Windows Media Player Not Working

[David2]

Hi all,

My computer recently caught a virus which caused some of my prorgammes to be hidden which I sorted for all, apart from windows media player. I tried windows turn on off features and the computer said on start up that the configuration had failed after I found out it had been turned off. I checked deafult programs as well to look for windows media player and I didn't find it.

Kind Regards

David

 

[C-11]

Welcome to Seven Forums.
Your computer may still be infected.

Just be sure, download & run a full scan with Malwarebytes
Remove check mark next to Pro version trial while installing.

Also, run a full scan with SUPERAntiSpyware.
Decline the Trial version while installing.

To disable SUPERAntiSpyware from launching when Windows is booted, simply go open the program and hit Preferences and then uncheck the box that says Start SUPERAntiSpyware when Windows starts.

Then run Unhide from bleepingcomputer to see if you'll be able to find Windows Media Player.

Do post back please.

 

[David2]

Thank you for your assistance, I tried the three different bits of sotware and it still did not fix the issue.

Though now I believe the issue was caused by a windows update which has gone wrong. When ever I try to use window features to turn features on and off it does not work properly. However I have found out that windows security centre service has been turned off and when I try to turn it on, an error message pops up saying it can't.

I bought the computer from an independent dealer about 2 1/2 years ago who built the computer themselves and I only recently found out that they have a poor record.

 

[cottonball]

David2,

As C-11 mentioned...

Your computer may still be infected.

Let's see what your system shows with the following short scan...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version for your system 32-bit, or, 64-bit (button with x64)
Click the applicable dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.
Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.



~~~~
Also, download Farbar Service Scanner



Save to the Desktop

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

Also, do you get any error message with Windows Media Player?
If so, what does it say?

 

[David2]

Thank you very much for your help, I downloaded the two bits software and did teh scans.

This was the report RogueKiller gave:

mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : David P [Admin rights]
Mode : Scan -- Date : 02/23/2013 17:18:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[SHELL][SUSP PATH] HKLM\[...]\Winlogon : Userinit (C:\Windows\system32\userinit.exe,C:\Windows\system32\config\systemprofile\AppData\Local\rmfrgnmv\asweqqvm.exe,) [x] -> FOUND
[TASK][SUSP PATH] Funmoods : C:\Users\DAVIDP~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[TASK][SUSP PATH] Hoolapp For Android : C:\Users\DAVIDP~1\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[TASK][SUSP PATH] Hoolapp Init : C:\Users\DAVIDP~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe /Minimized [x] -> FOUND
[TASK][SUSP PATH] {7621D280-7FF8-4553-ADA3-136B0267AEA4} : C:\Users\Owner\Desktop\medieval2.exe [x] -> FOUND
[TASK][SUSP PATH] {76FD6E1C-F586-4BE5-8D99-62DE24B363C8} : C:\Users\Owner\Desktop\medieval2.exe [x] -> FOUND
[TASK][SUSP PATH] {78544985-76BA-4B4B-8DE0-B9AE390B216F} : C:\Users\David P\Desktop\wmpfirefoxplugin.exe [7] -> FOUND
[TASK][SUSP PATH] {9B93C97B-5D4F-4B20-BA93-E2F0727DF4EA} : C:\Users\Owner\Desktop\medieval2.exe [x] -> FOUND
[TASK][SUSP PATH] {C23C23E7-6DBE-4D7F-B587-A256D4083C8F} : C:\Users\David P\Desktop\wmpfirefoxplugin.exe [7] -> FOUND
[STARTUP][SUSP PATH] GameRanger.lnk @David : C:\Users\David P\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [7] -> FOUND
[STARTUP][SUSP PATH] GameRanger.lnk @David P : C:\Users\David P\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [7] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: STM3250318AS ATA Device +++++
--- User ---
[MBR] 414b2dd44670912d08085945d08314cb
[BSP] d2bdd07840f6ee8bea85f8a37fa53a33 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02232013_02d1718.txt >>
RKreport[1]_S_02232013_02d1718.txt

I was suprised that my gaming software GameRanger had an issue because I use it to play games online with friends.

Finally the Fss.txt from Farbar Service Scanner showed this:

Farbar Service Scanner Version: 20-02-2013
Ran by David P (administrator) on 23-02-2013 at 17:21:11
Running from "C:\Users\David P\Downloads"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Hope these two texts help.

 

[David2]

I could only see windows media player in the turn windows features on and off program and when the computer restarted to make the changes, it would load to say configuration change 98% etc. Then it would say configuration chanegs failed then it loads my desktop unchanged.

 

[cottonball]

David2,

My apology for the delay...just do not hang around this forum, and forgot all about it.


Please run RogueKiller once again:

Close all windows and browsers
Right-click RogueKiller and select 'Run as Administrator'

Wait until the Prescan finishes
The Status box shows PreScan Finished

Now, press: Scan

When done, on the right, click: Delete (or Remove)

Wait until the Status box shows: Deleting Finished

Click on Report and provide the content of the new Rkreport (Mode: Remove) in your reply.


After doing this, try your WMP once again.

We will address the Action Center issue after we get rid of the malware.

 

[David2]

I did a scan which was the same as the old report, then pressed delete and I did a new scan.

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : David P [Admin rights]
Mode : Scan -- Date : 02/24/2013 19:08:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: STM3250318AS ATA Device +++++
--- User ---
[MBR] 414b2dd44670912d08085945d08314cb
[BSP] d2bdd07840f6ee8bea85f8a37fa53a33 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238372 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_S_02242013_02d1908.txt >>
RKreport[1]_S_02232013_02d1718.txt ; RKreport[2]_S_02242013_02d1903.txt ; RKreport[3]_D_02242013_02d1907.txt ; RKreport[4]_S_02242013_02d1908.txt

P.S I use the small scale icon as well.

 

[David2]

When I used features, an error message appeared but I found out I could use window media but after I restarted my computer I could not find windows media so I had to go into windows features again to turn windows media back on.

 

[cottonball]

David2,

The steps we are undertaking involve Registry editing. Please create a backup of the Registry using ERUNT (Emergency Recovery Utility NT):
ERUNT Download
Instructions:
Backing Up The Registry Using ERUNT - Geeks to Go Forums
Windows 7 may require for you to allow the installation if the User Account Control (UAC) prompt appears.


Next, please download the following Registry files:
http://download.bleepingcomputer.com/win-services/7/wscsvc.reg
http://download.bleepingcomputer.com/win-services/7/WinDefend.reg
Save to the Desktop (easy to find)

Right-click each Registry file and select: Merge

Now, press the Windows key and R at the same time.
In the Run box, type: notepad
Press: OK

Highlight the entire contents inside the following quote box, and copy/paste the text to Notepad.

@Echo off
sc config wscsvc start= delayed-auto
sc config windefend start= delayed-auto
sc start wscsvc
shutdown -r -t 1
del %0

In Notepad, select File > Save as...
Press the Desktop entry on the left side.
In the File name box, type in: fixsvc.bat
Press: Save
Close Notepad.

Right-click fixsvc.bat on the Desktop, and select: Run as Administrator
Press Yes if prompted by the User Account Control.

When the batch commands are applied, Windows restarts.

~~~~
Run Farbar Service Scanner again, and provide the contents of FSS.txt in your reply.

 

[cottonball]

David2,

Edited the commands in the quote box above!!

My apology, forgot to start the Security Center service.