1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Computer infected with win32 Trymedia or worse

Discussion in 'Windows - Virus and spyware problems' started by sustained, Jul 20, 2006.

  1. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    Its me again, bet your tired of me by know. I just happened to do a start menu search for KBD and found a long list of files that start with KBD. OMG. Could these all be a part of this intrusion KBD file. Please tell me they're not!

    I attempted to send you the list of files but when I attempt to select all and copy\paste to microsoft word it only shows an icon with the title:installed virusKBD.htm What? Any suggestions?
     
  2. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    I'm back. Found definition of KBD on web here's the info:scarry huh?

    KBD
    (Backdoor.Java.KBD)

    by KADIR & KERIM BASO


    Released in january 2003

    Made in Turkey



    |_______________________________________|
    | KBD (KADIR BASOL DEVASTATOR) 2002 |
    | Programmed By |
    | KADIR & KERIM BASOL , |
    | Onur Oztirpan |
    | |
    | ICQ No: |
    | 102040 |
    | 246609 |
    | Version 1.4.5 |
    _______________________________________


    KBD Program was invented at the end of the 1999.It has used to control many Web
    Servers & IT computers.
    At the end of the 2001 the program has served on personal computers.
    Now , it has passed many Trojan programs like Sub7 , Netbus & so on...
    Because the program is capturing any computer without sending any file.
    It uses ActiveX technology for Windows systems.For the Linux systems , it
    is using normal jar files & when the program infects on Linux systems , it
    cannot be stopped by the system administrator & It is the first Trojan for cell
    phone systems.We put some limits this program to prevent some potential dangers.


    The abilities of this program is shown below :

    - You can access the file system of the infected computer.
    - You can zip or extract any file on host's computer.
    - You can access any computer behind proxy or behind any network.
    - You don't need to know what ip address is the infected computer using.
    - Applet uzerinden taninmama.
    - You can capture any packets that is on local network or local computer.
    - You can send fake mails & can mail bomb at any user on any Pop3 or Web server.
    - Protocol resolvers.
    - Encyrpted chat.
    - You can
    - You can send fake UDP packets on behalf of any ip address.
    - You can capture computers which are not only Windows machines.
    (Linux,Machintosh,Solaris,Cell phones etc... Java Supported Platforms)
    - Firewalls cannot detect the connections on Applets.
    - For now , it cannot be detected from any Anti Virus program.


    Restrictions of the program :
    - Skipping Virtual Machine security
    - Jumping any firewalls security
    - Infecting on local network like a virus.(NETBIOS Only)
    - Detecting the users telephone number who is using modem connection.


    System requirements for good performance :
    - 700 Mhz CPU
    - 128 MB Ram
    The Client musn't be behind a proxy or behind network.
    If client is behind a network or behind a proxy , the user must use
    Bridge program.We will explain the usage of the program later.


    The usage of the program :
    When you extract the files in the KBD.zip file.At least there will be 8 files in it.
    All files name's are shown below :
    1-) KBDClient.jar ( Programin Client bolumu )
    2-) Winpcap.exe ( Client icin yuklenmesi gereken plug-in )
    3-) Macromedia.class ( Server bolumu )
    4-) tt2.html ( Server bolumu )
    5-) tt.html ( Server bolumu )
    6-) index.html ( Server bolumu )
    7-) RegistryAPI.class
    :cool: Monk.class

    If you don't have Sun Java 2 Virtual Machine 1.4 or higher you must first install the Virtual Machine
    in order to use the KBD Client & protect your system from Vandals.
    It is more secure then Microsoft Java Virtual Machine.

    I am giving you Java 2 Virtual Machine link which you must have it :
    http://www.czilla.org/DOWNLOAD/j2re-1_4_0-win-i.exe

    After you have installed the Virtual Machine , extract the KBD.zip file then first execute
    winpcap.exe file & install it to your computer.The file named as KBDClient.jar is the Client file
    JAR files work as a exe files for Java.They are interpreted by Java Virtual Machine.
    Extract the KBDClient.jar file and double click on it.The program must be opened between
    5-15 seconds.If it don't open you must restart computer & try it again.
    Although you restarted your computer and the jar file is not working so you must do some DOS works :eek:)

    ---IF THE PROGRAM DID NOT WORK ON DOUBLE CLICKING IT---

    C:\WINDOWS>_
    For example the KBDClient.jar file is in C:\KBD Directory

    so we are trying to apply these commands :
    --COMMANDS--
    C:\WINDOWS>cd..
    C:\>cd KBD
    C:\KBD>java -jar KBDClient.jar
    --END OF COMMANDS--

    WARNING : "java -jar KBDClient.jar" this command is case sensitive do not write KBDClient.jar
    as kbdclient.jar or KBDCLIENT.JAR!

