Over 1 million tech questions and answers.

Agony With wmpscfgs.exe

Q: Agony With wmpscfgs.exe

Despite my efforts to maintain a clean and safe computer, something miserable has bitten me. I'm not entirely sure what the issue is, but I know something unusual is going on.

Here are some signs and symptoms ...

Recently, after periods of unattended downloading, I would lose internet connectivity. The only way I could regain connectivity would be to reboot. Reboot would take what felt like forever. Sometimes there would be a windows dialogue box asking for login credentials for dial-up, which is odd considering I am not on dial. Recently, it has been discovered that all boot ups are agonizingly slow with apparent lengthy periods of inactivity (ie hard disk activity, or even a signal being sent to the monitor) On average, 4-5 minutes to boot up.

Today, while surfing, my AVG anti-virus went crazy picking up immediate virii from websites that were appearing out of know where. Bam Bam Bam Bam! A new virus infected webpage auto opens and is caught by AVG. There was also an unusual blue webpage titled windows critical update that could not be closed. I use Firefox, not IE, but if I recall, these websites may have been hosted by IE.

I have randomly been asked on occasion to shut down.

I have lost ability to access regedit (says the administrator has removed privledges, even in safe mode as the administrator). Even known workarounds commonly available on the internet have failed.

I am unable to run Adaware ... it says it's already running, when it's not ... that I am aware of.

Spybot had identified only 5 unresolved malware entries for zlob.AR and has removed these threats.

AVG virus scan found 3 instances of a virus that was in archived application packages downloaded from the internet. These have been removed. Virus scans are coming up clean. The virii that was discovered in the barrage of website attacks was also identified and taken care of at the time of attack.

I run an application called "process detector" and this is where my concern comes from. Every minute, a process starts called wmpscfgs.exe. Right now as I type this, there are currently 28 instances running, and growing. Each marked "dangerous", size of 32 KB, associated with filename c:\program files\internet explorer\wmpscfgs.exe . These processes are not identified in Task Manager. These processes cannot be stopped or deleted (Access is denied.). The processes are all siblings of other applications/processes running, like firefox, AVG, etc.

I assume this is the wmpscfgs.exe Virus, or something as sinister. I googled for removal instructions and found such from a reputable source, however, was met with several challenges along the way preventing me from proceeding successfully. .

One such instruction was to remove wmpscfgs.exe from the internet explorer directory. I am able to delete wmpscfgs.exe from my c:\program files\internet explorer directory, but it keeps coming back. When it comes back, a new process appears.

There were no wmpscfgs.exe processes to kill in task manager. The ability to kill these processes in Process Detector is denied.

I am a novice when it comes to computers and have generally had success removing threats etc. from my computers in the past, but this seems beyond my ability.

I have provided the additional support information as requested. In the time it took to prepare this documentation, from a fresh bootup, there were over 400 instances of wmpscfgs.exe running. In the end, my system was barely functional, lacking in response to any command or action. This information was collected offline, I was not connected to the internet. As I write this now, the instances of this process continue to increase, one every 1 and a half minutes. AVG has detected a virus threat from a downloaded file, which was promptly deleted. Whatever this thing is, it is visiting sites and downloading harmful files for execution.

