Code:
BEARDIAG ISSUES - brief summary: (Extracted on 2006/06/17 21:55:06)
Physical Memory size of 246.4Mb may be an issue.
Spyware Zango found!
Spyware Zango found!
Spyware Zango found!
System drive C: is not configured for NTFS file system.
BearShare configured TCP port 6348 appears to be firewalled.
BearShare configured UDP port 0 appears to be firewalled.
BearShare currently shows port 6348 for TCP and port 0 for UDP that need to match with your firewall/router configuration
BearShare configured "UDP port" setting should be altered to reflect a non-zero value - suggest 6348
BearShare configured 'Automatically remove completed downloads' setting = YES - this can cause errors
You are behind a NAT firewall and/or router.
Refer to the following guidelines to rectify firewall issues at:
- the Firewall FAQ at the official BearShare Help site www.bearshare.com/help/firewalls/index.htm,
- the definitive guide to port forwarding and setting up a static IP address at http://www.portforward.com/english/applications/port_forwarding/BearS/BearSindex.htm
Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration error
More technical diagnostic troubleshooting information follows:
Code:
BEARDIAG: Bearcare for BearShare.
Details collected on 2006/06/17 21:42:01, BEARDIAG Version 01.99.3.0 beta, expires 2006/11/15 (151 days), running from C:\Documents and Settings\Jesse Poitier\Desktop\
System Hardware Information
CPU Type is: Intel(R) Celeron(R) M processor 1.50GHz, CPU speed is approx: 1496Mhz, System BIOS date is: 2005/12/15
OS Version is: WIN_XP, Service pack: Service Pack 2, OS Build: 2600, Computer Name: JESSE
Browser name: C:\Program Files\Internet Explorer\iexplore.exe, version: 6.0.2900.2180, Admin user? YES
System Memory Parameters: Memory in use: 81%
Total Physical RAM: 246.4Mb Available Physical RAM: 44.6Mb
Total Pagefile: 602.4Mb Available Pagefile: 371.7Mb
Internet IP Address 70.151.xxx.xxx Private IP Address 192.168.1.2 You are behind a NAT firewall and/or router.
File Locations
Program files are at: C:\Program Files, System Temporary files are at: C:\DOCUME~1\JESSEP~1\LOCALS~1\Temp, Common desktop is at:C:\Documents and Settings\All Users\Desktop
BearShare version installed is: 5.2.4.7, Gnutella servent BearShare full path is: C:\Program Files\BearShare\
Temporary downloads at: C:\Program Files\BearShare\Temp\, Completed downloads at: C:\My Downloads\
Disk statistics
Drive C: Total space: 16.45Gb Free: 6.93Gb Full: 57.8% Vol type: FAT32
Folder Statistics
Temporary downloads folder: Space used: 0, File count: 0, Write access allowed? YES
Completed downloads folder: Space used: 12.9Mb, File count: 2, Write access allowed? YES
BearShare library file 'library.db' size is 63.0Kb, '/db' library folder size is 366.8Kb, console log size is 0
FreePeers.ini settings
The freepeers.ini file is found at C:\Program Files\BearShare\FreePeers.ini. The extracted settings are as follows:
ProductLogic
Yes : bAlwaysUpdate; Always Download and announce latest signaled BearShare program updates from FreePeers.inc
Network
1 : connectionType; Network connection type
(0=Modem/AOL/ISDN, 1=Broadband/Cable/DSL/Wireless, 2=Satellite, 3=T1/T3/LAN/OC3/Microwave, 4=Custom values)
6348 : listenPort; TCP/IP port number to listen on
Hosts
No : bNeverBecomeUltrapeer; Disable UltraPeer mode
Authentication
No bAuthenticateHosts; Authenticate host connections
No bAuthenticateDownloads; Authenticate search results and downloads
GBandwidthLogic
Yes : bSymmetric; Is Internet connection symmetric
1024 : totalKbps; Maximum bandwidth for symmetric connections
256 : sendKbps; Maximum outbound bandwidth for asymmetric connections
1024 : recvKbps; Maximum inbound bandwidth for asymmetric connections
No : bMaxHostsKbps; Limit host bandwidth
0 : maxHostsKbps; Kbps of send/receive bandwidth to limit hosts
No : bMaxUploadsKbps; Limit upload bandwidth
0 : maxUploadsKbps; Kbps of send bandwidth to limit uploads
No : bMaxDownloadsKbps; Limit download bandwidth
0 : maxDownloadsKbps; Kbps of receive bandwidth to limit downloads
HostLogic
No : m_bEverUltrapeerCapable; Has client ever been an UltraPeer?
