1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cyberlink

Discussion in 'Virus & Other Malware Removal' started by reidy100, Nov 12, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    Hi I just checked my ports and it seems to me that I have a few thing opening ports that i dont should be there can anyone help?? Ta Reidy



    Protocol Program [PID] State Local Port Remote Port Path and File Description
    [TCP] svchost.exe [980] LISTENING (2) REID 135 epmap 0.0.0.0 28835 <no filename>
    [TCP] System [4] LISTENING (2) REID 445 microsoft-ds 0.0.0.0 6345 <no filename>
    H [TCP] CLMLService.exe [1408] LISTENING (2) REID 56151 0.0.0.0 30905 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    [TCP] svchost.exe [1020] LISTENING (2) REID 139 netbios-ssn 0.0.0.0 30947 C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
    [TCP] alg.exe [1228] LISTENING (2) localhost 1027 0.0.0.0 51397 <no filename>
    H [TCP] tmproxy.exe [1632] LISTENING (2) localhost 6999 0.0.0.0 30826 C:\Program Files\Trend Micro\Internet Security 2005\tmproxy.exe TmProxy.exe / Trend Micro Network Security Components 1.0
    H [TCP] CLMLService.exe [1408] LISTENING (2) localhost 12346 0.0.0.0 47356 C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    [UDP] System [4] REID 445 microsoft-ds *.*.*.* * <no filename>
    [UDP] lsass.exe [596] REID 500 isakmp *.*.*.* * C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) / Microsoft® Windows® Operating System
    [UDP] lsass.exe [596] REID 4500 *.*.*.* * C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version) / Microsoft® Windows® Operating System
    H [UDP] PcCtlCom.exe [1468] REID 40116 *.*.*.* * C:\Program Files\Trend Micro\Internet Security 2005\PcCtlCom.exe PcCtlCom Module / Trend Micro Internet Security
    H [UDP] CLMLService.exe [1408] REID 50128 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 50416 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 50435 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 50617 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 51314 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 51454 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 51636 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 52408 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 52555 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 52688 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 54827 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 54975 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 55546 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 55746 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 56061 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 56444 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 57254 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 57818 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 57825 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 58026 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 58201 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 58696 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 60105 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 60306 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 60809 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 63444 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 64182 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 64342 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    [UDP] svchost.exe [1020] REID 123 ntp *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
    [UDP] svchost.exe [1020] REID 137 netbios-ns *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
    [UDP] svchost.exe [1020] REID 138 netbios-dgm *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
    H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    [UDP] svchost.exe [1112] REID 1900 *.*.*.* * <no filename>
    H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    H [UDP] CLMLService.exe [1408] REID 1900 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    [UDP] svchost.exe [1020] localhost 123 ntp *.*.*.* * C:\WINDOWS\system32\svchost.exe Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
    H [UDP] CLMLService.exe [1408] localhost 1025 *.*.*.* * C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe Cyberlink MediaLibrary NT Service
    [UDP] svchost.exe [1112] localhost 1900 *.*.*.* * <no filename>
     
  2. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    OOps can anyone make sense of that report?
     
  3. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    oh yes hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 14:53:58, on 12/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\WINDOWS\system32\BtUsrBdg.exe
    C:\WINDOWS\system32\BTSetBootKey.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
    C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
    C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
    C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
    C:\Program Files\SurfAccuracy\SAcc.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
    O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Startup.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://66.29.7.159/toolbar/cabs/free_access.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122105569843
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122394828437
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A85CA0AC-973E-441F-8C01-5D0C6AFB7768}: NameServer = 62.6.40.178 194.72.9.38
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  4. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    whats a matter with u guys tooo hard 4 ya ??????????deeply dissapointed here
     
  5. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    how bout looking into it 4 ya reidy?
     
  6. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    how about looking into this problem 4 you reidy or is it too hard a problem 4 ya ??????????????????????????????????????????????????????????????
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,626
    I received your PM and please don't be some impatient. We have a lot to handle here.