I sure hope there can be a resolution found quickly. I appreciate all the support that can be offered. I look forward to hearing back soon.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Rob at 14:34:15.82 on Mon 03/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1168 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Maintenance\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://thefreevpn.com/home.php
uSearch Page =
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\rob\fiwhfx.exe \s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Internet Explorer Plugin: {2a45ddd3-8407-482f-b53d-dc90669c9e59} - jvyj42.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {b70a1a54-6dfb-4ad8-9a62-2c00a3cc5bb4} -
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm .exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\maintenance\spybot - search & destroy\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [snp325] c:\windows\vsnp325.exe
mRun: [Rogers SHS] c:\program files\rogers\selfhealing\shs.exe
mRun: [TurboHddUsb] c:\program files\turbohddusb\TurboHddUsb.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AtiPTA] Atiptaxx.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\multimedia\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NBKeyScan] "c:\multimedia\nero\nero8\nero backitup\NBKeyScan.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mExplorerRun: [RTHDBPL] c:\documents and settings\rob\application data\systemproc\lsass.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\micros~1\office12\EXCEL.EXE/3000
IE: En&queue current page with Bulk Image Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\internet apps\bulk image downloader\iemenu\iebid.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\67789765.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212019091000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: app_dll.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rob\applic~1\mozilla\firefox\profiles\5981jyrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\5981jyrg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\5981jyrg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\rob\local settings\application data\yahoo!\browserplus\2.5.1\plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\multimedia\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-25 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-25 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-25 360584]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-10-18 7040]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-2-17 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-2-17 108904]
R2 aawservice;Lavasoft Ad-Aware Service;c:\maintenance\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-25 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-25 285392]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-2-17 779496]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2009-5-25 144696]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2008-4-7 163840]
R2 spydetector;spydetector;c:\maintenance\spyware process detector\spydetector.sys [2008-6-22 9216]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-10-18 17792]
S0 baukg;baukg; [x]
S2 ATITVAUDIO;ATI WDM TV Audio;c:\windows\system32\drivers\atinsnxx.sys [2008-8-28 28672]
S2 ATIXBAR;ATI WDM Audio Video Crossbar;c:\windows\system32\drivers\atinxbxx.sys [2008-8-28 31744]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2002-2-18 303360]
S3 DCamUSBLTN;3Com PC WebCam Lite;c:\windows\system32\drivers\vqcam.sys --> c:\windows\system32\drivers\vqcam.sys [?]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-1-25 182528]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2008-11-27 10218624]

=============== Created Last 30 ================

2010-03-08 18:24:28 4 ----a-w- c:\program files\5783421.dat
2010-03-08 16:45:14 4 ----a-w- c:\program files\4330171.dat
2010-03-08 15:18:24 40448 ----a-w- c:\documents and settings\rob\atiptaxx.exe
2010-03-08 15:18:24 40448 ----a-w- c:\documents and settings\rob\atiptaxx .exe
2010-03-08 15:18:23 40448 ----a-w- c:\documents and settings\rob\nwiz.exe
2010-03-08 15:18:23 40448 ----a-w- c:\documents and settings\rob\nwiz .exe
2010-03-08 15:18:16 40448 ----a-w- c:\documents and settings\rob\rundll32.exe
2010-03-08 15:18:16 40448 ----a-w- c:\documents and settings\rob\rundll32 .exe
2010-03-08 15:18:15 40448 ----a-w- c:\documents and settings\rob\rthdcpl.exe
2010-03-08 15:18:15 40448 ----a-w- c:\documents and settings\rob\rthdcpl .exe
2010-03-08 14:30:03 94208 ----a-w- c:\windows\system32\app_dll.dll
2010-03-08 14:29:35 40448 ----a-w- c:\windows\system32\rthdcpl.exe
2010-03-08 14:29:35 40448 ----a-w- c:\windows\system32\rthdcpl .exe
2010-03-08 14:29:14 5140 ----a-w- c:\windows\system32\iapot
2010-03-08 14:29:14 34304 ----a-w- c:\windows\system32\jvyj42.dll
2010-03-08 14:28:55 0 d-----w- c:\docume~1\rob\applic~1\2555381E50B1F9879CD41212AF4DB552
2010-02-22 17:02:01 0 d-----w- c:\program files\TVersity Codec Pack
2010-02-17 23:46:18 0 d-----w- c:\program files\iPod
2010-02-13 01:19:53 0 d-----w- C:\Video2
2010-02-13 00:58:35 0 d-----w- c:\program files\Microsoft Network Monitor 3

