Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • Please log in to reply
6 replies to this topic

#1 Gumdrop

Gumdrop

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 11 May 2005 - 08:54 PM

My problems are:

(1) My music cd's won't play (Windows Media Player?)
When I put in a CD, a box pops up saying:


Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access.

When I click on the WMP icon at the bottom left (near my START button), a box pops up and says:

Problem with shortcut.
The item 'WMPLAYER.EXE' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?


And I get that same message when I go to WMPlayer through START and PROGRAMS.

In my ZoneAlarm, wmplayer.exe is listed as:


ACCESS
Trusted --allow
Internet --allow

SERVER
Trusted --Ask
Internet --Ask



(2) A popup box when I boot up which says:

Runtime Error!
PROGRAM: C:\WINDOWS\SYSTEM\PSOFT1.EXE
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

(I don't know who that would be. I did see that PSOFT.EXE, psoft.exe is listed in bleeping.com's Startup Database, should definitely not start up automatically and may be malware. It IS listed in my Startup under msconfig.



(3) 'System Tools' is no longer listed under START-->Programs-->Accessories (probably isn't a problem since it IS an icon on my desktop; just don't understand why it suddenly isn't under Accessories anymore.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

What I've done to see if anything would change (and it didn't):


(1) (per AVG Forums' How to clean an infected computer):

--Disabled System Restore
--Looked at Add/Remove Programs (nothing odd there)
--Ran Disc Cleanup
--Ran CWShredder (nothing found)
--Ran AdAware (nothing found)
--Ran Spybot S&D (nothing found)
--Ran AVG (nothing found)
--Re-enabled System Restore

(2) Ran CCleaner (deleted/cleaned those MBs)

......................
I've not ever done anything in Safe Mode; I'm too scared of Safe Mode. And I don't have a disk that should have come with this laptop, like I have a disk that came with my desktop. I don't have any kind of bootup disk. However, both this laptop and my desktop are Windows ME--if need be, could I ever install the desktop's CD onto the laptop??


HighjackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 7:14:15 PM, on 5/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
E:\WINZIP\WINZIP32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\SYSTEM\NSK4085.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab



Need anything else?

Thank you!!

Edited by Gumdrop, 11 May 2005 - 08:58 PM.



. )) -::-
. .))
((. . -::-Kris
-::- ((.*


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 12 May 2005 - 12:16 PM

Fx this:

O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe

and delete c:\windows\system\psoft1.exe

Then delete c:\program files\windows media player\wmplayer.exe and download and reinstall windows media player from microsoft's site. Your wmplayer.exe was probably replaced by a piece of malware.

#3 Gumdrop

Gumdrop
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 13 May 2005 - 01:31 AM

Thank you, Grinler.

I'm half done...a little confused about the WMPlayer though....

When I navigate to c:\program files\windows media player, there isn't one in there that says wmplayer.exe

So I'm not sure if I should delete the whole folder c:\program files\windows media player or one of the things that is IN that folder, which are:


SKINS
Visualizations
DLIMPORT.EXE
MPLAYER2.EXE
NPDRMV2.DLL
NPDRMV2.ZIP
NPDS.ZIP
NPDSPLAY.DLL
NPWMSDRM.DLL
SETUP_WM.EXE
WMPVIS.DLL


. )) -::-
. .))
((. . -::-Kris
-::- ((.*


#4 Gumdrop

Gumdrop
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 13 May 2005 - 02:09 AM

Actually, I just went and put a CD in my desktop to see what opened up to play it and on the desktop, MusicMatch Jukebox is what plays a CD.

Should I get MMJB for this laptop too? What version? Seems like I heard some bad stuff (maybe spyware or something?) at one time about MMJB?

Can you reccomend something to download to play CDs??


. )) -::-
. .))
((. . -::-Kris
-::- ((.*


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 13 May 2005 - 09:25 AM

I would just go to www.microsoft.com/mediaplayer and download the latest version

#6 Gumdrop

Gumdrop
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 13 May 2005 - 10:04 AM

I got it....without deleting/removing the other one...is that okay? It's playing my CDs...Thanks!! Should I go back now and get rid of the other or did this new download just update the old one?

Thanks so much for your help!!


. )) -::-
. .))
((. . -::-Kris
-::- ((.*


#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:49 PM

Posted 13 May 2005 - 02:24 PM

This update should have upgraded the existing one. So you should be good to go.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users