    After you have successfully made these commands.
    This message will appear on DOS Screen :

    JVM Invoked.
    Please wait...

    If the error message will appear like this :
    Exception in thread "main" java.lang.NoClassDefFoundError: KBDClient
    Execute program by using this command "java -classpath . -jar KBDClient.jar"

    Then the program will start to work between 5-15 seconds.
    ----END----

    We have learned how to start the Client file.

    Now , I am explaining you how to configure Server File :
    Open the KBD Client then at the top menu click on Edit then click on

    Edit HTML ,
    You will see new dialog.This dialog encyrpts your ip address & ports in HTML file so the victim
    cannot see your ip address & other important configurations in HTML code.

    Your ip adresss : You must enter your current ip address to this place.

    Select port : You must give a number between 1-65535.I recommend you to use between 1024-65535 except
    number 80.Port 80 and 8080 recommended to use & remember the number you have given.You will use this number later

    Redirect to : After the user go into web site where will the user will goto website:
    Example : http://www.google.com
    When the user goto your website , he/she will be redirected to www.google.com

    Auto Control URL : This is the best ability of KBD Vandal.If you have a static ip address ,
    AutoController can be disabled if you are using dial-up modem or dynamic ip address , you can enable
    AutoController.If you enable it the TextField also will be enabled.You will write an URL(Website)
    to this TextField.This URL can be controlled by your self.
    For example :
    Your website is : http://www.geocities.com/tr_melis
    You can write to TextField : http://www.geocities.com/tr_melis/Control.txt
    or http://www.geocities.com/tr_melis/AAA.txt
    or http://www.geocities.com/tr_melis/PPP.dat
    it is your opinion what file you will want to use.

    What is that? Why we use this URL ?
    You will enter your computer current ip address to these files.When the victim any time connect to
    internet they get your current ip address from this website & they try to connect your computer.
    They look this URL every 2 minutes until you have connected to them.

    WARNING : You must write your ip address when you want to connect
    the user & AutoController is selected as true

    By using this technique , although you have dynamic ip address , you can catch the victim any time
    he/she connected to the internet.

    After you have done all the configurations.
    Click on convert button then the encyrpted code will appear in text area
    Select all codes then press ctrl+c key to copy the code then paste these codes into
    tt2.html file by opening tt2.html in notepad.

    Then send these files to your website :
    tt.html
    tt2.html
    index.html
    Macromedia.class
    Monk.class
    RegistryAPI.class
    For example your website is : http://www.geocities.com/tr_melis
    Send these files to this web sites main site then open the KBD Client.
    At the top of the menu click on Edit then select Connect option.
    Select your mode as "Super Devastator" write your port which you have given
    in server configuration & click on ok.
    Then send your victim to this web site.
    When the victim enters to your website at the right list
    there will be appeared the user name of the victim & ip address of the user.
    Any one who enter to your website will be added to right of the list.
    When you want to enter the victim's computer right click on the user which you
    want to connect then click on connect this host.
    After you connnected to user's computer the left side of the program will show
    victim's computer , right side shows yours one.
    Now you are ready to control the user's computer.
    If you want to transfer file(download,upload) , you can do it by
    using drag & drop utility.If you want to make faster time downloads , you
    can do it by compressing files on host's system before downloading them directly.
    You can do zip,unzip files by right clicking on the file at the left side.

    If you are under proxy or behind any network , you must use Bridge in order to use KBD Vandal.
    You can also use BridgeW in order to use someone's(victim's) computer as a Proxy.
    From now on , try to solve other things by your self.I have no time to explain more & more functions of
    the program.

    If you have any problems on connecting people's computer try to use
    AutoController disabled.

    Have fun ;o)

    KADIR & KERIM BASO




    MegaSecurity
     
  3. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    "kbdcfg.bat" seems to be the only executive file in the start menu search. Maybe you know how to eradicate this problem.
     
  4. gsmlogic

    gsmlogic Guest

    Please post a Fresh HJT log.
     
  5. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    C:\hp\bin is where it is located on my computer. Is it probable that someone could have installed this on my computer?
    Also most of the files that have been found in my start menu search;kept open for reference; have now changed(while doing a virus scan online from symantec) and now show that the last part of filename is : i386. any clue?

     
  6. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16


    Logfile of HijackThis v1.99.1
    Scan saved at 12:03:52 AM, on 8/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\USBStorage\USBDetector.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152825805781
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
  7. gsmlogic

    gsmlogic Guest

    Use HijackThis and place a check next to the following and fix them:

    [bold]O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)[/bold]

    Download and run Ewido Anti-Spyware
    Go t the Update tab and update the program
    After it's done restart the program
    Go to the Scanner tab
    Click on Complete System scan and let it finish
    Delete the found files and attach a log file in your next post

    Navigate and find this folder and delete it:

    C:\hp\bin

    Post a Fresh HJT log in your next post
     
    Last edited by a moderator: Aug 5, 2006
  8. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    No no no...

