[CODE]
BEARDIAG ISSUES - brief summary: (Extracted on 2007/07/08 19:22:33)

Warning: Possible disk errors present. See
[ur...
Process info for BearShare
Pagefile peak usage: 0, Number of threads: 21, Number of handles: 455, Virtual memory
usage: 0
...
Authentication
No    bAuthenticateHosts; Authenticate host connections
No    bAuthenticateDownloads; Authenticate search r...
C:Program FilesBearSharedbBearShareHostiles.zip: 1380942 bytes transferred over
3.06 seconds. Download speed is 3608Kbps.
...
C:Program FilesNETGEARWPN311wlancfg5.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvas...
Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun

ehTray = C:WINDOWSehomeehtray.exe
ATIPTA = C...
(Default) = NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:WINDOWSSYST...
--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

-----------...
End of report, 9,070 bytes
Report generated in 0.547 seconds

Command line options:
 /verbose - to add additional info on ...
1980 realsched.exe         0.1.0.3760       2.68Mb >"C:Program FilesCommon
FilesRealUpdate_OBrealsched.exe" -osboot<
  212...
3540 iPodService.exe          7.2.0.34      3.88Mb >"C:Program
FilesiPodbiniPodService.exe"<
 3784 alg.exe              0....
07/08/2007 07:02 PM          165,883 connect.txt
07/08/2007 06:43 PM            1,163 gwebcache.dat
05/28/2007 02:37 PM   ...
Enable Remote Assistance / C:WINDOWSsystem32sessmgr.exe
Enable AOL Instant Messenger / C:Program FilesAIMaim.exe
Enable Ya...
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32acs.exe...
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolde...
O4 - HKCU..Run: [swg] C:Program
FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [SMSystemAnalyze...
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program
FilesYahoo!Common/ycdict.htm
O8 - Extra context menu ...
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner
- C:Program FilesCommon FilesSymantec Sha...
Upcoming SlideShare
Loading in...5
×

BearShare Diag Results.doc.doc

489

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
489
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

BearShare Diag Results.doc.doc

  1. 1. [CODE] BEARDIAG ISSUES - brief summary: (Extracted on 2007/07/08 19:22:33) Warning: Possible disk errors present. See [url=http://www.technutopia.com/forum/showthread.php?t=1260]How to check your disk drive for errors[/url] - do not skip this step. BearShare version 5.2.5.1 found. We recommend the 5.1.0.b25 beta version - see [URL=http://www.technutopia.com/forum/showthread.php?t=2002]Recommended BearShare downloads[/URL] The Completed Downloads folder (C:Documents and SettingsAndyMy DocumentsMy Music) contains 2268 files. This may need to be reduced for optimum performance. BearShare currently shows port 6348 for TCP and port 6348 for UDP that need to match with your firewall/router configuration BearShare configured 'Connection Type' is satellite - may need checking in Setup/Connection. You are behind a NAT firewall and/or router. They need to be correctly configured to allow BearShare to access the Internet. This is a common cause of problems with BearShare - it can't communicate. Check your firewall allows BearShare to communicate on TCP port 6348 and UDP port 6348 If your connection is via a router, make sure it can forward BearShare traffic to a static IP address on your computer Refer to the following guidelines to correctly configure your firewall and router for use: - www.bearshare.com/help/firewalls/index.htm - the Firewall FAQ at the official BearShare Help site, - www.portforward.com/english/applications/port_forwarding/BearS/BearSindex.htm - the definitive guide to port forwarding and setting up a static IP address. (Hint: use static IP address 192.168.2.6, TCP Port 6348, and UDP port 6348). More technical diagnostic troubleshooting information follows:[/CODE][CODE] BEARDIAG: Bearcare for BearShare. Details collected on 2007/07/08 19:20:25, BEARDIAG Version 01.99.17.0 beta, expires 2007/09/15 (69 days), running from C:Documents and SettingsAndyDesktopBearDiag(2).exe System Hardware Information CPU Type is: Intel(R) Pentium(R) D CPU 2.80GHz, CPU speed is approx: 2793Mhz, System BIOS date is: 2005/09/01 OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: ANDREW-AC80395D Browser name: C:Program FilesInternet Exploreriexplore.exe, version: 6.0.2900.2180, Admin user? YES, AntiVirus engine present: System Memory Parameters: Memory in use: 74% Total Physical RAM: 510.1Mb Available Physical RAM: 128.7Mb Total Pagefile: 1.2Gb Available Pagefile: 716.5Mb
  2. 2. Process info for BearShare Pagefile peak usage: 0, Number of threads: 21, Number of handles: 455, Virtual memory usage: 0 Internet IP Address 67.175.xxx.xxx Local IP Address 192.168.2.6 You are behind a NAT firewall and/or router. File Locations Program files are at: C:Program Files, System Temporary files are at: C:DOCUME~1AndyLOCALS~1Temp, Common desktop is at:C:Documents and SettingsAll UsersDesktop BearShare version installed is: 5.2.5.1, Gnutella servent BearShare full path is: C:Program FilesBearShare Temporary downloads at: C:Program FilesBearShareTemp, Completed downloads at: C:Documents and SettingsAndyMy DocumentsMy Music Disk statistics Drive C: Total space: 149.00Gb Free: 62.11Gb Full: 58.3% Vol type: NTFS Folder Statistics Temporary downloads folder: Space used: 0, File count: 0, Write access allowed? YES, # of DAT files: 0, #BAK: 0, #TIGER: 0, #TMP: 0, Other: 0 Completed downloads folder: Space used: 6.5Gb, File count: 2268, Write access allowed? YES BearShare library file 'library.db' size is 3.6Mb, '/db' library folder size is 14.6Mb, console log size is 0 FreePeers.ini settings The freepeers.ini file is found at C:Program FilesBearShareFreePeers.ini. The extracted settings are as follows: ProductLogic Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc Network 2 : connectionType; Network connection type (0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/ OC3/Microwave, 4=Custom values) 6348 : listenPort; TCP/IP port number to listen on Hosts No : bNeverBecomeUltrapeer; Disable UltraPeer mode
  3. 3. Authentication No bAuthenticateHosts; Authenticate host connections No bAuthenticateDownloads; Authenticate search results and downloads GBandwidthLogic Yes : bSymmetric; Is Internet connection symmetric 1500 : totalKbps; Maximum bandwidth for symmetric connections 1500 : sendKbps; Maximum outbound bandwidth for asymmetric connections 1500 : recvKbps; Maximum inbound bandwidth for asymmetric connections No : bMaxHostsKbps; Limit host bandwidth 0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts No : bMaxUploadsKbps; Limit upload bandwidth 0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads No : bMaxDownloadsKbps; Limit download bandwidth 0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads HostLogic No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer? FirewallLogic No : bTcpNFW; yes if TCP is not firewalled No : bUdpNFW; yes if UDP is not firewalled 6348 : UDP Port; UDP port Downloads C:Documents and SettingsAndyMy DocumentsMy Music : szDownloadsDir; Directory where completed and hashed downloads are moved to C:Program FilesBearShareTemp : szTempDir; Directory