    Download Cleanup from Here
    • A window will open and choose SAVE, then DESKTOP as the destination.
    • On your Desktop, click on Cleanup40.exe icon.
    • Then, click RUN and place a checkmark beside "I Agree"
    • Then click NEXT followed by START and OK.
    • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
    • Click OK
    • DO NOT RUN IT YET


    Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.

    Click here for info on how to boot to safe mode if you don't already know how.


    Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    Restart your computer into safe mode now. Perform the following steps in safe mode:


    Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop



    Run Cleanup:
    • Click on the "Cleanup" button and let it run.
    • Once its done, close the program.


    Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Restart back into Windows normally now.


    Do a Panda Active Scan. Be sure to save the log it creates.


    Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.


    Once you've done that, go to the following site and run the ShieldsUp! test and let us know the results please.

    http://grc.com/default.htm
     
  8. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    ok thnx

    Ewido

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 21:39:33, 14/11/2005
    + Report-Checksum: B609255F

    + Scan result:

    HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKU\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    C:\Documents and Settings\Chris\Cookies\chris@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Chris\Cookies\chris@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Chris\Cookies\chris@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\steve@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
    C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Steve\Local Settings\Temp\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
    C:\Documents and Settings\Steve\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
    C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\QSAPX2YP\sidefind[1].exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
    C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\S9AZ4L2R\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
    C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\S9AZ4L2R\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
    C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\WINDOWS\SoftwareDistribution\Download\77495dabb3d23980860e874027902150202a4f21/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
    C:\WINDOWS\SoftwareDistribution\Download\77495dabb3d23980860e874027902150202a4f21/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
    C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup


    ::Report End

    Panda

    Incident Status Location

    Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
    Adware:adware/block-checker No disinfected C:\WINDOWS\SYSTEM32\ustart.exe
    Adware:adware/ist.yoursitebar No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\YSBactivex.dll
    Adware:adware/powerscan No disinfected C:\PROGRAM FILES\Power Scan
    Adware:adware/surfaccuracy No disinfected C:\PROGRAM FILES\SurfAccuracy
    Adware:adware/ist.istbar No disinfected Windows Registry
    New HJTLogfile of HijackThis v1.99.1
    Scan saved at 22:45:30, on 14/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\WINDOWS\system32\BtUsrBdg.exe
    C:\WINDOWS\system32\BTSetBootKey.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\SurfAccuracy\SAcc.exe
    C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
    C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
    C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
    C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
    O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Startup.exe
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://66.29.7.159/toolbar/cabs/free_access.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122105569843
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122394828437
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A85CA0AC-973E-441F-8C01-5D0C6AFB7768}: NameServer = 62.6.40.178 194.72.9.38
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    Cant see where to d/l or execute Shields Up at that site tho

    Cheers Reidy100
     
  9. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    shields up done a few tests

    Attempting connection to your computer. . .
    Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
    Your Internet port 139 does not appear to exist!
    One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
    Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2005-11-14 at 23:30:33

    Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    119, 135, 139, 143, 389, 443, 445,
    1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
    26 Ports Stealth
    ---------------------
    26 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.


    is this what you meant???


    btw cyberlink and clmlservice.exe still appearin my open ports
     
  10. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    and in msconfig utility services Cyberlink background capture service, Cyberlink task scheduler,Cberlink media library service,Smartlinkservice are ticked (To run at Startup???) is this correct?
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,626
    Were you not aware that you had the Cyberlink program?
     
  12. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    I have no idea what it is, or if i need it. and i dont know what Smartlink service is either. if i dont need it i wanna get rid of it, i dont like it taking over stuff if it is.

    Anything on my HJT log?
     
  13. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    Smartlink service is to do with my 56k modem, but im on 2M Broadband so im happy to leave that alone.i will search the forums about Cyberlink
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,626
    Cyberlink is a DVD burning/editing program.
     
  15. reidy100

    reidy100 Thread Starter

    Joined:
    May 11, 2005
    Messages:
    222
    so when i use SIW from http://www3.sympatico.ca/gtopala/ and select open ports it comes up with 720 open ports most used by cyberlink I would post a screenshot but its too big (see my first post if u can make sense of it) I want to remove Cyberlink completely and safely is there anyone here who can advise me how to ????????? AND ensure it comes off those ports????? PLSE sorry for shouting
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/416067