Hi,
I have Spywareblaster already installed and run spybot, but somehow the motor-search.info adware installed itself on my computer. Any assistance would be greatly, greatly appreciated.
HijackThis log is as follows:
Logfile of HijackThis v1.97.7
Scan saved at 7:25:45 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\YZ Dock\YzDock.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.motor-search.info/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.motor-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.motor-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.motor-search.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.motor-search.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.motor-search.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.motor-search.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.motor-search.info/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zsysdll32.dll] C:\WINDOWS\system\sysdll32.exe
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: Shortcut to YzDock.lnk = C:\Program Files\YZ Dock\YzDock.exe
O4 - Startup: Shortcut to YzShadow.lnk = C:\Program Files\Yzshadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8023.9306018519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
O19 - User stylesheet: C:\WINDOWS\winstyle.css
O19 - User stylesheet: C:\WINDOWS\winstyle.css (HKLM)
Thank you very much in advance!
Edit: I have downloaded and run adaware (and made sure that the newest reference file has been loaded), and CWShredder (found 1 registry entry and fixed, but upon reboot the problem came back). There is a file called "sysdll32.exe" in my windows\system directory with an icon that looks similar to the several the motor-search adware placed on my desktop. Once again, thank you very much for your help.
Full Version: Motor-search infected.. please help! [part II]
see here at the lavasoft board and you might be able to follow that lead.
http://www.lavasoftsupport.com/index.php?showtopic=23620
or Computer Cops Wave.gif
http://computercops.us/postt29677.html
but in your case it will be the files you found there called "sysdll32.exe"
People are also reporting ..
Every time I run MS Media Player the following shortcuts
"Strip Poker", "Home Business", "Sex Drugs", "Education College" and finally "Viagra
Videos" appear on the desktop and http://www.motor-search.info/ becomes the "Home
page" for IE.
:(
http://www.lavasoftsupport.com/index.php?showtopic=23620
or Computer Cops Wave.gif
http://computercops.us/postt29677.html
but in your case it will be the files you found there called "sysdll32.exe"
People are also reporting ..
Every time I run MS Media Player the following shortcuts
"Strip Poker", "Home Business", "Sex Drugs", "Education College" and finally "Viagra
Videos" appear on the desktop and http://www.motor-search.info/ becomes the "Home
page" for IE.
:(
Thanks very much Hunter. I followed the instructions in that thread and the problem seems to have gone. I accidentally left a browser window open while running hijackthis's "fix" function, but I rebooted, ran hijackthis, and the problem lines don't seem to occur.
Thanks for your help.
Thanks for your help.
Post another log please..and the other gurus will gander at it too. Thanks SKC
I restarted and ran spybot and adaware and hijackthis. Everything seems back to normal except my windows media player (version 9) won't load (this started happening when the adware was installed). Here is my log:
Logfile of HijackThis v1.97.7
Scan saved at 9:30:18 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\YZ Dock\YzDock.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: Shortcut to YzDock.lnk = C:\Program Files\YZ Dock\YzDock.exe
O4 - Startup: Shortcut to YzShadow.lnk = C:\Program Files\Yzshadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8023.9306018519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
does anyone have any ideas?
I also deleted the offending "c:\windows\system\sysdll32.exe"
Ahh.. from rereading your post (didn't notice the bottom part), it seems as if my windows media player has been redirected to sysdll32.exe, which I deleted-- so now it just plays the error sound.
Thanks in advance!
SK
Logfile of HijackThis v1.97.7
Scan saved at 9:30:18 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\YZ Dock\YzDock.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O4 - Startup: Shortcut to YzDock.lnk = C:\Program Files\YZ Dock\YzDock.exe
O4 - Startup: Shortcut to YzShadow.lnk = C:\Program Files\Yzshadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8023.9306018519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
does anyone have any ideas?
I also deleted the offending "c:\windows\system\sysdll32.exe"
Ahh.. from rereading your post (didn't notice the bottom part), it seems as if my windows media player has been redirected to sysdll32.exe, which I deleted-- so now it just plays the error sound.