where partial downloads are kept 30 : dlMaxFiles; Maximum files to download at once 20 : dlMaxStreams; Maximum connections total 8 : dlMaxStreamsFile; Maximum connections per file No : bDelCompletedDownloads; ; Automatically remove completed downloads Yes : bEnableSparseFiles; Enable Sparse files for temporary files No : bDisablePushSources; Never send Push messages No : bDisablePushProxySources; Never send Push Proxy requests Uploads 16 : maxTotUploads; Maximum files to upload at once 0 : lastSendBpsMaxAvg; last session average outgoing bandwidth Firewall testing Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration needed
  4. 4. C:Program FilesBearSharedbBearShareHostiles.zip: 1380942 bytes transferred over 3.06 seconds. Download speed is 3608Kbps. LSPFix.exe: 186880 bytes transferred over 1.28 seconds. Download speed is 1169Kbps. [/CODE] [CODE] StartupList report, 7/8/2007, 7:20:45 PM StartupList version: 1.52 Started from : C:Documents and SettingsAndyDesktopStartupList.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32acs.exe C:WINDOWSehomeehtray.exe C:Program FilesCommon FilesRealUpdate_OBrealsched.exe C:WINDOWSeHomeehRecvr.exe C:Program FilesAdobeAdobe Acrobat 7.0DistillrAcrotray.exe C:WINDOWSeHomeehSched.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe C:WINDOWSsystem32HPZipm12.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:Program FilesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe C:Program FilesAIMaim.exe C:Program FilesMessengermsmsgs.exe C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:Program FilesRoboMagicMoonPhasemoon.exe C:Program FilesNETGEARWG111T Configuration Utilitywlan111t.exe
  5. 5. C:Program FilesNETGEARWPN311wlancfg5.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:WINDOWSeHomeehmsas.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesiPodbiniPodService.exe C:Program FilesHPDigital ImagingbinhpqSTE08.exe C:WINDOWSsystem32dllhost.exe C:Program FilesMSN Messengerusnsvc.exe C:Program FilesMSN Messengermsnmsgr.exe C:Program FilesYahoo!MessengerYahooMessenger.exe C:Program FilesAIM+AIM+.exe C:PROGRA~1AIMAIM95_c0aim.exe C:Program FilesAIM+AIM+.exe C:PROGRA~1AIMAIM95_c2aim.exe C:Program FilesWinRARWinRAR.exe C:DOCUME~1AndyLOCALS~1TempRar$EX03.469BearShareBearShare.exe C:Documents and SettingsAndyDesktopBearDiag(2).exe C:Documents and SettingsAndyDesktopStartupList.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:Documents and SettingsAll UsersStart MenuProgramsStartup] Adobe Acrobat Speed Launcher.lnk = ? Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe Google Updater.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe MoonPhase.lnk = C:Program FilesRoboMagicMoonPhasemoon.exe NETGEAR WG111T Smart Wizard.lnk = ? NETGEAR WPN311 Wireless Assistant.lnk = C:Program FilesNETGEARWPN311wlancfg5.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon] UserInit = C:WINDOWSsystem32userinit.exe, --------------------------------------------------
  6. 6. Autorun entries from Registry: HKLMSoftwareMicrosoftWindowsCurrentVersionRun ehTray = C:WINDOWSehomeehtray.exe ATIPTA = C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe TkBellExe = "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot Adobe Version Cue CS2 = "C:Program FilesAdobeAdobe Version Cue CS2ControlPanelVersionCueCS2Tray.exe" Acrobat Assistant 7.0 = "C:Program FilesAdobeAdobe Acrobat 7.0DistillrAcrotray.exe" (Default) = iTunesHelper = "C:Program FilesiTunesiTunesHelper.exe" Microsoft Update Machine = iukjhq.exe avast! = C:PROGRA~1ALWILS~1Avast4ashDisp.exe ISUSPM Startup = C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup ISUSScheduler = "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start BearShare = "C:Program FilesBearShareBearShare.exe" /pause -------------------------------------------------- Autorun entries from Registry: HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices Microsoft Update Machine = iukjhq.exe -------------------------------------------------- Autorun entries from Registry: HKCUSoftwareMicrosoftWindowsCurrentVersionRun swg = C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe SMSystemAnalyzer = "C:Program FilesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe" System Mechanic Popup Blocker = "C:Program FilesioloSystem Mechanic Professional 6PopupBlocker.exe" AIM = "C:Program FilesAIM+AIM+.exe" -cnetwait.odl Yahoo! Pager = "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet MSMSGS = "C:Program FilesMessengermsmsgs.exe" /background msnmsgr = "C:Program FilesMSN Messengermsnmsgr.exe" /background -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOThtafileshellopencommand
  7. 7. (Default) = NOTEPAD.EXE %1 -------------------------------------------------- Shell & screensaver key from C:WINDOWSSYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:WINDOWSWICCA_SS.SCR drivers=*Registry value not found* Policies Shell key: HKCU..Policies: Shell=*Registry key not found* HKLM..Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:Program FilesAdobeAdobe Acrobat 7.0ActiveXAcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:Program FilesSpybot - Search & DestroySDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:Program FilesYahoo!Commonyiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:Program FilesJavajre1.5.0_11binssv.dll - {761497BB-D6F0-462C- B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:program filesgooglegoogletoolbar2.dll - {AA58ED58-01DD-4d91-8333- CF10577473F7} (no name) - C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} (no name) - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
  8. 8. -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [Installation Support] InProcServer32 = C:Program FilesYahoo!CommonYinsthelper.dll CODEBASE = C:Program FilesYahoo!CommonYinsthelper.dll [ScorchPlugin Class] InProcServer32 = C:WINDOWSDownloaded Program FilesNPSibelius.dll CODEBASE = http://www.sibelius.com/download/software/win/ActiveXPlugin.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:DOCUME~1AndyLOCALS~1TempGLB1A2B.EXE|| C:DOCUME~1AndyLOCALS~1TempGLB1A2B.EXE|| C:DOCUME~1AndyLOCALS~1TempGLB1A2B.EXE|| C:DOCUME~1AndyLOCALS~1TempGLB1A2B.EXE|| C:DOCUME~1AndyLOCALS~1TempGLB1A2B.EXE -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:WINDOWSsystem32SHELL32.dll CDBurn: C:WINDOWSsystem32SHELL32.dll WebCheck: C:WINDOWSsystem32webcheck.dll SysTray: C:WINDOWSsystem32stobject.dll WPDShServiceObj: C:WINDOWSsystem32WPDShServiceObj.dll --------------------------------------------------
  9. 9. End of report, 9,070 bytes Report generated in 0.547 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only [/CODE] [CODE] Current task list information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600 Details collected on 2007/07/08 19:20:30 PID Process Name File Version Pk Mem Usg. Command line that invoked task 0 System Idle Process 0.0.0.0 0Mb >< 4 System 0.0.0.0 2.43Mb >< 500 smss.exe 5.1.2600.2180 0.49Mb >SystemRootSystem32smss.exe< 556 csrss.exe 0.0.0.0 4.04Mb >< 580 winlogon.exe 5.1.2600.2180 15.39Mb >winlogon.exe< 624 services.exe 5.1.2600.2180 4.11Mb >C:WINDOWSsystem32services.exe< 636 lsass.exe 5.1.2600.2180 6.17Mb >C:WINDOWSsystem32lsass.exe< 780 ati2evxx.exe 