==================== Find3M ====================

2010-03-08 19:33:55 40448 ----a-w- c:\windows\vsnp325.exe
2010-03-08 16:51:34 40448 ----a-w- c:\windows\system32\atiptaxx.exe
2010-03-08 16:51:33 40448 ----a-w- c:\windows\system32\nwiz.exe
2010-02-22 17:02:15 84468 ----a-w- c:\windows\system32\unins000.dat
2010-02-22 17:02:12 691717 ----a-w- c:\windows\system32\unins000.exe
2010-01-31 20:49:20 129579 ----a-w- c:\windows\fonts\AdobeFnt.lst
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-18 13:11:04 256 ----a-w- c:\documents and settings\rob\pool.bin
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 00:18:18 138529 ----a-w- c:\windows\fonts\AdobeFnt07.lst
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-07-03 19:41:05 139264 --sh--r- c:\windows\system32\67789765.dll
2008-08-28 22:04:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat
2009-10-25 14:25:26 97237536 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-25 14:25:27 4988960 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 14:34:50.57 ===============

RELEVANCY SCORE 200
Preferred Solution: Agony With wmpscfgs.exe

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Agony With wmpscfgs.exe

Kaspersky Labs Online file scanner has identified the file wmpscfgs.exe as being infected with Trojan-Dropper.Win32.Agent.bsmw .

There is very little reference material online regarding this virus.

Since posting original message, I have scanned again with onboard AVG virus can, and online Housecall scan. Both identified several other virii, but not the one in question. These secondary virii were removed as part of the scan process.

Read other 6 answers
RELEVANCY SCORE 47.6

Deckard's System Scanner v20070826.66
Run by Chad on 2007-08-31 01:43:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2007-08-31 05:44:01 UTC - RP188 - Deckard's System Scanner Restore Point
30: 2007-08-30 08:34:58 UTC - RP187 - Software Distribution Service 3.0
29: 2007-08-30 06:47:12 UTC - RP186 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
28: 2007-08-30 03:18:06 UTC - RP185 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
27: 2007-08-28 23:30:38 UTC - RP184 - System Checkpoint


-- First Restore Point --
1: 2007-08-07 21:29:00 UTC - RP158 - Installed Windows Media Player 10


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Chad.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:03 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\l... Read more

A:OH the Agony of pop-ups!

Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Now, start the computer in Safe Mode:When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Press Enter to boot into Safe Mode.
Open SmitfraudFix Double-click smitfraudfix.cmd
Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

~~~~
Restart the computer to complete the removal process.