Thanks in advance!
SK
:)
Just wanted to update--
I've run adaware, spybot and hijackthis; there doesn't seem to be any more spyware left (let's hope). I also reinstalled windows media player; that seems to have fixed the nonfunctioning .exe.
Hunter and gladiator forums, thanks a lot for helping me out.
I've run adaware, spybot and hijackthis; there doesn't seem to be any more spyware left (let's hope). I also reinstalled windows media player; that seems to have fixed the nonfunctioning .exe.
Hunter and gladiator forums, thanks a lot for helping me out.
WTG SK..I thought you would do that..I did find some goodies for you on that player that i will put here in any case...always nice to know some fixes out there for player problems in general.
Something is keeping me from accesing Windows Media Player 9
http://www.wilderssecurity.com/showthread.php?p=159785
Also we have the windows media player W32.HLLW.Gaobot.EF and it causes that player problem.
http://securityresponse.symantec.com/avcen....gaobot.ef.html
These are the other good ideas for problems
*********
Delete/Repair the Windows Media Player Library
If you have moved your music around on your hard drives, Windows Media Player continues to add new entries into it's library instead of modifying the existing ones. This means that you will now have multiple entries for the same song, half of which will not work now because you have moved the files to their new location. To delete the current library and build a new one, do the following:
1. Close Windows Media Player, wait about 3 seconds for the database to close.
2. Using "My Computer", navigate to the following folder:
F (or whatever drive is appropriate for you):\Documents and Settings\All Users\Application Data\Microsoft\Media Index
3. Delete the "wmplibrary....db" file here. This is not your actual music, only the database which Windows Media Player uses as a listing.
4. Start Windows Media Player
5. Hit "F3" and enter the location where you have moved your music to. If it is on muliple drives, check "All Drives". Let it finish.
You're Done!
All the old listings will now be gone, and you will only have the new accurate ones.
Download and re-install it from
> http://www.microsoft.com/windows/windowsmedia/download/
****************************
Q: How do I repair WMP8 on Windows XP?
A: Assuming you have exhausted all other options, the following steps
will partially repair WMP8. These steps are wholly unsupported by
Microsoft, and only mentioned because it *is* the only way you'd be able
to reinstall WMP8 - note that this will likely not fix many/any bugs,
but if you're desperate... Go to Start > Run and type (or copy & paste):
rundll32.exe setupapi,InstallHinfSection InstallWMP64 132
c:\windows\inf\mplayer2.inf
(Point it to the Windows XP CD)
rundll32.exe setupapi,InstallHinfSection InstallWMP7 132
c:\windows\inf\wmp.inf
(Point it to the Windows XP CD)
and then Restart your machine (absolutely mandatory: almost every action
done internally here is delayed until reboot).
As an alternative, you may be better off using Windows XP's cool System
Restore functionality. It's on the Start Menu under "Help and Support".
As a FURTHER alternative, Evey points out you can try to repair Windows
XP itself (which will more fully repair WMP for XP along with it)-
To repair Windows XP:
a.. Boot from the Windows XP CD.
b.. Do not choose Repair when it is offered. That will take you to the
Repair Console and you don't want to be there.
c.. Choose Upgrade
d.. The installer will find your existing XP installation and offer to
repair it.
e.. Now you choose Repair.
f.. Let it do its thing.
g.. No loss in settings, programs or data. You will lose any
patches/updates, though.
