# Cyberlink



## reidy100 (May 11, 2005)

Hi I just checked my ports and it seems to me that I have a few thing opening ports that i dont should be there can anyone help?? Ta Reidy

Protocol	Program [PID]	State	Local	Port	Remote	Port	Path and File	Description
[TCP]	svchost.exe [980]	LISTENING (2)	REID	135 epmap	0.0.0.0	28835	<no filename>	
[TCP]	System [4]	LISTENING (2)	REID	445 microsoft-ds	0.0.0.0	6345	<no filename>	
H	[TCP]	CLMLService.exe [1408]	LISTENING (2)	REID	56151	0.0.0.0	30905	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
[TCP]	svchost.exe [1020]	LISTENING (2)	REID	139 netbios-ssn	0.0.0.0	30947	C:\WINDOWS\system32\svchost.exe	Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[TCP]	alg.exe [1228]	LISTENING (2)	localhost	1027	0.0.0.0	51397	<no filename>	
H	[TCP]	tmproxy.exe [1632]	LISTENING (2)	localhost	6999	0.0.0.0	30826	C:\Program Files\Trend Micro\Internet Security 2005\tmproxy.exe	TmProxy.exe / Trend Micro Network Security Components 1.0
H	[TCP]	CLMLService.exe [1408]	LISTENING (2)	localhost	12346	0.0.0.0	47356	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
[UDP]	System [4] REID	445 microsoft-ds	*.*.*.*	*	<no filename>	
[UDP]	lsass.exe [596] REID	500 isakmp	*.*.*.*	*	C:\WINDOWS\system32\lsass.exe	LSA Shell (Export Version) / Microsoft® Windows® Operating System
[UDP]	lsass.exe [596] REID	4500	*.*.*.*	*	C:\WINDOWS\system32\lsass.exe	LSA Shell (Export Version) / Microsoft® Windows® Operating System
H	[UDP]	PcCtlCom.exe [1468] REID	40116	*.*.*.*	*	C:\Program Files\Trend Micro\Internet Security 2005\PcCtlCom.exe	PcCtlCom Module / Trend Micro Internet Security
H	[UDP]	CLMLService.exe [1408] REID	50128	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	50416	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	50435	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	50617	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	51314	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	51454	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	51636	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	52408	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	52555	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	52688	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	54827	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	54975	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	55546	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	55746	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	56061	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	56444	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	57254	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	57818	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	57825	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	58026	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	58201	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	58696	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	60105	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	60306	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	60809	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	63444	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	64182	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	64342	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] host86-138-156-106.range86-138.btcentralplus.com	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
[UDP]	svchost.exe [1020] REID	123 ntp	*.*.*.*	*	C:\WINDOWS\system32\svchost.exe	Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP]	svchost.exe [1020] REID	137 netbios-ns	*.*.*.*	*	C:\WINDOWS\system32\svchost.exe	Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
[UDP]	svchost.exe [1020] REID	138 netbios-dgm	*.*.*.*	*	C:\WINDOWS\system32\svchost.exe	Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
H	[UDP]	CLMLService.exe [1408] REID	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
[UDP]	svchost.exe [1112] REID	1900	*.*.*.*	*	<no filename>	
H	[UDP]	CLMLService.exe [1408] REID	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
H	[UDP]	CLMLService.exe [1408] REID	1900	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
[UDP]	svchost.exe [1020] localhost	123 ntp	*.*.*.*	*	C:\WINDOWS\system32\svchost.exe	Generic Host Process for Win32 Services / Microsoft® Windows® Operating System
H	[UDP]	CLMLService.exe [1408] localhost	1025	*.*.*.*	*	C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe	Cyberlink MediaLibrary NT Service
[UDP]	svchost.exe [1112] localhost	1900	*.*.*.*	*	<no filename>


----------



## reidy100 (May 11, 2005)

OOps can anyone make sense of that report?


