Code:
BEARDIAG ISSUES - brief summary: (Extracted on 2006/06/13 19:52:55)
Spyware Zango found!
Spyware Zango found!
Spyware Zango found!
Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration error
Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration error
More technical diagnostic troubleshooting information follows:
Code:
BEARDIAG: Bearcare for BearShare.
Details collected on 2006/06/13 19:50:07, BEARDIAG Version 01.99.3.0 beta, expires 2006/11/15 (155 days), running from C:\Program Files\
System Resource Information
OS Version is: WIN_98,
Free System Resources: 64%,
Free GDI Resources: 75%,
Free User Resources: 64%
OS Version is: WIN_98, Service pack: A, OS Build: 2222, Computer Name: PAVILION
Browser name: C:\PROGRA~1\YAHOO!\BROWSER\YBROWSER.EXE %1, version: 0.0.0.0, Admin user? YES
System Memory Parameters: Memory in use: 40%
Total Physical RAM: 383.0Mb Available Physical RAM: 147.0Mb
Total Pagefile: 1.6Gb Available Pagefile: 1.5Gb
Internet IP Address 70.250.xxx.xxx
File Locations
Program files are at: C:\Program Files, System Temporary files are at: c:\windows\TEMP, Common desktop is at:C:\WINDOWS\All Users\Desktop
BearShare version installed is: 5.2.4.3, Gnutella servent BearShare full path is: C:\Program Files\BearShare\
Temporary downloads at: C:\PROGRAM FILES\BEARSHARE\Temp\, Completed downloads at: C:\My Downloads\
Disk statistics
Drive C: Total space: 114.47Gb Free: 33.26Gb Full: 70.9% Vol type: FAT32
Folder Statistics
Temporary downloads folder: Space used: 5.0Gb, File count: 97, Write access allowed? YES
Completed downloads folder: Space used: 726.4Mb, File count: 10, Write access allowed? YES
BearShare library file 'library.db' size is 343.0Kb, '/db' library folder size is 1.5Mb, console log size is 491
FreePeers.ini settings
The freepeers.ini file is found at C:\Program Files\BearShare\FreePeers.ini. The extracted settings are as follows:
ProductLogic
Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc
Network
1 : connectionType; Network connection type
(0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values)
6348 : listenPort; TCP/IP port number to listen on
Hosts
No : bNeverBecomeUltrapeer; Disable UltraPeer mode
Authentication
No bAuthenticateHosts; Authenticate host connections
No bAuthenticateDownloads; Authenticate search results and downloads
GBandwidthLogic
Yes : bSymmetric; Is Internet connection symmetric
1024 : totalKbps; Maximum bandwidth for symmetric connections
256 : sendKbps; Maximum outbound bandwidth for asymmetric connections
1024 : recvKbps; Maximum inbound bandwidth for asymmetric connections
No : bMaxHostsKbps; Limit host bandwidth
0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts
No : bMaxUploadsKbps; Limit upload bandwidth
0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads
No : bMaxDownloadsKbps; Limit download bandwidth
0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads
HostLogic
No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?
FirewallLogic
Yes : bTcpNFW; yes if TCP is not firewalled
Yes : bUdpNFW; yes if UDP is not firewalled
6348 : UDP Port; UDP port
Downloads
C:\My Downloads : szDownloadsDir; Directory where completed and hashed downloads are moved to
C:\PROGRAM FILES\BEARSHARE\Temp : szTempDir; Directory where partial downloads are kept
8 : dlMaxFiles; Maximum files to download at once
20 : dlMaxStreams; Maximum connections total
8 : dlMaxStreamsFile; Maximum connections per file
No : bDelCompletedDownloads; ; Automatically remove completed downloads
Yes : bEnableSparseFiles; Enable Sparse files for temporary files
No : bDisablePushSources; Never send Push messages
No : bDisablePushProxySources; Never send Push Proxy requests
Uploads
8 : maxTotUploads; Maximum files to upload at once
27105 : lastSendBpsMaxAvg; last session average outgoing bandwidth
Firewall testing
Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration error
Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration error
C:\Program Files\BearShare\db\BearShareHostiles.zip: 1361560 bytes transferred over 12.99 seconds. Download speed is 839Kbps. Unzip and install in C:\Program Files\BearShare\db\ folder
BearShare anti-Hostiles List, last updated 2006/05/25 11:21:18 on the local computer is 3768 bytes long, and 10384336 bytes on the internet - check if needs updating
LSPFix: 186368 bytes transferred over 1.86 seconds. Download speed is 801Kbps.