~~~~
Also download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please run HijackThis once again to obtain a new log.

~~~~
Please post the SmitFraudFix report located at C:\rapport.txt , the ComboFix.txt, and a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 46.8

I ran chkdsk when starting windows and it has been running for two days and no end in sight at all! What to do? And i desperately need a laptop.

Please help!

Read other answers
RELEVANCY SCORE 46.8

I hope someone out there will help me! I have this Movieland thing going on and it's driving me nuts. I read Jelly_tots post earlier today and followed the advice as far as the HijackThis log, but now I need to know what to do from here!! Please help me! The log is below:
Thank you!!

Logfile of HijackThis v1.99.1
Scan saved at 5:00:19 PM, on 11/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MediaPipe\MPTray.exe
C:\Program Files\AltPayments\AltPayments.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\MediaPipe\DownloadManager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Pack... Read more

A:Movieland agony

Read other 7 answers
RELEVANCY SCORE 46.4

MS Update installed a Realtek driver that really does not agree with my system. I'm fine with the MS 5 High Def version.

Ever time I g to device manager and programs & features and delete it and spec the MS generic version I'm good for about a minute then the Realtek gets installed. Even after I delete the folder in programs. I am totally stumped here as this version MS is pushing out is really having problems and I cant make it go away.

I have gone to advanced settings and set it to prevent downloading ANY driver updates at all. It keeps coming back.

I've tried just about everything I can find on Google. I'd really appreciate some help on this. It began happening after this past Tuesdays update. I had other issues (now solved) with that update

A:MS Realtek driver agony - please help

The following steps worked for me...
First uninstall the faulty driver, but do not restart your machine until you do the following:

Type"Device Installation Settings" in your Windows search box. A result named "Change device installation settings" should show up.

?Choose No

Once that's done, you have to go into the Windows Update Settings and change it to "Notify Schedule a restart".

Now go ahead and do a restart.

At this point, the driver won't automatically install, but will be listed in Windows Update. Microsoft expects you to install it anyways. What you need to do is hide it from Windows Update. Download the "Show or hideupdates" troubleshooter package

https://support.microsoft.com/en-us/kb/3073930

That tool will then let you see what's in Windows update and you can then hide it from Windows update.

Read other 0 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Here is the dilemma that I am currently in. I just installed XP on a WD 40GB hard drive. I have been using a maxtor 80GB up till now for storage. Well, I want to transfer all the digital photos and files (Which I have yet to burn, by the way). and put them onto the 40GB. I see both HDs on bios. I see both HDs in device manager. I dont see BOTH hard drives in MY COMPUTER!!! From what I keep reading, the only way windows will see the 80GB is if I partition/format it. There is one problem with that: I will lose all of my files if I partition/format it. Is there a way I can transfer these much needed files over??? PLEASE HELP!!!!

Thanks,
JGC77
 

A:hard drive agony -- please help!!

I had a Western digital and a Maxtor HDD together in a system a few years ago. I can remember that they didn't both work together. Since then, I have sort of become brand loyal and only use Maxtor (Western digital and most others are just as good)-I don't mix hard drives. Most drives will work together but occasionally you get two that don't and you can avoid the possibility of this by just using one brand. If this is the case, then you might be able to put them both on different IDE channels long enough to transfer files.
If it isn't brand compatability, then check to see (in cmos) that your unrecognised drive is using the same access mode as it was before when it worked, probably LBA. If it is somehow set to a different mode, then what you described is exactly what happens.
In event of a corrupted partition, you may need to buy some partition salvaging software. One peice of software you can get for free usually on the Maxtor site is Maxblast, which runs on DR. DOS (one comes with each new boxed HDD too, if you still have it somewhere). If you download this HDD installation disc, and put it on a floppy it will give you a lot of great utilities to install and troubleshoot Maxtor hard drives.
One more thing to check is the cable. I have had ribbon cables that had one wire break somewhere and even though the drive continued to work, funny things would happen. You do have the proper 80 pin (not 40 pin) IDE cables, right?
 

Read other 2 answers
RELEVANCY SCORE 46.4

Hi all, after loosing my desktop Medion PC - maybe consecutive to audio folder downloaded + win media player plugin download (post in Vista forum)- now the VAIO lapton win can't start windows. Can't remember how to satrt in safe mode and then what should I do. PLEASE HELP, urgent all my work is stock in these 2 PCs. I only got one PC left.
Thanks Thanks Thans for URGENT HELP>
 

