PDA

View Full Version : windows media 11



Ragwort
22-10-2008, 10:35 AM
Have tried to get media to play but nothing happens, even gone back to 10 and still no sign of it working. Have also lost system restore and search.
please can anybody help andf also do not have installation disc as bought second hand and already installed

Speedy Gonzales
22-10-2008, 10:43 AM
Have you scanned your system for malware / viruses etc?

Do a scan with malwarebytes / trojan remover below.

And post a hijackthis log. Link below

Ragwort
22-10-2008, 10:54 AM
yes have used avg and skybot and advanced pc tweaker registry repair
no virus found

Speedy Gonzales
22-10-2008, 11:00 AM
Hmm, I would be careful what registry program you use.

Some can screw settings / a system up

Ragwort
22-10-2008, 02:00 PM
is this what was required
f Trend Micro HijackThis v2.0.2
Scan saved at 13:56, on 2008-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sun\servicetag\stdiscoverer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sun\servicetag\stlisten.exe
F:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Fast.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
F:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Lunabar\Lunabar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
f:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] f:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Lunabar Taskbar Icon.lnk = C:\Program Files\Lunabar\Lunabar.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - ?p=ZRfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Airport%20Mania%20-%20First%20Flight/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201995677390
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///D:/SuperCD/IntraLaunch.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Scrabble%20Journey/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.196.24/DGTx.CAB
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sun Service Tag Discovery (stdiscover) - Unknown owner - C:\Program Files\Sun\servicetag\stdiscoverer.exe
O23 - Service: Sun Service Tag Listener (stlisten) - Unknown owner - C:\Program Files\Sun\servicetag\stlisten.exe
O23 - Service: Uniblue DiskRescue - Uniblue - F:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 10611 bytes

have run trojan and malscan as suggeste and found 1 trojen and 24 malware have cleaned them out and still no luck
thanks for the assistance it is appreciated

Speedy Gonzales
22-10-2008, 02:12 PM
Tick these entries then tick fix checked

Close browsers

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"

Tick this entry, or disable it under options (boot-time fastscan).

O4 - HKLM\..\Run: [TrojanScanner] f:\Program Files\Trojan Remover\Trjscan.exe /boot

I would uninstall this, and use something like

ccleaner (www.ccleaner.com)

O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart

I would tick this or disable it in Spybot's options

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: AutorunsDisabled

O8 - Extra context menu item: &Search - ?p=ZRfox000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

Ragwort
22-10-2008, 02:55 PM
have done that and still no media or system restore

Speedy Gonzales
22-10-2008, 02:58 PM
Did you reboot after?

Ragwort
22-10-2008, 03:02 PM
yes thanks

Ragwort
22-10-2008, 04:07 PM
have now got white screen for systems restore but no media

wainuitech
22-10-2008, 04:36 PM
Try updating and running you Spybot S7D - you still have infections, get a new version from my sig if you need it, also downlaod and run Spywrae Terminator in full scan mode.

Regarding the blank pages - try running This here from MS (http://www.microsoft.com/downloads/details.aspx?FamilyID=c717d943-7e4b-4622-86eb-95a22b832caa&DisplayLang=en).

Ragwort
22-10-2008, 05:40 PM
Thank you ,have both back what a relief now to do a immediate backup any suggestions

wainuitech
22-10-2008, 05:48 PM
Back up Of what ??

If its just your documents, photos, music etc, either burn to a CD/DVD or copy / paste to a removable Hard Drive - thats the quickest way and cost's nothing apart from a bit of time.

If you want to copy the Whole drive that's slightly different but do-able
(good English eh :D !)

What do you have in the way of backup media--- CD's DVD's External Drive ??

Ragwort
22-10-2008, 06:30 PM
sorry my grammar not so good too old in the tooth.
What I require is a system disc so that if I have trouble I can repair etc. as this pc has no discs ,it was already on when i purchased second hand

Ragwort
22-10-2008, 06:32 PM
Missed other request have cd, DVD drive and a portable disk called free agent

wainuitech
22-10-2008, 07:00 PM
sorry my grammar not so good too old in the tooth
Dont be silly - never to old- every ones always learning :thumbs:

For a immediate Back up of important items, first have a look and see " what you can't afford to lose" in the way of Personal Documents, photos etc. Usually the main locations were people store there items are: My Documents, Desktop

Navigate to the folder(s) and right click, Copy, then Paste to the Portable drive.