----------



## reidy100 (May 11, 2005)

oh yes hjt log

Logfile of HijackThis v1.99.1
Scan saved at 14:53:58, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Startup.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122105569843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122394828437
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85CA0AC-973E-441F-8C01-5D0C6AFB7768}: NameServer = 62.6.40.178 194.72.9.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


----------



## reidy100 (May 11, 2005)

whats a matter with u guys tooo hard 4 ya ??????????deeply dissapointed here


----------



## reidy100 (May 11, 2005)

how bout looking into it 4 ya reidy?


----------



## reidy100 (May 11, 2005)

how about looking into this problem 4 you reidy or is it too hard a problem 4 ya ??????????????????????????????????????????????????????????????


----------



## Cookiegal (Aug 27, 2003)

I received your PM and please don't be some impatient. We have a lot to handle here.

Download Cleanup from *Here* 

 A window will open and choose *SAVE*, then *DESKTOP* as the destination.
 On your Desktop, click on *Cleanup40.exe icon.*
 Then, click *RUN* and place a checkmark beside "*I Agree*"
 Then click *NEXT* followed by *START* and *OK.*
 A window will appear with many choices, *keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.*
 Click* OK*
 *DO NOT RUN IT YET*

Download the trial version of Ewido Security Suite *here*.
Install ewido.
During the installation, under "Additional Options" *uncheck* "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click *update*
Click on *Start* and let it update.
*DO NOT* run a scan yet. You will do that later in safe mode.

*Click here* for info on how to boot to safe mode if you don't already know how.

Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
Click on *scanner*
Click *Complete System Scan* and the scan will begin.
During the scan it will prompt you to clean files, click *OK*
When the scan is finished, look at the bottom of the screen and click the *Save report* button.
Save the report to your desktop

Run Cleanup: 
 Click on the "*Cleanup*" button and let it run.
 Once its done, *close the program*.

Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Restart back into Windows normally now.

Do a *Panda Active Scan*. Be sure to save the log it creates.

*Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.*

Once you've done that, go to the following site and run the ShieldsUp! test and let us know the results please.

http://grc.com/default.htm


----------



## reidy100 (May 11, 2005)

ok thnx

Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 21:39:33, 14/11/2005
+ Report-Checksum: B609255F

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3596468691-1117351892-3897911047-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\steve[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temp\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\QSAPX2YP\sidefind[1].exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\S9AZ4L2R\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\S9AZ4L2R\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\77495dabb3d23980860e874027902150202a4f21/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\SoftwareDistribution\Download\77495dabb3d23980860e874027902150202a4f21/mrt.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup

::Report End

Panda

Incident Status Location

Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd 
Adware:adware/block-checker No disinfected C:\WINDOWS\SYSTEM32\ustart.exe 
Adware:adware/ist.yoursitebar No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\YSBactivex.dll 
Adware:adware/powerscan No disinfected C:\PROGRAM FILES\Power Scan 
Adware:adware/surfaccuracy No disinfected C:\PROGRAM FILES\SurfAccuracy 
Adware:adware/ist.istbar No disinfected Windows Registry 
New HJTLogfile of HijackThis v1.99.1
Scan saved at 22:45:30, on 14/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Startup.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122105569843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122394828437
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85CA0AC-973E-441F-8C01-5D0C6AFB7768}: NameServer = 62.6.40.178 194.72.9.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Cant see where to d/l or execute Shields Up at that site tho

Cheers Reidy100


----------



## reidy100 (May 11, 2005)

shields up done a few tests

Attempting connection to your computer. . . 
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet! 
Your Internet port 139 does not appear to exist! 
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. 
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. 


----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2005-11-14 at 23:30:33

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
119, 135, 139, 143, 389, 443, 445, 
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


is this what you meant???


btw cyberlink and clmlservice.exe still appearin my open ports


----------



## reidy100 (May 11, 2005)

and in msconfig utility services Cyberlink background capture service, Cyberlink task scheduler,Cberlink media library service,Smartlinkservice are ticked (To run at Startup???) is this correct?