FirewallLogic
No : bTcpNFW; yes if TCP is not firewalled
No : bUdpNFW; yes if UDP is not firewalled
0 : UDP Port; UDP port
Downloads
C:\My Downloads : szDownloadsDir; Directory where completed and hashed downloads are moved to
C:\Program Files\BearShare\Temp : szTempDir; Directory where partial downloads are kept
8 : dlMaxFiles; Maximum files to download at once
20 : dlMaxStreams; Maximum connections total
8 : dlMaxStreamsFile; Maximum connections per file
Yes : bDelCompletedDownloads; ; Automatically remove completed downloads
Yes : bEnableSparseFiles; Enable Sparse files for temporary files
No : bDisablePushSources; Never send Push messages
No : bDisablePushProxySources; Never send Push Proxy requests
Uploads
8 : maxTotUploads; Maximum files to upload at once
0 : lastSendBpsMaxAvg; last session average outgoing bandwidth
Firewall testing
Could not communicate with http://www3.limewire.com:6348/ - possible firewall configuration error
Testing on UDP port: 0 worked - http://www3.limewire.com:0/ is accessible.
C:\Program Files\BearShare\db\BearShareHostiles.zip: -1 bytes transferred over 672.54 seconds. Download speed is -0Kbps. Unzip and install in C:\Program Files\BearShare\db\ folder
BearShare anti-Hostiles List, last updated 2006/06/15 23:20:34 on the local computer is 3768 bytes long, and 10384336 bytes on the internet - check if needs updating
LSPFix: 186368 bytes transferred over 20.80 seconds. Download speed is 72Kbps.
Code:
StartupList report, 6/17/2006, 9:42:17 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Jesse Poitier\Desktop\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\program files\zango\zango.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1150384177\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jesse Poitier\Desktop\BearDiag.exe
C:\Documents and Settings\Jesse Poitier\Desktop\StartupList.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zango = "c:\program files\zango\zango.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Aim6 = "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
1&1 EasyLogin = "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\plusaqar.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D77F5E7946203FC5 - c:\program files\zango\zangohook.dll - {56F1D444-11BF-4879-A12B-79CF0177F038}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Download Program Files:
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150397183921
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 4,540 bytes
Report generated in 0.297 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Code:
Current task list information for JESSE, running WIN_XP, Service Pack 2, build 2600
Details collected on 2006/06/17 21:42:09
Process Name PID File Version Command line Peak Memory Usage (Kb) PageFaults VM Page File Usage (Kb) Handles Threads ReadOperations WriteOperations ReadTransferCount WriteTransferCount
System Idle Process 0 0.0.0.0 >0< 0Kb 0 0Kb 0 1 0 0 0 0
System 4 0.0.0.0 >0< 2472Kb 7187 0Kb 342 52 135 614 1946054 3711126
SMSS.EXE 460 5.1.2600.2180 >\SystemRoot\System32\smss.exe< 480Kb 212 168Kb 21 3 9 4 4122 4
CSRSS.EXE 516 0.0.0.0 >0< 3716Kb 3855 1684Kb 440 10 34232 0 1479576 0
WINLOGON.EXE 540 5.1.2600.2180 >winlogon.exe< 17140Kb 10102 7232Kb 429 16 240 278 2159409 891869
SERVICES.EXE 584 5.1.2600.2180 >C:\WINDOWS\system32\services.exe< 4224Kb 2843 2076Kb 266 15 36 262 3380 36805
LSASS.EXE 596 5.1.2600.2180 >C:\WINDOWS\system32\lsass.exe< 5960Kb 4741 3960Kb 366 22 4825 4124 864172 529072
SVCHOST.EXE 740 5.1.2600.2180 >C:\WINDOWS\system32\svchost -k DcomLaunch< 5156Kb 1618 3320Kb 211 19 99 22 329370 1568
SVCHOST.EXE 788 0.0.0.0 >0< 4272Kb 1263 1928Kb 288 10 120 41 329676 580
