Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Cyberlink

(New)
(!)

reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
12-Nov-2005, 09:33 AM #1
Cyberlink
Hi I just checked my ports and it seems to me that I have a few thing opening ports that i dont should be there can anyone help?? Ta Reidy



Protocol Program [PID] State Local Port Remote Port Path and File Description
[TCP] svchost.exe [980] LISTENING (2) REID 135 epmap 0.0.0.0 28835 <no filename>
[TCP] System [4] LISTENING (2) REID 445 microsoft-ds 0.0.0.0 6345 <no filename>
H [TCP] CLMLService.exe [1408] LISTENING (2) REID 56151 0.0.0.0 30905 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
[TCP] svchost.exe [1020] LISTENING (2) REID 139 netbios-ssn 0.0.0.0 30947 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[TCP] alg.exe [1228] LISTENING (2) localhost 1027 0.0.0.0 51397 <no filename>
H [TCP] tmproxy.exe [1632] LISTENING (2) localhost 6999 0.0.0.0 30826 C:\Program Files\Trend Micro\Internet Security 2005\tmproxy.exe TmProxy.exe / Trend Micro Network Security Components 1.0
H [TCP] CLMLService.exe [1408] LISTENING (2) localhost 12346 0.0.0.0 47356 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
[UDP] System [4] REID 445 microsoft-ds *.*.*.* * <no filename>
[UDP] lsass.exe [596] REID 500 isakmp *.*.*.* * C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) / Microsoft® Windows® Operating System
[UDP] lsass.exe [596] REID 4500 *.*.*.* * C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) / Microsoft® Windows® Operating System
H [UDP] PcCtlCom.exe [1468] REID 40116 *.*.*.* * C:\Program Files\Trend Micro\Internet Security 2005\PcCtlCom.exe PcCtlCom Module / Trend Micro Internet Security
H [UDP] CLMLService.exe [1408] REID 50128 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 50416 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 50435 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 50617 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 51314 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 51454 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 51636 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 52408 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 52555 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 52688 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 54827 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 54975 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 55546 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 55746 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 56061 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 56444 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 57254 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 57818 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 57825 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 58026 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 58201 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 58696 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 60105 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 60306 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 60809 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 63444 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 64182 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 64342 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
[UDP] svchost.exe [1020] REID 123 ntp *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP] svchost.exe [1020] REID 137 netbios-ns *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP] svchost.exe [1020] REID 138 netbios-dgm *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
[UDP] svchost.exe [1112] REID 1900 *.*.*.* * <no filename>
H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
[UDP] svchost.exe [1020] localhost 123 ntp *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
H [UDP] CLMLService.exe [1408] localhost 1025 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
[UDP] svchost.exe [1112] localhost 1900 *.*.*.* * <no filename>
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
12-Nov-2005, 09:34 AM #2
OOps can anyone make sense of that report?
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
12-Nov-2005, 10:55 AM #3
oh yes hjt log

Logfile of HijackThis v1.99.1
Scan saved at 14:53:58, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Startup.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pi...es/CUworld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122105569843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1122394828437
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85CA0AC-973E-441F-8C01-5D0C6AFB7768}: NameServer = 62.6.40.178 194.72.9.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
12-Nov-2005, 05:27 PM #4
whats a matter with u guys tooo hard 4 ya ??????????deeply dissapointed here
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
12-Nov-2005, 05:28 PM #5
how bout looking into it 4 ya reidy?
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
12-Nov-2005, 05:30 PM #6
how about looking into this problem 4 you reidy or is it too hard a problem 4 ya ??????????????????????????????????????????????????????????????
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,889 posts.
 
Join Date: Aug 2003
12-Nov-2005, 06:48 PM #7
I received your PM and please don't be some impatient. We have a lot to handle here.

Download Cleanup from Here
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • DO NOT RUN IT YET


Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.

Click here for info on how to boot to safe mode if you don't already know how.


Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


Restart your computer into safe mode now. Perform the following steps in safe mode:


Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop



Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.


Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Restart back into Windows normally now.


Do a Panda Active Scan. Be sure to save the log it creates.


Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.


Once you've done that, go to the following site and run the ShieldsUp! test and let us know the results please.

http://grc.com/default.htm
__________________
Microsoft MVP - Consumer Security
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
14-Nov-2005, 06:47 PM #8
ok thnx

Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 21:39:33, 14/11/2005
+ Report-Checksum: B609255F

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\chris@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temp\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\QSAPX2YP\sidefind[1].exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\S9AZ4L2R\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\S9AZ4L2R\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\77495dabb3d23980860e87402790215020 2a4f21/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\77495dabb3d23980860e87402790215020 2a4f21/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup


::Report End

Panda

Incident Status Location

Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:adware/block-checker No disinfected C:\WINDOWS\SYSTEM32\ustart.exe
Adware:adware/ist.yoursitebar No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\YSBactivex.dll
Adware:adware/powerscan No disinfected C:\PROGRAM FILES\Power Scan
Adware:adware/surfaccuracy No disinfected C:\PROGRAM FILES\SurfAccuracy
Adware:adware/ist.istbar No disinfected Windows Registry
New HJTLogfile of HijackThis v1.99.1
Scan saved at 22:45:30, on 14/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Startup.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pi...es/CUworld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122105569843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1122394828437
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85CA0AC-973E-441F-8C01-5D0C6AFB7768}: NameServer = 62.6.40.178 194.72.9.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Cant see where to d/l or execute Shields Up at that site tho

Cheers Reidy100
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
14-Nov-2005, 07:38 PM #9
shields up done a few tests

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2005-11-14 at 23:30:33

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


is this what you meant???


btw cyberlink and clmlservice.exe still appearin my open ports
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
14-Nov-2005, 07:57 PM #10
and in msconfig utility services Cyberlink background capture service, Cyberlink task scheduler,Cberlink media library service,Smartlinkservice are ticked (To run at Startup???) is this correct?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,889 posts.
 
Join Date: Aug 2003
14-Nov-2005, 10:19 PM #11
Were you not aware that you had the Cyberlink program?
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
15-Nov-2005, 11:32 AM #12
I have no idea what it is, or if i need it. and i dont know what Smartlink service is either. if i dont need it i wanna get rid of it, i dont like it taking over stuff if it is.

Anything on my HJT log?
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
15-Nov-2005, 11:42 AM #13
Smartlink service is to do with my 56k modem, but im on 2M Broadband so im happy to leave that alone.i will search the forums about Cyberlink
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,889 posts.
 
Join Date: Aug 2003
15-Nov-2005, 11:58 AM #14
Cyberlink is a DVD burning/editing program.
reidy100's Avatar
reidy100 reidy100 is offline
Member with 222 posts.
THREAD STARTER
 
Join Date: May 2005
Location: London England
Experience: sort of intermediate not scared
15-Nov-2005, 01:26 PM #15
so when i use SIW from http://www3.sympatico.ca/gtopala/ and select open ports it comes up with 720 open ports most used by cyberlink I would post a screenshot but its too big (see my first post if u can make sense of it) I want to remove Cyberlink completely and safely is there anyone here who can advise me how to ????????? AND ensure it comes off those ports????? PLSE sorry for shouting

Last edited by reidy100; 15-Nov-2005 at 01:47 PM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