BEARDIAG ISSUES - Brief Summary: (Extracted on 2007/07/08 19:22:33)

[CODE] BEARDIAG ISSUES - brief summary: (Extracted on 2007/07/08 19:22:33)

Warning: Possible disk errors present. See [url=http://www.technutopia.com/forum/showthread.php?t=1260]How to check your disk drive for errors[/url] - do not skip this step. BearShare version 5.2.5.1 found. We recommend the 5.1.0.b25 beta version - see [URL=http://www.technutopia.com/forum/showthread.php?t=2002]Recommended BearShare downloads[/URL] The Completed Downloads folder (C:\Documents and Settings\Andy\My Documents\My Music\) contains 2268 files. This may need to be reduced for optimum performance. BearShare currently shows port 6348 for TCP and port 6348 for UDP that need to match with your firewall/router configuration BearShare configured 'Connection Type' is satellite - may need checking in Setup/Connection. You are behind a NAT firewall and/or router. They need to be correctly configured to allow BearShare to access the Internet. This is a common cause of problems with BearShare - it can't communicate. Check your firewall allows BearShare to communicate on TCP port 6348 and UDP port 6348 If your connection is via a router, make sure it can forward BearShare traffic to a static IP address on your computer Refer to the following guidelines to correctly configure your firewall and router for use: - www.bearshare.com/help/firewalls/index.htm - the Firewall FAQ at the official BearShare Help site, - www.portforward.com/english/applications/port_forwarding/BearS/BearSindex.htm - the definitive guide to port forwarding and setting up a static IP address. (Hint: use static IP address 192.168.2.6, TCP Port 6348, and UDP port 6348).

More technical diagnostic troubleshooting information follows:[/CODE][CODE] BEARDIAG: Bearcare for BearShare. Details collected on 2007/07/08 19:20:25, BEARDIAG Version 01.99.17.0 beta, expires 2007/09/15 (69 days), running from C:\Documents and Settings\Andy\Desktop\BearDiag(2).exe

System Hardware Information CPU Type is: Intel(R) Pentium(R) D CPU 2.80GHz, CPU speed is approx: 2793Mhz, System BIOS date is: 2005/09/01 OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: ANDREW-AC80395D Browser name: C:\Program Files\Internet Explorer\iexplore.exe, version: 6.0.2900.2180, Admin user? YES, AntiVirus engine present:

System Memory Parameters: Memory in use: 74% Total Physical RAM: 510.1Mb Available Physical RAM: 128.7Mb Total Pagefile: 1.2Gb Available Pagefile: 716.5Mb Process info for BearShare Pagefile peak usage: 0, Number of threads: 21, Number of handles: 455, Virtual memory usage: 0

Internet IP Address 67.175.xxx.xxx Local IP Address 192.168.2.6 You are behind a NAT firewall and/or router.

File Locations Program files are at: C:\Program Files, System Temporary files are at: C:\DOCUME~1\Andy\LOCALS~1\Temp, Common desktop is at:C:\Documents and Settings\All Users\Desktop BearShare version installed is: 5.2.5.1, Gnutella servent BearShare full path is: C:\Program Files\BearShare\ Temporary downloads at: C:\Program Files\BearShare\Temp\, Completed downloads at: C:\Documents and Settings\Andy\My Documents\My Music\

Disk statistics Drive C: Total space: 149.00Gb Free: 62.11Gb Full: 58.3% Vol type: NTFS

Folder Statistics Temporary downloads folder: Space used: 0, File count: 0, Write access allowed? YES, # of DAT files: 0, #BAK: 0, #TIGER: 0, #TMP: 0, Other: 0 Completed downloads folder: Space used: 6.5Gb, File count: 2268, Write access allowed? YES BearShare library file 'library.db' size is 3.6Mb, '/db' library folder size is 14.6Mb, console log size is 0

FreePeers.ini settings The freepeers.ini file is found at C:\Program Files\BearShare\FreePeers.ini. The extracted settings are as follows:

ProductLogic Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc

Network 2 : connectionType; Network connection type (0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values) 6348 : listenPort; TCP/IP port number to listen on

Hosts No : bNeverBecomeUltrapeer; Disable UltraPeer mode Authentication No bAuthenticateHosts; Authenticate host connections No bAuthenticateDownloads; Authenticate search results and downloads

GBandwidthLogic Yes : bSymmetric; Is Internet connection symmetric 1500 : totalKbps; Maximum bandwidth for symmetric connections 1500 : sendKbps; Maximum outbound bandwidth for asymmetric connections 1500 : recvKbps; Maximum inbound bandwidth for asymmetric connections No : bMaxHostsKbps; Limit host bandwidth 0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts No : bMaxUploadsKbps; Limit upload bandwidth 0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads No : bMaxDownloadsKbps; Limit download bandwidth 0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads

HostLogic No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?