SVCHOST.EXE 828 5.1.2600.2180 >C:\WINDOWS\System32\svchost.exe -k netsvcs< 27476Kb 18234 19120Kb 1624 80 5206 1663 5738674 2903448
SVCHOST.EXE 884 0.0.0.0 >0< 3404Kb 1641 1408Kb 91 6 32 18 5878 204
SVCHOST.EXE 980 0.0.0.0 >0< 6420Kb 2477 6972Kb 229 19 97 15 328612 1057
SPOOLSV.EXE 1184 5.1.2600.2696 >C:\WINDOWS\system32\spoolsv.exe< 4964Kb 1767 3368Kb 124 11 41 40 24900 508
admServ.exe 1284 1.5.28.78 >"C:\Acer\Empowering Technology\admServ.exe"< 8652Kb 2720 5432Kb 158 9 426 38 1000791 139475
ALG.EXE 1820 0.0.0.0 >0< 3552Kb 945 1244Kb 106 6 5 4 23156 156
EXPLORER.EXE 868 6.0.2900.2180 >C:\WINDOWS\Explorer.EXE< 25016Kb 31468 17292Kb 508 17 2414 17 6008170 1980
WSCNTFY.EXE 1052 5.1.2600.2180 >C:\WINDOWS\system32\wscntfy.exe< 2324Kb 608 664Kb 36 1 0 0 0 0
zango.exe 1120 8.0.63.0 >"C:\program files\zango\zango.exe" < 11684Kb 7340 6888Kb 271 8 70725 9198 153541747 17783172
realsched.exe 696 0.1.0.3510 >"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot< 2948Kb 12918 1112Kb 111 5 10 3 25355 216
ctfmon.exe 1684 5.1.2600.2180 >"C:\WINDOWS\system32\ctfmon.exe" < 3228Kb 925 972Kb 68 1 0 0 0 0
SVCHOST.EXE 140 5.1.2600.2180 >C:\WINDOWS\System32\svchost.exe -k HTTPFilter< 3452Kb 890 1656Kb 93 8 3 3 114 84
aolsoftware.exe 488 1.4.16.3 >"C:\Program Files\Common Files\AOL\1150384177\ee\aolsoftware.exe" /Embedding /c defaultCfg < 15812Kb 16538 8704Kb 545 22 149499 68697 12267641 1849492
wmplayer.exe 2892 11.0.5358.4827 >"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1< 19916Kb 204573 21700Kb 451 16 12781 125 34275743 753407
wuauclt.exe 1580 5.8.0.2469 >"C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[33c]SUSDSf9d42f649cfd914c984783269424e260< 6956Kb 1833 6608Kb 179 8 78 31 608148 125072
iexplore.exe 3764 6.0.2900.2180 >"C:\Program Files\Internet Explorer\iexplore.exe" < 23888Kb 9241 13152Kb 428 13 1007 424 1147383 1235503
BearDiag.exe 936 1.99.3.0 >"C:\Documents and Settings\Jesse Poitier\Desktop\BearDiag.exe" < 8736Kb 2878 4148Kb 209 4 134 41 2051615 626288
wmiprvse.exe 2596 0.0.0.0 >0< 5588Kb 1423 2992Kb 139 6 13 12 23860 888
BearShare library folder information for JESSE, running WIN_XP, Service Pack 2, build 2600
Details collected on 2006/06/17 21:55:07
Volume in drive C is ACER
Volume Serial Number is 1568-13FD
Directory of C:\Program Files\BearShare\db
06/15/2006 11:47 AM <DIR> .
06/15/2006 11:47 AM <DIR> ..
06/17/2006 09:54 PM 1,221,632 BearShareHostiles.zip
06/15/2006 11:51 AM 2,974 config.bin
06/17/2006 06:59 AM 109,059 connect.txt
06/17/2006 03:44 AM 1,740 gwebcache.dat
06/15/2006 11:20 PM 3,768 Hostiles.old
06/17/2006 03:44 AM 0 Hostiles-Chat.txt
06/16/2006 02:08 AM 64,512 library.2.db
06/16/2006 02:08 AM 64,512 library.2.db.lastgoodload.bak
06/16/2006 02:08 AM 64,512 library.db
06/16/2006 02:08 AM 64,512 library.db.lastgoodload.bak
06/17/2006 03:44 AM 19 searches.ini
11 File(s) 1,597,240 bytes
2 Dir(s) 7,441,645,568 bytes free
Code:
Logfile of HijackThis v1.99.1
Scan saved at 9:42:31 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\program files\zango\zango.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1150384177\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jesse Poitier\Desktop\BearDiag.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jesse Poitier\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D77F5E7946203FC5 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [1&1 EasyLogin] "C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150397183921
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
. I have 2 other computers connected to the router through ethernet cords.
The router is a moterolla Surfboard, and the router is a netgear wireless router.