----------



## Cookiegal (Aug 27, 2003)

Were you not aware that you had the Cyberlink program?


----------



## reidy100 (May 11, 2005)

I have no idea what it is, or if i need it. and i dont know what Smartlink service is either. if i dont need it i wanna get rid of it, i dont like it taking over stuff if it is.

Anything on my HJT log?


----------



## reidy100 (May 11, 2005)

Smartlink service is to do with my 56k modem, but im on 2M Broadband so im happy to leave that alone.i will search the forums about Cyberlink


----------



## Cookiegal (Aug 27, 2003)

Cyberlink is a DVD burning/editing program.


----------



## reidy100 (May 11, 2005)

so when i use SIW from http://www3.sympatico.ca/gtopala/ and select open ports it comes up with 720 open ports most used by cyberlink I would post a screenshot but its too big (see my first post if u can make sense of it) I want to remove Cyberlink completely and safely is there anyone here who can advise me how to ????????? AND ensure it comes off those ports????? PLSE sorry for shouting


----------



## Cookiegal (Aug 27, 2003)

Yes, it has a service installed for shared files for use over a local network.

Look in the program's folder for an uninstall feature and run that. If there isn't one then remove it via the Control Panel - Add/Remove programs.

Then, do the following for each of these services:

*CyberLink Background Capture Service
CyberLink Task Scheduler 
CyberLink Media Library Service*

Click *Start*  *Run* - and type in:

*services.msc*

Click OK.

In the services window find: *each of the services named above.*

Right click and choose *Properties*. On the *General* tab under *Service Status* click the *Stop* button to stop the service. Beside *Startup Type* in the dropdown menu select *Disabled*. Click *Apply* then *OK*. Exit the Services utility.

*Note: *You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.


----------



## reidy100 (May 11, 2005)

thnks cookiegal I was on the uninstall file track, found one but clicking on it does nothing. It doesnt appear in add/remove program (strange?? or not?) I shall try the last bit of your advice

Thnx Reidy100


----------



## reidy100 (May 11, 2005)

done that to CBCS and CTS but cyberlink media library service doesnt appear in the list


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## reidy100 (May 11, 2005)

after doing what you suggested i restarted and now only have 11 open ports (thnx)

Can i delete the Cyberlink folders?

Sure here is the latest HJT log

Logfile of HijackThis v1.99.1
Scan saved at 18:39:36, on 15/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
C:\Documents and Settings\Steve\Desktop\siw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/b

t_side.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

file://C:\APPS\IE\offline\uk.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/b

t_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!

\common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!

\common\YIeTagBm.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program

Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005

\pccguide.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -

osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S

/opti
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CUCore Agent] "C:\PROGRA~1\COMMON~1\FIRSTV~1\ConfAgent.exe /minimize"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: Startup.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!

\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!

\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -

http://66.29.7.159/toolbar/cabs/free_access.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} -

https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1122105569843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

1122394828437
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A85CA0AC-973E-441F-8C01-5D0C6AFB7768}: NameServer =

62.6.40.178 194.72.9.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1

\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown

owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallShield Licensing Service - Macrovision

- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield

Licensing Service.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program

Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1

\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1

\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1

\INTERN~1\tmproxy.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

We seem to be getting somewhere now thnx to you


----------



## Cookiegal (Aug 27, 2003)

It's really not necessary to delete the Cyberlink folders unless you absolutely want to. They are not malicious.

I take it there are no more ports open involving Cyberlink?


----------



## reidy100 (May 11, 2005)

got34 open ports see att.


----------



## reidy100 (May 11, 2005)

sorry try this


----------



## Cookiegal (Aug 27, 2003)

I'm not all that up on reading port probe scan logs but as far as I can tell, everything looks normal and since you got a Stealth rating with the ShieldsUp! test, I'm confident that all is well.


----------



## reidy100 (May 11, 2005)

once again cookiegal many thnx


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