Code:
StartupList report, 6/13/06, 7:50:17 PM
StartupList version: 1.52
Started from : C:\PROGRAM FILES\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\MPS\MSCIFAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\PROGRAM FILES\ZANGO\ZANGO.EXE
C:\PROGRAM FILES\BEARDIAG.EXE
C:\PROGRAM FILES\STARTUPLIST.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
MCAgentExe = C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
MPFEXE = "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
MSKAGENTEXE = C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
zango = "c:\program files\zango\zango.exe"
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
(Created 13/6/2006, 19:41:4)
[Rename]
nul=c:\windows\TEMP\mcu9033.TMP\mskf.cfu
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 13/6/2006, 14:13:46)
[Rename]
nul=c:\windows\TEMP\mcuD2C4.TMP\mskf.cfu
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
path C:\WINDOWS;C:\WINDOWS\COMMAND
call c:\dosboot\drivers.bat
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}
McAfee PopupKiller - C:\PROGRAM FILES\MCAFEE.COM\MPS\POPUPKILLER.DLL - {3EC8255F-E043-4cae-8B3B-B191550C2A22}
(no name) - C:\PROGRAM FILES\MCAFEE.COM\MPS\MCBRHLPR.DLL - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
(no name) - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000}
Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D8795B7F4E2137CE - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL - {56F1D444-11BF-4879-A12B-79CF0177F038}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
--------------------------------------------------
Enumerating Download Program Files:
[{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}]
CODEBASE = C:\Program Files\Yahoo!\common\yinsthelper.dll
[YahooYMailTo Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
CODEBASE = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
[PhotosCtrl Class]
InProcServer32 = C:\PROGRAM FILES\YAHOO!\COMMON\YPHOTOS.DLL
CODEBASE = http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
[YAddBook Class]
InProcServer32 = C:\PROGRA~1\YAHOO!\COMMON\YADDBOOK.DLL
CODEBASE = http://download.yahoo.com/dl/installs/yab_af.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
--------------------------------------------------
End of report, 4,607 bytes
Report generated in 0.024 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
BearShare library folder information for PAVILION, running WIN_98, A, build 2222
Details collected on 2006/06/13 19:52:55
Volume in drive C is HP_PAVILION
Volume Serial Number is 3F30-11E2
Directory of C:\Program Files\BearShare\db
. <DIR> 05-25-06 10:48a .
.. <DIR> 05-25-06 10:48a ..
BEARSH~1 ZIP 1,361,560 06-13-06 7:52p BearShareHostiles.zip
CONFIG BIN 2,974 05-25-06 10:50a config.bin
CONNECT TXT 108,545 06-13-06 7:49p connect.txt
GWEBCA~1 DAT 1,469 06-13-06 7:49p gwebcache.dat
HOSTILES TXT 10,384,336 04-30-06 8:37p Hostiles.txt
HOSTILES OLD 3,768 05-25-06 11:21a Hostiles.old
HOSTIL~1 TXT 0 06-13-06 7:49p Hostiles-Chat.txt
LIBRARY DB 351,232 06-11-06 8:29p library.db
LIBRAR~1 DB 351,232 06-11-06 8:29p library.2.db
LIBRAR~1 BAK 351,232 06-11-06 8:29p library.db.lastgoodload.bak
LIBRAR~2 BAK 351,232 06-11-06 8:29p library.2.db.lastgoodload.bak
SEARCHES INI 19 06-13-06 7:49p searches.ini
12 file(s) 13,267,599 bytes
2 dir(s) 34,067.34 MB free
[/SIZE][/CODE]
Code:
Logfile of HijackThis v1.99.1
Scan saved at 7:50:29 PM, on 6/13/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\MPS\MSCIFAPP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\PROGRAM FILES\ZANGO\ZANGO.EXE
C:\PROGRAM FILES\BEARDIAG.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - C:\PROGRAM FILES\MCAFEE.COM\MPS\POPUPKILLER.DLL
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - C:\PROGRAM FILES\MCAFEE.COM\MPS\MCBRHLPR.DLL
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D8795B7F4E2137CE - {56F1D444-11BF-4879-A12B-79CF0177F038} - C:\PROGRAM FILES\ZANGO\ZANGOHOOK.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\MCAFEE\SPAMKI~1\MSKAGENT.EXE
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MCAPFBHO.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
.