(Courtesy of Zach @ http://www.nwlink.com/~zachd/pss/pss.html )
Something is keeping me from accesing Windows Media Player 9
http://www.wilderssecurity.com/showthread.php?p=159785
Also we have the windows media player W32.HLLW.Gaobot.EF and it causes that player problem.
http://securityresponse.symantec.com/avcen....gaobot.ef.html
These are the other good ideas for problems
*********
Delete/Repair the Windows Media Player Library
If you have moved your music around on your hard drives, Windows Media Player continues to add new entries into it's library instead of modifying the existing ones. This means that you will now have multiple entries for the same song, half of which will not work now because you have moved the files to their new location. To delete the current library and build a new one, do the following:
1. Close Windows Media Player, wait about 3 seconds for the database to close.
2. Using "My Computer", navigate to the following folder:
F (or whatever drive is appropriate for you):\Documents and Settings\All Users\Application Data\Microsoft\Media Index
3. Delete the "wmplibrary....db" file here. This is not your actual music, only the database which Windows Media Player uses as a listing.
4. Start Windows Media Player
5. Hit "F3" and enter the location where you have moved your music to. If it is on muliple drives, check "All Drives". Let it finish.
You're Done!
All the old listings will now be gone, and you will only have the new accurate ones.
Download and re-install it from
> http://www.microsoft.com/windows/windowsmedia/download/
****************************
Q: How do I repair WMP8 on Windows XP?
A: Assuming you have exhausted all other options, the following steps
will partially repair WMP8. These steps are wholly unsupported by
Microsoft, and only mentioned because it *is* the only way you'd be able
to reinstall WMP8 - note that this will likely not fix many/any bugs,
but if you're desperate... Go to Start > Run and type (or copy & paste):
rundll32.exe setupapi,InstallHinfSection InstallWMP64 132
c:\windows\inf\mplayer2.inf
(Point it to the Windows XP CD)
rundll32.exe setupapi,InstallHinfSection InstallWMP7 132
c:\windows\inf\wmp.inf
(Point it to the Windows XP CD)
and then Restart your machine (absolutely mandatory: almost every action
done internally here is delayed until reboot).
As an alternative, you may be better off using Windows XP's cool System
Restore functionality. It's on the Start Menu under "Help and Support".
As a FURTHER alternative, Evey points out you can try to repair Windows
XP itself (which will more fully repair WMP for XP along with it)-
To repair Windows XP:
a.. Boot from the Windows XP CD.
b.. Do not choose Repair when it is offered. That will take you to the
Repair Console and you don't want to be there.
c.. Choose Upgrade
d.. The installer will find your existing XP installation and offer to
repair it.
e.. Now you choose Repair.
f.. Let it do its thing.
g.. No loss in settings, programs or data. You will lose any
patches/updates, though.
(Courtesy of Zach @ http://www.nwlink.com/~zachd/pss/pss.html )
Also these always Help :)
Windows Files
Several variants of the CoolWebSearch trojan are overwriting Windows system files with copies of the trojan itself, reinstalling it whenever this infected file is called by Windows.
CWShredder detects and removes these infected copies. You can download the files replaced by the trojan here, if the version for your Windows version is available. Note that these are all for US-English Windows versions.
If the file is not available for your Windows version, you can always restore it from your Windows Setup CD!
Note: The files available for download on this page are taken from US English versions of Windows. If you have a Windows version in any other language, you should not use these files.
Contents
Files available here:
control.exe
rundll32.exe
wmplayer.exe
msconfig.exe
notepad.exe
Note: if you have a version of the file not listed here, please be so kind as to send it to me. Thanks!
http://www.spywareinfo.com/~merijn/winfiles.html
Windows Files
Several variants of the CoolWebSearch trojan are overwriting Windows system files with copies of the trojan itself, reinstalling it whenever this infected file is called by Windows.
CWShredder detects and removes these infected copies. You can download the files replaced by the trojan here, if the version for your Windows version is available. Note that these are all for US-English Windows versions.
If the file is not available for your Windows version, you can always restore it from your Windows Setup CD!
Note: The files available for download on this page are taken from US English versions of Windows. If you have a Windows version in any other language, you should not use these files.
Contents
Files available here:
control.exe
rundll32.exe
wmplayer.exe
msconfig.exe
notepad.exe
Note: if you have a version of the file not listed here, please be so kind as to send it to me. Thanks!
http://www.spywareinfo.com/~merijn/winfiles.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.