FirewallLogic No : bTcpNFW; yes if TCP is not firewalled No : bUdpNFW; yes if UDP is not firewalled 6348 : UDP Port; UDP port

Downloads C:\Documents and Settings\Andy\My Documents\My Music : szDownloadsDir; Directory where completed and hashed downloads are moved to C:\Program Files\BearShare\Temp : szTempDir; Directory where partial downloads are kept 30 : dlMaxFiles; Maximum files to download at once 20 : dlMaxStreams; Maximum connections total 8 : dlMaxStreamsFile; Maximum connections per file No : bDelCompletedDownloads; ; Automatically remove completed downloads Yes : bEnableSparseFiles; Enable Sparse files for temporary files No : bDisablePushSources; Never send Push messages No : bDisablePushProxySources; Never send Push Proxy requests

Uploads 16 : maxTotUploads; Maximum files to upload at once 0 : lastSendBpsMaxAvg; last session average outgoing bandwidth

Firewall testing Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration needed C:\Program Files\BearShare\db\BearShareHostiles.zip: 1380942 bytes transferred over 3.06 seconds. Download speed is 3608Kbps. LSPFix.exe: 186880 bytes transferred over 1.28 seconds. Download speed is 1169Kbps.

[/CODE] [CODE] StartupList report, 7/8/2007, 7:20:45 PM StartupList version: 1.52 Started from : C:\Documents and Settings\Andy\Desktop\StartupList.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ======

Running processes:

C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\RoboMagic\MoonPhase\moon.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\AIM+\AIM+.exe C:\PROGRA~1\AIM\AIM95_c0\aim.exe C:\Program Files\AIM+\AIM+.exe C:\PROGRA~1\AIM\AIM95_c2\aim.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Andy\LOCALS~1\Temp\Rar$EX03.469\BearShare\BearShare.exe C:\Documents and Settings\Andy\Desktop\BearDiag(2).exe C:\Documents and Settings\Andy\Desktop\StartupList.exe

------

Listing of startup folders:

Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Acrobat Speed Launcher.lnk = ? Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe MoonPhase.lnk = C:\Program Files\RoboMagic\MoonPhase\moon.exe NETGEAR WG111T Smart Wizard.lnk = ? NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe,

------Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ehTray = C:\WINDOWS\ehome\ehtray.exe ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Adobe Version Cue CS2 = "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" (Default) = iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" Microsoft Update Machine = iukjhq.exe avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start BearShare = "C:\Program Files\BearShare\BearShare.exe" /pause

------

Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Update Machine = iukjhq.exe

------

Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe SMSystemAnalyzer = "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" System Mechanic Popup Blocker = "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" AIM = "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

------

File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = NOTEPAD.EXE %1

------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\WICCA_SS.SCR drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found*

------

Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962- 6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02- 94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C- B6EB-D4DAF1D92D43} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333- CF10577473F7} (no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} (no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

------

Enumerating Download Program Files:

[Installation Support] InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[ScorchPlugin Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\NPSibelius.dll CODEBASE = http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

------

Enumerating Windows NT logon/logoff scripts: *No scripts set to run*

Windows NT checkdisk command: BootExecute = autocheck autochk *

Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE|| C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE|| C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE|| C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE|| C:\DOCUME~1\Andy\LOCALS~1\Temp\GLB1A2B.EXE

------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

------End of report, 9,070 bytes Report generated in 0.547 seconds

Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

[/CODE] [CODE] Current task list information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600 Details collected on 2007/07/08 19:20:30