A:Solved: laptop in agony

Read other 7 answers
RELEVANCY SCORE 46.4

Hi Everyone,

Here is the dilemma that I am currently in. I just installed XP on a WD 40GB hard drive. I have been using a maxtor 80GB up till now for storage. Well, I want to transfer all the digital photos and files (Which I have yet to burn, by the way). and put them onto the 40GB. I see both HDs on bios. I see both HDs in device manager. I dont see BOTH hard drives in MY COMPUTER!!! From what I keep reading, the only way windows will see the 80GB is if I partition/format it. There is one problem with that: I will lose all of my files if I partition/format it. Is there a way I can transfer these much needed files over??? PLEASE HELP!!!!

Thanks,
JGC77
 

A:Hard drive agony -- please help

Why can't you use the Data Lifeguard Tools diskette that came with you WD HD? I just put a new WD in last month and I only formatted the new drive before copying over data.
 

Read other 2 answers
RELEVANCY SCORE 46.4

can anyone tell me if sound card drivers exist for a sbt-sp6c 6 channel 5.1 surround sound audio card to run in vista x64? the card has two chips on it. the large one is a forte media fm 801-au. the small chip is a realtek alc650.

i have not been able to find the correct drivers to install the card in my pc. i have tried many different drivers and none have worked. i've tried all the realtek sound drivers. none have worked. i have downloaded the latest forte media drivers i can find. they don't work with vista x64.

please, help if you can. it's very frustrating not being able to install the sound card.

thanks in advance.

A:sound card agony 2

Originally Posted by glennpalmore


can anyone tell me if sound card drivers exist for a sbt-sp6c 6 channel 5.1 surround sound audio card to run in vista x64? the card has two chips on it. the large one is a forte media fm 801-au. the small chip is a realtek alc650.

i have not been able to find the correct drivers to install the card in my pc. i have tried many different drivers and none have worked. i've tried all the realtek sound drivers. none have worked. i have downloaded the latest forte media drivers i can find. they don't work with vista x64.

please, help if you can. it's very frustrating not being able to install the sound card.

thanks in advance.



Hi Glenn, Welcome to the Forum.

The best answer here is probably to buy a new sound card

Pooch

Read other 2 answers
RELEVANCY SCORE 46.4

Hello Peeps,    I just received T520 package today and my excitement suddenly turned to grief when I saw a bright glowing red dot on my screen. OMG... a dead pixel right out of the box! Did I just drop my hard earned grand that I have been saving for months on something that would bug me for the rest of the products life?    I quickly searched Lenovo's dead pixel policy and almost fainted when I found out the unit has to have at least 3 dead pixels to be considered for replacement noooooooo...wahhhh....boohohoho..sob       Why did they ship out a unit with dead pixel??? I'm pretty sure it was NOT missed by QA because it glows like a laser beam in the dark and a dead pixel would not develop while in transit!           I'm going to contact Lenovo post sales tomorrow and really hoping something can be done. I know some of you will consider this as another guy who got a dead pixel rant, but man, when someone spend this amount of cash, and I'm not rich, I would at least expect to receive a non-defective product. Oh Lordy, I should have trusted my instinct and buy something of this value in a brick and mortar store. Hoping for the best but this night would not be a pleasant one. Sigh,Jason   













Solved!

Go to Solution.

A:Dead Pixel Agony

You just got it and you're not satisfied you can return it.So return it.The End





T520 Model 4239 Intel(R) Core(TM) i7-2860QMbr>; Nvidia NVS 4200M Win 10 64bitZ70-80 I7 - 5500U 16GB GB - 1TB HD Win 10 64bit FHD 17.3", G840 w/2GB

Read other 9 answers
RELEVANCY SCORE 46.4

I have read other forum topics about the problem I am having (a blinking red icon in my windows quickstart menu). I continually have the process cool.exe popping up and it's making a strange "clicky" sound from my cpu-- sort of like the sound you get when you're about to access dialup.Anyhow, I'm a Master's student at a major Canadian university and it's not helping my thesis that I have these constant ads popping up and these malware problems.Any help would be appreciated greatly! Thanks!Logfile of HijackThis v1.99.1Scan saved at 7:05:19 PM, on 18/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\crypserv.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Prevx1\PXAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ishost.exeC:\Program Files\ATI Technol... Read more

A:The Agony Of My Malware Infections

You have no active AntiVirus!Get the free AVG 7 install it, check for updates and run a full scanAVG 7 - http://free.grisoft.com/freeweb.php/doc/2/========================Add remove programs - remove logitech desktop messenger==================You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typi... Read more

Read other 11 answers
RELEVANCY SCORE 46

Please help me with this infection! I have run the following programs with no luck to remove the infection: HitmanPro (Kickstart), Malware Bytes Anti-Rootkit, JRT, ADWcleaner, SuperAntiSpyware, Malware Bytes Anti-Malware and Dr Web Cureit.
 