6.14.10.4114 2.16Mb >C:WINDOWSsystem32Ati2evxx.exe< 828 svchost.exe 5.1.2600.2180 5.45Mb >C:WINDOWSsystem32svchost -k DcomLaunch< 884 svchost.exe 0.0.0.0 4.71Mb >< 940 svchost.exe 5.1.2600.2180 26.51Mb >C:WINDOWSSystem32svchost.exe -k netsvcs< 1036 svchost.exe 0.0.0.0 3.29Mb >< 1084 svchost.exe 0.0.0.0 3.42Mb >< 1212 aswUpdSv.exe 4.7.997.0 1.69Mb >"C:Program FilesAlwil Software Avast4aswUpdSv.exe"< 1272 ashServ.exe 4.7.997.0 66.08Mb >"C:Program FilesAlwil SoftwareAvast4ashServ.exe"< 1404 explorer.exe 6.0.2900.2180 20.34Mb >C:WINDOWSExplorer.EXE< 1672 spoolsv.exe 5.1.2600.2696 5.23Mb >C:WINDOWSsystem32spoolsv.exe< 1848 acs.exe 0.0.0.0 5.6Mb >C:WINDOWSsystem32acs.exe< 1920 ehtray.exe 5.1.2710.2732 4.59Mb >"C:WINDOWSehomeehtray.exe" <
  10. 10. 1980 realsched.exe 0.1.0.3760 2.68Mb >"C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot< 212 ehrecvr.exe 5.1.2715.2773 4.41Mb >C:WINDOWSeHomeehRecvr.exe< 228 acrotray.exe 6.0.1.1333 2.71Mb >"C:Program FilesAdobeAdobe Acrobat 7.0DistillrAcrotray.exe" < 256 ehSched.exe 5.1.2710.2732 4.58Mb >C:WINDOWSeHomeehSched.exe< 260 iTunesHelper.exe 7.2.0.34 3.8Mb >"C:Program FilesiTunesiTunesHelper.exe" < 320 GoogleUpdaterService 2.2.824.5515 3.23Mb >"C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe"< 328 ashDisp.exe 4.7.997.0 4.98Mb >"C:PROGRA~1ALWILS~1Avast4 ashDisp.exe" < 428 mm_tray.exe 9.0.5.100 4.34Mb >"C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe" < 520 HPZipm12.exe 10.1.1.4 1.68Mb >C:WINDOWSsystem32HPZipm12.exe< 684 issch.exe 3.10.100.1155 0.91Mb >"C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start< 836 svchost.exe 0.0.0.0 3.74Mb >< 1392 SMSystemAnalyzer.exe 6.0.23.0 6.44Mb >"C:Program FilesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe" < 1388 mcrdsvc.exe 0.0.0.0 2.95Mb >< 2096 aim.exe 5.9.6089.0 27.81Mb >"C:Program FilesAIMaim.exe" -cnetwait.odl< 2184 msmsgs.exe 4.7.0.3001 4.67Mb >"C:Program FilesMessengermsmsgs.exe" /background< 2528 GoogleUpdater.exe 2.1.871.19925 5.64Mb >"C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe" -systray -startup< 2548 hpqtra08.exe 70.0.170.0 10.28Mb >"C:Program FilesHPDigital Imagingbinhpqtra08.exe" < 2572 moon.exe 2.4.1.35 1.92Mb >"C:Program FilesRoboMagicMoonPhasemoon.exe" < 2616 wlan111t.exe 1.1.0.1 3.49Mb >"C:Program FilesNETGEARWG111T Configuration Utilitywlan111t.exe" < 2744 wlancfg5.exe 1.1.7.306 7.46Mb >"C:Program FilesNETGEARWPN311wlancfg5.exe" /HIDE< 2856 ashMaiSv.exe 4.7.997.0 17.04Mb >"C:Program FilesAlwil Software Avast4ashMaiSv.exe" /service< 2988 ashWebSv.exe 4.7.997.0 15.21Mb >"C:Program FilesAlwil Software Avast4ashWebSv.exe" /service< 3080 ehmsas.exe 5.1.2710.2732 2.68Mb >C:WINDOWSeHomeehmsas.exe -Embedding< 3508 firefox.exe 1.8.20070.51502 124.91Mb >"C:Program FilesMozilla Firefoxfirefox.exe" <
  11. 11. 3540 iPodService.exe 7.2.0.34 3.88Mb >"C:Program FilesiPodbiniPodService.exe"< 3784 alg.exe 0.0.0.0 3.46Mb >< 3912 hpqste08.exe 70.0.170.0 10Mb >"C:Program FilesHPDigital ImagingbinhpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet D1300 series#1179278215" -Startup< 1840 dllhost.exe 5.1.2600.2180 6.07Mb >C:WINDOWSsystem32dllhost.exe /Processid:{02D4B3F1- FD88-11D1-960D-00805FC79235}< 3872 usnsvc.exe 8.1.178.0 2.5Mb >"C:Program FilesMSN Messengerusnsvc.exe"< 2552 msnmsgr.exe 8.1.178.0 38.1Mb >"C:Program FilesMSN Messenger msnmsgr.exe" < 920 YahooMessenger.exe 8.1.0.401 41.46Mb >"C:Program FilesYahoo!MessengerYahooMessenger.exe" < 2204 AIM+.exe 2.2.1.65 2.8Mb >"C:Program FilesAIM+AIM+.exe" < 1116 aim.exe 5.9.6089.0 21.91Mb >"C:PROGRA~1AIMAIM95_c0aim.exe"< 1700 AIM+.exe 2.2.1.65 2.79Mb >"C:Program FilesAIM+AIM+.exe" < 