PID Process Name File Version Pk Mem Usg. Command line that invoked task 0 System Idle Process 0.0.0.0 0Mb >< 4 System 0.0.0.0 2.43Mb >< 500 smss.exe 5.1.2600.2180 0.49Mb >\SystemRoot\System32\smss.exe< 556 csrss.exe 0.0.0.0 4.04Mb >< 580 winlogon.exe 5.1.2600.2180 15.39Mb >winlogon.exe< 624 services.exe 5.1.2600.2180 4.11Mb >C:\WINDOWS\system32\services.exe< 636 lsass.exe 5.1.2600.2180 6.17Mb >C:\WINDOWS\system32\lsass.exe< 780 ati2evxx.exe 6.14.10.4114 2.16Mb >C:\WINDOWS\system32\Ati2evxx.exe< 828 svchost.exe 5.1.2600.2180 5.45Mb >C:\WINDOWS\system32\svchost -k DcomLaunch< 884 svchost.exe 0.0.0.0 4.71Mb >< 940 svchost.exe 5.1.2600.2180 26.51Mb >C:\WINDOWS\System32\svchost.exe -k netsvcs< 1036 svchost.exe 0.0.0.0 3.29Mb >< 1084 svchost.exe 0.0.0.0 3.42Mb >< 1212 aswUpdSv.exe 4.7.997.0 1.69Mb >"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"< 1272 ashServ.exe 4.7.997.0 66.08Mb >"C:\Program Files\Alwil Software\Avast4\ashServ.exe"< 1404 explorer.exe 6.0.2900.2180 20.34Mb >C:\WINDOWS\Explorer.EXE< 1672 spoolsv.exe 5.1.2600.2696 5.23Mb >C:\WINDOWS\system32\spoolsv.exe< 1848 acs.exe 0.0.0.0 5.6Mb >C:\WINDOWS\system32\acs.exe< 1920 ehtray.exe 5.1.2710.2732 4.59Mb >"C:\WINDOWS\ehome\ehtray.exe" < 1980 realsched.exe 0.1.0.3760 2.68Mb >"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot< 212 ehrecvr.exe 5.1.2715.2773 4.41Mb >C:\WINDOWS\eHome\ehRecvr.exe< 228 acrotray.exe 6.0.1.1333 2.71Mb >"C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" < 256 ehSched.exe 5.1.2710.2732 4.58Mb >C:\WINDOWS\eHome\ehSched.exe< 260 iTunesHelper.exe 7.2.0.34 3.8Mb >"C:\Program Files\iTunes\iTunesHelper.exe" < 320 GoogleUpdaterService 2.2.824.5515 3.23Mb >"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"< 328 ashDisp.exe 4.7.997.0 4.98Mb >"C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" < 428 mm_tray.exe 9.0.5.100 4.34Mb >"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" < 520 HPZipm12.exe 10.1.1.4 1.68Mb >C:\WINDOWS\system32\HPZipm12.exe< 684 issch.exe 3.10.100.1155 0.91Mb >"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start< 836 svchost.exe 0.0.0.0 3.74Mb >< 1392 SMSystemAnalyzer.exe 6.0.23.0 6.44Mb >"C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" < 1388 mcrdsvc.exe 0.0.0.0 2.95Mb >< 2096 aim.exe 5.9.6089.0 27.81Mb >"C:\Program Files\AIM\aim.exe" -cnetwait.odl< 2184 msmsgs.exe 4.7.0.3001 4.67Mb >"C:\Program Files\Messenger\msmsgs.exe" /background< 2528 GoogleUpdater.exe 2.1.871.19925 5.64Mb >"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup< 2548 hpqtra08.exe 70.0.170.0 10.28Mb >"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" < 2572 moon.exe 2.4.1.35 1.92Mb >"C:\Program Files\RoboMagic\MoonPhase\moon.exe" < 2616 wlan111t.exe 1.1.0.1 3.49Mb >"C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe" < 2744 wlancfg5.exe 1.1.7.306 7.46Mb >"C:\Program Files\NETGEAR\WPN311\wlancfg5.exe" /HIDE< 2856 ashMaiSv.exe 4.7.997.0 17.04Mb >"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service< 2988 ashWebSv.exe 4.7.997.0 15.21Mb >"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service< 3080 ehmsas.exe 5.1.2710.2732 2.68Mb >C:\WINDOWS\eHome\ehmsas.exe -Embedding< 3508 firefox.exe 1.8.20070.51502 124.91Mb >"C:\Program Files\Mozilla Firefox\firefox.exe" < 3540 iPodService.exe 7.2.0.34 3.88Mb >"C:\Program Files\iPod\bin\iPodService.exe"< 3784 alg.exe 0.0.0.0 3.46Mb >< 3912 hpqste08.exe 70.0.170.0 10Mb >"C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet D1300 series#1179278215" -Startup< 1840 dllhost.exe 5.1.2600.2180 6.07Mb >C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D- 00805FC79235}< 3872 usnsvc.exe 8.1.178.0 2.5Mb >"C:\Program Files\MSN Messenger\usnsvc.exe"< 2552 msnmsgr.exe 8.1.178.0 38.1Mb >"C:\Program Files\MSN Messenger\msnmsgr.exe" < 920 YahooMessenger.exe 8.1.0.401 41.46Mb >"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" < 2204 AIM+.exe 2.2.1.65 2.8Mb >"C:\Program Files\AIM+\AIM+.exe" < 1116 aim.exe 5.9.6089.0 21.91Mb >"C:\PROGRA~1\AIM\AIM95_c0\aim.exe"< 1700 AIM+.exe 2.2.1.65 2.79Mb >"C:\Program Files\AIM+\AIM+.exe" < 2380 aim.exe 5.9.6089.0 22.2Mb >"C:\PROGRA~1\AIM\AIM95_c2\aim.exe"< 3520 WinRAR.exe 3.70.8.0 9.23Mb >"C:\Program Files\WinRAR\WinRAR.exe" "C:\Documents and Settings\Andy\Desktop\BearShare.zip"< 1120 BearShare.exe 5.2.5.1 27.67Mb >"C:\DOCUME~1\Andy\LOCALS~1\Temp\Rar$EX03.469\BearShare\BearShare.exe" < 3988 BearDiag(2).exe 1.99.17.0 11.38Mb >"C:\Documents and Settings\Andy\Desktop\BearDiag(2).exe" < 876 wmiprvse.exe 0.0.0.0 7.55Mb ><