Note: Got to shoot out to do an urgent job,somebody else may be able to instruct on other backups.

1 Question - Do you want to do a complete backup/image of the whole drive ?

John D
22-10-2008, 11:02 PM
Have you tried system file checker for windows files.

Go to start, then to run and type in sfc/scannow.

And click OK to run.

Ragwort
22-10-2008, 11:26 PM
cannot find that file

Sweep
23-10-2008, 04:06 AM
cannot find that file

Try start > run > sfc /scannow

Note that there is a space between sfc and the /.

Note also that you might need your Windows installion disk which apparently you do not have!! Perhaps borrow one of the same version that is on your computer for this excercise.

wainuitech
23-10-2008, 08:07 AM
Eh! posts 17-19 ???

Post 12 Suggested the problem was fixed ? System File Checker wont back up any Data ?? Or am i missing something here ??:confused:

Ragwort
23-10-2008, 08:30 AM
media is back but restore is white as sheet no words just like me blank .
hope you are well this morning

wainuitech
23-10-2008, 09:15 AM
Okay try this for System Restore See if this opens restore -

Open Internet Explorer ( NOT Firefox) and in the address bar, copy/paste the following

res://C:\WINDOWS\system32\Restore\rstrui.exe/start.htm

Press Enter - look along the top of the window - if you get a yellow warning saying run active x allow - hopefully System Restore will open.

If it does close it and try this - click start/run , in the open box type in the following three commands,1 at a time hitting enter after each one and notice the spaces where shown. you should get a window after a few seconds saying the script has reset for each one - after, try opening system restore.

regsvr32 jscript

regsvr32 vb script

regsvr32 /i mshtml

If it system Restore still wont load

1. Click Start, and then click Run.
2. In the Open box, type regsvr32 jscript.dll, and then click OK.
3. Click OK.
4. Click Start, and then click Run.
5. In the Open box, type regsvr32 vb script .dll, and then click OK.
6. Click OK.


If the above doesn't work download This here (http://windowsxp.mvps.org/reg/olereg.vbs) double click it to install - reboot - try System Restore.

Advice of any out come please.

wainuitech
23-10-2008, 09:42 AM
OOPS! Ignore the second lot
1. Click Start, and then click Run.
2. In the Open box, type regsvr32 jscript.dll, and then click OK.
3. Click OK.
4. Click Start, and then click Run.
5. In the Open box, type regsvr32 vb script .dll, and then click OK.
6. Click OK. Its the same as the first :o Double posted it by mistake.

But try the rest of it including the link on the second to last line if needed.

Ragwort
23-10-2008, 10:30 AM
now getting script error in Ie and outlook express
so cannot do as suggested

wainuitech
23-10-2008, 10:37 AM
Did you run the sfc /scannow as suggested in earlier posts (mind you it prob will need a XP CD as sweep mentioned) What you can try is open My Computer/ right click the C: Drive properties/Tools Click on " Check now" when the window opens tick both boxes, clcik start - you will get a message saying it cant be run do you want to run on next start up (words to that effect) click Yes, restart the PC, let it run through - may take a while.

If that doesn't fix it, you will more than likely need a XP CD to replace/repair files.

Ragwort
23-10-2008, 12:16 PM
It is fixed changed to IE 8 because 7 has a big problem with Java This is from Microsoft I found.
And with the help that you have given I say a big thank you; so is it OK to use Acronis to make a copy of the system or how do I make ISO disc of this System to make sure I do not make another mix up.
Thank you all for the assistance.

wainuitech
23-10-2008, 12:41 PM
So I assume its all going Ok now, System Restore and media player all OK ??

Yes using Acronis true Image will make an Image file that you can save to the External Drive.

Make a bootable CD from the program other wise you wont be able to recover the backup if required without installing XP from the start.

Just in case you're not to sure, ( this is from the bootable CD you can make) Have the external drive plugged in - Boot from the Acronis CD, ( hit Next when applies)
Select Acronis True Image ( Home)
Backup
My Computer
Select C: Drive
Untick every thing relating to hidden files - you want these
In Location - select the back up drive
In the File name ( lets say its D Drive) should read D:\backup.tib (see Note below)
Select Full
Follow prompts through


NOTE/IMPORTANT - When you name the file, call it what ever you want, BUT make sure you add in .tib at the end other wise it wont recover if you need it.

Eg: Say you call it Backup -- It should be Backup.tib NOT Backup