2380 aim.exe 5.9.6089.0 22.2Mb >"C:PROGRA~1AIMAIM95_c2aim.exe"< 3520 WinRAR.exe 3.70.8.0 9.23Mb >"C:Program FilesWinRARWinRAR.exe" "C:Documents and SettingsAndyDesktopBearShare.zip"< 1120 BearShare.exe 5.2.5.1 27.67Mb >"C:DOCUME~1AndyLOCALS~1 TempRar$EX03.469BearShareBearShare.exe" < 3988 BearDiag(2).exe 1.99.17.0 11.38Mb >"C:Documents and SettingsAndy DesktopBearDiag(2).exe" < 876 wmiprvse.exe 0.0.0.0 7.55Mb >< BearShare library folder information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600 Details collected on 2007/07/08 19:22:33 Volume in drive C has no label. Volume Serial Number is D4CF-AA27 Directory of C:Program FilesBearSharedb 07/08/2007 07:22 PM <DIR> . 07/08/2007 07:22 PM <DIR> .. 07/08/2007 07:22 PM 1,380,942 BearShareHostiles.zip 05/26/2007 12:10 AM 3,103 config.bin
  12. 12. 07/08/2007 07:02 PM 165,883 connect.txt 07/08/2007 06:43 PM 1,163 gwebcache.dat 05/28/2007 02:37 PM 3,768 Hostiles.old 07/04/2007 01:48 AM 12,810,078 Hostiles.txt 07/08/2007 06:43 PM 0 Hostiles-Chat.txt 07/08/2007 07:07 PM 3,777,536 library.2.db 07/08/2007 07:02 PM 3,776,512 library.2.db.lastgoodload.bak 07/08/2007 07:07 PM 3,777,536 library.db 07/08/2007 07:02 PM 3,776,512 library.db.lastgoodload.bak 07/08/2007 06:43 PM 19 searches.ini 12 File(s) 29,473,052 bytes 2 Dir(s) 66,674,749,440 bytes free [/CODE] [CODE] Firewall information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600 Details collected on 2007/07/08 19:22:39 Default gateway is 192.168.2.1 Domain profile configuration: ------------------------------------------------------------------- Operational mode = Enable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Allowed programs configuration for Domain profile: Mode Name / Program ------------------------------------------------------------------- Enable Remote Assistance / C:WINDOWSsystem32sessmgr.exe Enable Windows Live Messenger 8.1 / C:Program FilesMSN Messengermsnmsgr.exe Enable Windows Live Messenger 8.1 (Phone) / C:Program FilesMSN Messengerlivecall.exe Standard profile configuration (current): ------------------------------------------------------------------- Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Allowed programs configuration for Standard profile: Mode Name / Program -------------------------------------------------------------------
  13. 13. Enable Remote Assistance / C:WINDOWSsystem32sessmgr.exe Enable AOL Instant Messenger / C:Program FilesAIMaim.exe Enable Yahoo! Messenger / C:Program FilesYahoo!MessengerYahooMessenger.exe Enable Yahoo! FT Server / C:Program FilesYahoo!MessengerYServer.exe Enable Windows Live Messenger 8.1 / C:Program FilesMSN Messengermsnmsgr.exe Enable Windows Live Messenger 8.1 (Phone) / C:Program FilesMSN Messengerlivecall.exe Enable Windows Messenger / C:Program FilesMessengermsmsgs.exe Enable Adobe Version Cue CS2 / C:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe Enable LimeWire / C:Program FilesFrostWireFrostWire.exe Enable LimeWire / C:Program FilesLimeWireLimeWire.exe Enable iTunes / C:Program FilesiTunesiTunes.exe Port configuration for Standard profile: Port Protocol Mode Name ------------------------------------------------------------------- 1900 UDP Enable SSDP Component of UPnP Framework Log configuration: ------------------------------------------------------------------- File location = C:WINDOWSpfirewall.log Max file size = 4096 KB Dropped packets = Disable Connections = Disable Wireless Network Connection 2 firewall configuration: ------------------------------------------------------------------- Operational mode = Enable [/CODE] [CODE] Logfile of HijackThis v1.99.1 Scan saved at 7:21:06 PM, on 7/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