Any assistance would be greatly appreciated!
 
Here is my DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17037
Run by Mayra at 8:11:46 on 2014-01-30
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.1.1033.18.445.63 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\AOL\1173975032\ee\aolsoftware.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PR... Read more

A:AGONY - wininit.sys - NTRootKit-K - infection!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/522612 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 25 answers
RELEVANCY SCORE 46

Okay quick run up on how XP boots Boot.ini file loads windows. Most experienced users know the way to check a boot path is the msconfig option from run that is on every windows except win 2000. Start>Run>msconfig>boot.ini. You can change some boot options here and get rid of os's that were deleted with their boot path. But you know what not so on Vista, it uses a whole new system called bcdedit.exe I believe that boot.ini doesn't even see or acknowledge. So to bring you up to speed here's what happened:

I was on the release candidates with build 2600 I tried to install it to my 2nd spindled drive. A totally seperate physical drive I labeled as F:. It wouldn't work it would give the black screen of death with no blinking cursor, no nothing, just my monitor looking at me saying "I'm glowing amber on my led what are you going to do?". Obviously install Norton Partition Magic and make room for it on the main drive.

So now I stretch out room on my C: for two more partitions. Another Primary I label G: and an extended volume I label as H:. Guess what Vista RC1 build 2600 works great! I get a dual boot option after the motherboard logo goes away and it will default to Vista but I can also choose Vista...... for about 2 weeks then the same pill looking icon Windows says to install for protection starts causing problems, I think the thing was PC Chillin or something like that. I uninstall it, RC1 kind of works but inevitably something is ... Read more

A:Dual Booting and the agony of Vista

Read other 14 answers
RELEVANCY SCORE 45.2

A client brought in his laptop a few days back saying it wouldn't start up anymore. I took a look..

When turning on the laptop, I am presented with a HP login screen requesting a fingerprint or password. This password is known, we type it in and get a windows error stating that the bootloader is corrupt.

I figured this would be easy enough - simply repair the bootloader. I booted off of the windows 8 disk and tried startup repair. Startup repair failed, because it could not access the drive the OS is installed on.

I decide to look up what the HP login screen post-bios is all about. It turns out HP Protect Tools was used to encrypt the partition the OS and my clients (important!) data is on. I later found out that messing with the bootloader on a drive encrypted with HP's software can mess things up further, so I'm glad in a way that the windows DVD repair options didn't function.

I searched online for ways to recover the data and found a way to perhaps rescue the files here:
ftp://ftp.hp.com/ftp1/pub/caps-softpaq/TCE&Q/
However, this method requires the backup encryption key (typcially saved to usb) to work.

Now here comes the fun stuff. The guy this laptop belongs was not aware that his drive was encrypted and didn't even know it was installed.. His laptop was originally installed at his companies main office, so we turned there to get the key file required to unlock the files on the drive. They don't have the backup encryption key. Brilliant.

Oh, did I mention tha... Read more

A:Hp Protect tools plus corrupt bootloader = agony

Any settings in BIOS for this HP Protect Tools?
Would a Live Linux see the data? You can try Linux Mint MATE for this purpose.

Read other 6 answers
RELEVANCY SCORE 45.2

Hi. Need help with the wmpscfgs virus. MBAM Pro has spotted it and continually quarantines.

Please advise as to how to permanently remove.

A:Need help with wmpscfgs

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 45.2

Hey, I've had a virus for a little while and I'm pretty sure I've narrowed it down to a program called "wmpscfgs.exe." No matter how many times I delete it and with what program, it keeps coming back and in the same place. I've searched for that file in the Windows Search and found it in three places; in C:\Program Files (x86)\Internet Explorer, C:\Windows\Temp, and in C:\Windows\Prefetch. I scanned all three with MBAM and found that only the first one appears to be a virus (Don't know if it could be wrong). So I'm pretty sure it is the one in the Internet Explorer folder, but I don't know what to do or how to get rid of it.

I have Windows XP, I've used MBAM many times to try to get rid of it, and another thing I noticed is that my regedit.exe was disabled, but it randomly isn't anymore.

A:wmpscfgs.exe

And I have been getting some popups recently about how my computer is infected and how I should download some random program.... It even runs fake scans, so I ran MBAM and it seems to have stopped it, but I'm not too sure.'Edit: Sometimes when I do run MBAM, when I try to delete the viruses that were found, it randomly closes out of MBAM.Edit Again: I found another post that seems to be exactly how mine is, except I am running xp. http://www.bleepingcomputer.com/forums/t/305561/user-protection-jsmui-wmpscfgsexe-trojan-infection/ I got rid of User Protection, but I still have the wmpscfgs.exe and js.mui in my Internet Explorer folder (even though I never use IE). The poster apparently figured it out, but didn't elaborate at all =/