BearShare library folder information for ANDREW-AC80395D, running WIN_XP, Service Pack 2, build 2600 Details collected on 2007/07/08 19:22:33

Volume in drive C has no label. Volume Serial Number is D4CF-AA27

Directory of C:\Program Files\BearShare\db

07/08/2007 07:22 PM

Default gateway is 192.168.2.1

Domain profile configuration: ------Operational mode = Enable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable

Allowed programs configuration for Domain profile: Mode Name / Program ------Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe

Standard profile configuration (current): ------Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable

Allowed programs configuration for Standard profile: Mode Name / Program ------Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe Enable AOL Instant Messenger / C:\Program Files\AIM\aim.exe Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe Enable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exe Enable Windows Live Messenger 8.1 / C:\Program Files\MSN Messenger\msnmsgr.exe Enable Windows Live Messenger 8.1 (Phone) / C:\Program Files\MSN Messenger\livecall.exe Enable Windows Messenger / C:\Program Files\Messenger\msmsgs.exe Enable Adobe Version Cue CS2 / C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe Enable LimeWire / C:\Program Files\FrostWire\FrostWire.exe Enable LimeWire / C:\Program Files\LimeWire\LimeWire.exe Enable iTunes / C:\Program Files\iTunes\iTunes.exe

Port configuration for Standard profile: Port Protocol Mode Name ------1900 UDP Enable SSDP Component of UPnP Framework

Log configuration: ------File location = C:\WINDOWS\pfirewall.log Max file size = 4096 KB Dropped packets = Disable Connections = Disable

Wireless Network Connection 2 firewall configuration: ------Operational mode = Enable

[/CODE] [CODE] Logfile of HijackThis v1.99.1 Scan saved at 7:21:06 PM, on 7/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe C:\Program Files\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\RoboMagic\MoonPhase\moon.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\AIM+\AIM+.exe C:\PROGRA~1\AIM\AIM95_c0\aim.exe C:\Program Files\AIM+\AIM+.exe C:\PROGRA~1\AIM\AIM95_c2\aim.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Andy\LOCALS~1\Temp\Rar$EX03.469\BearShare\BearShare.exe C:\Documents and Settings\Andy\Desktop\BearDiag(2).exe C:\Documents and Settings\Andy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6- 2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC- 5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA- CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Microsoft Update Machine] iukjhq.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\RunServices: [Microsoft Update Machine] iukjhq.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe" O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: MoonPhase.lnk = C:\Program Files\RoboMagic\MoonPhase\moon.exe O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\AIM95_c2\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

.[/CODE]