  14. 14. C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32acs.exe C:WINDOWSehomeehtray.exe C:Program FilesCommon FilesRealUpdate_OBrealsched.exe C:WINDOWSeHomeehRecvr.exe C:Program FilesAdobeAdobe Acrobat 7.0DistillrAcrotray.exe C:WINDOWSeHomeehSched.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe C:WINDOWSsystem32HPZipm12.exe C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe C:Program FilesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe C:Program FilesAIMaim.exe C:Program FilesMessengermsmsgs.exe C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe C:Program FilesHPDigital Imagingbinhpqtra08.exe C:Program FilesRoboMagicMoonPhasemoon.exe C:Program FilesNETGEARWG111T Configuration Utilitywlan111t.exe C:Program FilesNETGEARWPN311wlancfg5.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:WINDOWSeHomeehmsas.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesiPodbiniPodService.exe C:Program FilesHPDigital ImagingbinhpqSTE08.exe C:WINDOWSsystem32dllhost.exe C:Program FilesMSN Messengerusnsvc.exe C:Program FilesMSN Messengermsnmsgr.exe C:Program FilesYahoo!MessengerYahooMessenger.exe C:Program FilesAIM+AIM+.exe C:PROGRA~1AIMAIM95_c0aim.exe C:Program FilesAIM+AIM+.exe C:PROGRA~1AIMAIM95_c2aim.exe C:Program FilesWinRARWinRAR.exe C:DOCUME~1AndyLOCALS~1TempRar$EX03.469BearShareBearShare.exe C:Documents and SettingsAndyDesktopBearDiag(2).exe C:Documents and SettingsAndyDesktopHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/
  15. 15. R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAdobe Acrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Common yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA- CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKLM..Run: [Adobe Version Cue CS2] "C:Program FilesAdobeAdobe Version Cue CS2ControlPanelVersionCueCS2Tray.exe" O4 - HKLM..Run: [Acrobat Assistant 7.0] "C:Program FilesAdobeAdobe Acrobat 7.0DistillrAcrotray.exe" O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [Microsoft Update Machine] iukjhq.exe O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start O4 - HKLM..Run: [BearShare] "C:Program FilesBearShareBearShare.exe" /pause O4 - HKLM..RunServices: [Microsoft Update Machine] iukjhq.exe
  16. 16. O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [SMSystemAnalyzer] "C:Program FilesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe" O4 - HKCU..Run: [System Mechanic Popup Blocker] "C:Program FilesioloSystem Mechanic Professional 6PopupBlocker.exe" O4 - HKCU..Run: [AIM] "C:Program FilesAIM+AIM+.exe" -cnetwait.odl O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe O4 - Global Startup: MoonPhase.lnk = C:Program FilesRoboMagicMoonPhasemoon.exe O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:Program FilesNETGEARWPN311wlancfg5.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program Files AdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program Files AdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program Files AdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
  17. 17. O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRA~1AIMAIM95_c2aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:Program FilesAdobeAdobe Version Cue CS2binVersionCueCS2.exe" -win32service (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil Software Avast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil Software Avast4ashWebSv.exe" /service (file missing)
  18. 18. O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe .[/CODE]

×