Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Windows keeps launching media player

(New)
(!)

harrysk's Avatar
harrysk harrysk is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
30-May-2005, 08:41 AM #1
Windows keeps launching media player
Hi, can somebody please help me. I started my computer yestoday and when it loaded up it launched windows media player with a message saying "Windows Media Player cannot play the file. The file is either corrupt or the Player does not support the format you are trying to play". anyway I managed to get rid of that message, only trouble is is launches itself everytime I try to do anything( open all programs, amend files,) I lets me use the net and downlaod stuff but its will not let me run the program. I though about reloading xp but I cannot afford to lose any programs i've got on there (and I cannot backup files either) the same thing keeps on happening, please please can somebody help me
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-May-2005, 04:35 AM #2
go to here and download 'Hijack This!' double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

once we see the log we can hopefully determine whether it's a baddie or a systems setting at fault
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
harrysk's Avatar
harrysk harrysk is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
01-Jun-2005, 03:31 AM #3
Logfile of HijackThis v1.99.1
Scan saved at 08:20:03, on 01/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/u...en/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C66 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P32 "EPSON Stylus C66 Series (Copy 1)" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vpxkar] c:\windows\system32\vpxkar.exe -start
O4 - HKLM\..\Run: [Virgins] C:\Program Files\Mpb\Dialers\Virgins\Virgins.exe /dontdial
O4 - HKLM\..\Run: [Gay_Sexy_gb] C:\Program Files\SCom\Dialers\Gay_Sexy_gb\Gay_Sexy_gb.exe /dontdial
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia.com/install/pcs_0009.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://10.0.0.5:8000/Ctl/WinWebPush.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Jun-2005, 04:50 AM #4
You have few problems there but that log was taken in safe mode and we do need to see a log in normal mode to be sure of getting everything
harrysk's Avatar
harrysk harrysk is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
01-Jun-2005, 05:30 AM #5
Unable to to run HJT in normal mode, cannot open anything in normal mode, I get another window opening up that says "Open with" and displays a list of programs, then I get a message window saying "Windows cannot access the spcial devise,path or file, you may not have the appropriate permission to access the item
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Jun-2005, 05:51 AM #6
uninstall errorguard from add/remove programs in control panel

Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily

Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT...01052409420406

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [vpxkar] c:\windows\system32\vpxkar.exe -start
O4 - HKLM\..\Run: [Virgins] C:\Program Files\Mpb\Dialers\Virgins\Virgins.exe /dontdial
O4 - HKLM\..\Run: [Gay_Sexy_gb] C:\Program Files\SCom\Dialers\Gay_Sexy_gb\Gay_Sexy_gb.exe /dontdial
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe

O16 - DPF: {2F5B39C5-C6F5-447A-A946-48B382C53985} - http://www.pacimedia.com/install/pcs_0009.exe

O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://10.0.0.5:8000/Ctl/WinWebPush.cab



now Start killbox paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then repeat for each file in turn

[Note: Killbox makes backups of all deleted files in a folder called C:\!submit we might ask you to submit those files for further examination a bit later on ]

c:\windows\system32\vpxkar.exe
C:\Program Files\SCom\Dialers\Gay_Sexy_gb\Gay_Sexy_gb.exe
C:\Program Files\Mpb\Dialers\Virgins\Virgins.exe

C:\Program Files\ErrorGuard\ErrorGuard.Exe

Then on killbox top bar press tools/delete temp files and follow those prompts and say yes to everything

then as some of the folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

delete these folders

C:\Program Files\Mpb
C:\Program Files\SCom
C:\Program Files\ErrorGuard

then go to C:\windows\temp and select EVERYTHING and delete it all and then do the same for C:\temp if it exists

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then reboot and see if you can get into normal mode and get us full hjt log

if you still can't get into normal mode then please try this so we can see some additional places
download and unzip http://www.diamondcs.com.au/index.php?page=asviewer and double click the asviewer.exe file
press main and make sure the top 3 items are ticked, press refresh & then save and copy that log back here
harrysk's Avatar
harrysk harrysk is offline
Junior Member with 7 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
02-Jun-2005, 01:28 PM #7
DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Administrator@DVR1, 06-01-2005
c:\windows\system32\config.nt
C:\WINDOWS\system32\himem.sys
c:\windows\system.ini [drivers]
timer=timer.drv
c:\windows\system.ini [boot]\shell
C:\WINDOWS\Explorer.exe
c:\windows\system.ini [boot]\scrnsave.exe
C:\WINDOWS\System32\logon.scr
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
C:\WINDOWS\Explorer.exe
HKCU\Control Panel\Desktop\scrnsave.exe
C:\WINDOWS\System32\logon.scr
HKCR\vbsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\vbefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wshfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wsffile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray
C:\WINDOWS\System32\igfxtray.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds
C:\WINDOWS\System32\hkcmd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService
C:\Program Files\Dell\Media Experience\PCMService.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dla
C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UpdateManager
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VSOCheckTask
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MCAgentExe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MCUpdateExe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VirusScan
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck
C:\WINDOWS\System32\\NeroCheck.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SpeedTouch USB Diagnostics
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VirusScan Online
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EPSON Stylus C66 Series (Copy 1)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P32 "EPSON Stylus C66 Series (Copy 1)" /O6 "USB001" /M "Stylus C66"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EPSON Stylus C66 Series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
C:\WINDOWS\System32\CTFMON.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\Tasks\ISP signup reminder 1.job
C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
C:\WINDOWS\Tasks\McAfee.com Update Check (DHJ0T51J-Owner).job
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\Tasks\McAfee.com Update Check (DVR1-user).job
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
HKLM\System\CurrentControlSet\Control\WOW\cmdline
C:\WINDOWS\system32\ntvdm.exe
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog 9\Catalog_Entries\
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\rsvpsp.dll
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,296 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
02-Jun-2005, 04:16 PM #8
has the latest fixes with HJT made any difference
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