.20070.51502 124.91Mb >"C:\Program Files\Mozilla Firefox\firefox.exe" <

3540 iPodService.exe 7.2.0.34 3.88Mb >"C:\Program Files\iPod\bin\iPodService.exe"< 3784 alg.exe 0.0.0.0 3.46Mb >< 3912 hpqste08.exe 70.0.170.0 10Mb >"C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet D1300 series#1179278215" -Startup< 1840 dllhost.exe 5.1.2600.2180 6.07Mb >C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}< 3872 usnsvc.exe 8.1.178.0 2.5Mb >"C:\Program Files\MSN Messenger\usnsvc.exe"< 2552 msnmsgr.exe 8.1.178.0 38.1Mb >"C:\Program Files\MSN Messenger\msnmsgr.exe" < 920 YahooMessenger.exe 8.1.0.401 41.46Mb >"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" < 2204 AIM+.exe 2.2.1.65 2.8Mb >"C:\Program Files\AIM+\AIM+.exe" < 1116 aim.exe 5.9.6089.0 21.91Mb >"C:\PROGRA~1\AIM\AIM95_c0\aim.exe"< 1700 AIM+.exe 2.2.1.65 2.79Mb >"C:\Program Files\AIM+\AIM+.exe" < 2380 aim.exe 5.9.6089.0 22.2Mb >"C:\PROGRA~1\AIM\AIM95_c2\aim.exe"< 3520 WinRAR.exe 3.70.8.0 9.23Mb >"C:\Program Files\WinRAR\WinRAR.exe" "C:\Documents and Settings\Andy\Desktop\BearShare.zip"< 1120 BearShare.exe 5.2.5.1 27.67Mb >"C:\DOCUME~1\Andy\LOCALS~1\Temp\Rar$EX03.469\BearShare\BearShare.exe" < 3988 BearDiag(2).exe 1.99.17.0 11.38Mb >"C:\Documents and Settings\Andy\Desktop\BearDiag(2).exe" < 876 wmiprvse.exe 0.0.0.0 7.55Mb ><

BearShare library folder information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600Details collected on 2007/07/08 19:22:33

Volume in drive C has no label. Volume Serial Number is D4CF-AA27

Directory of C:\Program Files\BearShare\db

07/08/2007 07:22 PM <DIR> .07/08/2007 07:22 PM <DIR> ..07/08/2007 07:22 PM 1,380,942 BearShareHostiles.zip05/26/2007 12:10 AM 3,103 config.bin07/08/2007 07:02 PM 165,883 connect.txt07/08/2007 06:43 PM 1,163 gwebcache.dat

05/28/2007 02:37 PM 3,768 Hostiles.old07/04/2007 01:48 AM 12,810,078 Hostiles.txt07/08/2007 06:43 PM 0 Hostiles-Chat.txt07/08/2007 07:07 PM 3,777,536 library.2.db07/08/2007 07:02 PM 3,776,512 library.2.db.lastgoodload.bak07/08/2007 07:07 PM 3,777,536 library.db07/08/2007 07:02 PM 3,776,512 library.db.lastgoodload.bak07/08/2007 06:43 PM 19 searches.ini 12 File(s) 29,473,052 bytes 2 Dir(s) 66,674,749,440 bytes free[/CODE][CODE]Firewall information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600Details collected on 2007/07/08 19:22:39

Default gateway is 192.168.2.1

Domain profile configuration:-------------------------------------------------------------------Operational mode = EnableException mode = EnableMulticast/broadcast response mode = EnableNotification mode = Enable

Allowed programs configuration for Domain profile:Mode Name / Program-------------------------------------------------------------------Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exeEnable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exeEnable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe

Standard profile configuration (current):-------------------------------------------------------------------Operational mode = DisableException mode = EnableMulticast/broadcast response mode = EnableNotification mode = Enable

Allowed programs configuration for Standard profile:Mode Name / Program-------------------------------------------------------------------Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exeEnable AOL Instant Messenger / C:\Program Files\AIM\aim.exe

Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeEnable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exeEnable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exeEnable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exeEnable Windows Messenger / C:\Program Files\Messenger\msmsgs.exeEnable Adobe Version Cue CS2 / C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeEnable LimeWire / C:\Program Files\FrostWire\FrostWire.exeEnable LimeWire / C:\Program Files\LimeWire\LimeWire.exeEnable iTunes / C:\Program Files\iTunes\iTunes.exe

Port configuration for Standard profile:Port Protocol Mode Name-------------------------------------------------------------------1900 UDP Enable SSDP Component of UPnP Framework

Log configuration:-------------------------------------------------------------------File location = C:\WINDOWS\pfirewall.logMax file size = 4096 KBDropped packets = DisableConnections = Disable

Wireless Network Connection 2 firewall configuration:-------------------------------------------------------------------Operational mode = Enable

[/CODE][CODE]Logfile of HijackThis v1.99.1Scan saved at 7:21:06 PM, on 7/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exeC:\Program Files\AIM\aim.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\RoboMagic\MoonPhase\moon.exeC:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exeC:\Program Files\NETGEAR\WPN311\wlancfg5.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\AIM+\AIM+.exeC:\PROGRA~1\AIM\AIM95_c0\aim.exeC:\Program Files\AIM+\AIM+.exeC:\PROGRA~1\AIM\AIM95_c2\aim.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\Andy\LOCALS~1\Temp\Rar$EX03.469\BearShare\BearShare.exeC:\Documents and Settings\Andy\Desktop\BearDiag(2).exeC:\Documents and Settings\Andy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssbR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Microsoft Update Machine] iukjhq.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\RunServices: [Microsoft Update Machine] iukjhq.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odlO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: MoonPhase.lnk = C:\Program Files\RoboMagic\MoonPhase\moon.exeO4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exeO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\AIM95_c2\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

.[/CODE]