    KBD.exe witch is located in C:\hp\bin folder is a LEGIMATE file allthough some scanners think it's bad

    Do NOT fix this:
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

    So your log looks clean now. If you still have some problems, please tell me
     
  9. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    your really gonna hate this, and me. I deleted "kbdcfg.bat" from cmd prompt. Pause...
    thats really bad huh. O' sh u t. I guess I should slow down and ask for help before excecuting something I'm not familiar with. I also tried out "proxyway" out of fear that the kbd virus was allowing hackers to enter my computer through my ip adress(I think it screwed up my connection). Now I can get on the internet and have cmd-release and renewed my ip adress but my 2wire home portal icon says that it is down, on my computer ,although my wife's is working fine. I guess I really should be more carefull, but I am learning as I go . I just need to go slower. So , is ti possible to get the kbdcfg.bat back? and if so ,how.I'm really sorry for all the screw ups. I'll try to not do anthing unless I ask first. Sorry.
     
  10. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    If you deleted the file with command prompt, i'm not sure how to get it back :(
    Perhaps googling for "Data recovery tools" will help, here is something I found:
    http://www.snapfiles.com/Freeware/system/fwdatarecovery.html
    Allthough i am not sure how critical that file was, because it is related to Logitech multimedia tools which allows you to configure additional keys to multimedia keyboards
    http://www.liutilities.com/products/wintaskspro/processlibrary/kbd/

    I'm no expert with networking either and I am really sorry that your computer ended up this way. Perhaps this forum will help you:
    http://www.dslreports.com/forum/2wire
     
    Last edited: Aug 7, 2006
  11. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    Thank you very much for your help and concern. I reinstalled sbc and 2 wire today after reseting the modem and after comp being turned off all day and walla! It all worked perfectly, go figure. I want you to know how much I really appreciate all your hlp. Thank you.And I will look into fixing the removed bat file thanks for the link.
     
  12. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    I wasn't sure you got my message and I am not sure how to check if you did, jurpis. The problem I'm having is that my computer locks up whenever video is attempted to be played.Whether online video or email or any. I'm not sure what to do and would appreciate your help once again. thanks
     
  13. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    sustained, I haven't seen Juppris helping here in quite a long time so I will assist you if I may. Please post a HijackThis log. Also, what is the player that is freezing?
     
  14. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    Hi, sorry bout asking for jurpis- he just had alot of patients with me. But thanks for helpin me nonetheless. The windows media player is the one that will freeze. And it's not so much all video because in my video games the cut scene video is fine. here's hjt log.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:07:15 PM, on 9/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\USBStorage\USBDetector.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\2Wire\2PortalMon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
    O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152825805781
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
  15. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
    Must be just a WMP problem as there is nothing real bad in your log. If it only happens with certian files such as just avi files or just mpeg files, you may need the codecs. If it happens with all files, uninstall and reinstall WMP.

    Run a scan only with HijackThis, check to fix these.

    [bold]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customiz.../search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customiz...//www.yahoo.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [/bold]

    Then, delete the backups in the HjT folder.
     
  16. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    How do I get the codecs?
     
  17. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,328
    Likes Received:
    0
    Trophy Points:
    66
  18. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    how do i know which one to download?
     
  19. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    never mind, i see the packs
     
  20. sustained

    sustained Member

    Joined:
    Jul 20, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    16
    ok, here's what I've found:
    Along with the xp codecs is a program called Sherlock- the codec detective. It says that the driver for these codecs was not found and that the codec was probably uninstalled properly.(NVVPE, VP60 Simple profile and VP61 Advanced profile.)

    Broken Codecs
    -------------
    NVVPE
    FileName = C:\WINDOWS\System32\filter.ax
    VP60® Simple Profile
    FileName = C:\WINDOWS\system32\C:\WINDOWS\system32\vp6vfw.dll
    VP61® Advanced Profile
    FileName = C:\WINDOWS\system32\C:\WINDOWS\system32\vp6vfw.dll

    System Information
    ------------------
    Operating System = Microsoft (R) Windows XP Professional (5.01.2600)
    CPU Descriptor = AMD Athlon(tm) XP 3200+
    CPU Clock Speed = 2191 Mhz.
    Total Memory = 1023 Mb.
    DirectX Version = 9.0c
    WMI Version = 2600.0000
    ACM Version = 5.00.0

    Is it possible that these problems occurred after I installed the xp codec pack, or is this whats wrong with my computer?
     

Share This Page