Read other 17 answers
RELEVANCY SCORE 44.8

Hi guys,Thank you for the help in advance!I've been alerted by avg that Trojans have infected my system. Sure enough, a minute later, acrotray.exe and wmpscfgs.exe keeps popping up. I used Mbam to remove it and the pop ups were gone. Still every check with mbam and also spybot shows that I've still got trojan in my system. It keeps detecting the wmpscfgs. I've closed my pc for the night and when I next open and try to post here, I've gotten the Blue screen and restart 2x after I try to run the Gmer. The first time I got the Blue screen was right after Gmer started and failed to do it's thing. The second time was maybe 1 minute after Gmer again failed. I don't have a Gmer log included because of that. This morning, also, instead of just 2 Trojans, Mbam has detected 9. One of them being Wuaucldt. I feel like my system is very infected now. So any help is welcomed! Thank you!DDS (Ver_10-03-17.01) - NTFSx86 Run by Janice Teng at 7:02:52.18 on Wed 24/03/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Ultimate 6.1.7600.0.1252.65.1033.18.3039.1696 [GMT 8:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\sy... Read more

A:Wmpscfgs and Wuaucldt

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 13 answers
RELEVANCY SCORE 44.8

I'm using Windows 7 - 32 bit and IE8
I have found WMPSCFGS.EXE in the folder of IE in my comp and it kept popping up a ton of warning messages all over the time. Moreover, IE's pop-up blocker seems not to work properly since ads still popping up. I tried to remove it by using Kaspersky antivirus but still not work.

May someone help me solve these problems please? I would appreaciate.

Here is the log:
=======================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:35 PM, on 3/31/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
R1 - HKCU\Software\Microsoft\Internet Explor... Read more

Read other answers
RELEVANCY SCORE 44.8

Hello,

About two weeks ago I was at a forum, and apparently the forum was attacked and I got a trojan on my computer. For a bit it was Windows Defender Pro, which I had a hard time uninstalling and getting rid of, since it killed my browser, my AVG scanner, and Malware Bytes. and had constant pop ups and such.

I did get rid of that using Malwarebytes; however, I am recently experiencing a recurring file trying to execute. It is wmpscfgs.exe.

I have tried many many times to have this thing deleted from my system but it keeps coming back. It is present in my Users/Local/Temp folder, in my Program Files(x86)/Internet Explorer folder, and C:/Windows folder.

It keeps coming back and I think that it is also responsible for random audio advertisements in my PC background.

I am running Windows Vista Home Premium 64-bit.

Please let me know what other information you would like.

A:Annoying wmpscfgs.exe

You still having the problem with the above? If so, here's how I "solved" the problem. Because this thing keeps coming back to life after a reboot, there is obviously something in startup that's creating the executables. Here's what I did to get rid of this big nasty:

(I have Windows 7)

go to Start . . . select . . . in the search field type msconfig. This will open a System Configuration window. Select the Startup tab. This will reveal everything that loads when you boot. Drag and expand the Command field so you see the path of all the startup programs. (They will all be executables.) Here comes the hard part. You will have to go to the folder of every startup program and look for two almost identical executables. The only difference you will see between the two is a space between the file description and the dot before the exe. Example: sttray64 .exe and sttray64.exe. The sttray64 .exe is the original (and legit). What the virus did was rename the original by adding a space and then created a new executable with the original name. You will also notice a difference in the icons of both executables. The icon associated with the sstray64 .exe is the proper icon. The other icon is associated with the virus created executable. Shred every virally created executable with CWShredder (go to cnet downloads for the freebie) and rename the altered (original) executable by just removing the space. This is the labor intensive part but it must be done.

After you ... Read more

Read other 1 answers
RELEVANCY SCORE 44.8

My second laptop is infected with wmpscfgs.exe, malwarebytes cannot remove it. What I have to do?
Thank you in advance, and please help!

A:wmpscfgs.exe infected, help

Hello there,

Can you please post me the log of Malwarebytes Antimalware so I can see a bit more in detail about what file this is?

Read other 1 answers
RELEVANCY SCORE 44.8

Hey, I was told to post these logs here by boopme. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/308533/wmpscfgsexe/ ~ OB Also, this might be of interest in analyzing this machine: http://www.bleepingcomputer.com/forums/t/308969/activearmor-firewall/ ~ OB This virus showed itself when a program called User Protection installed itself on my computer. I got rid of that, but wmpscfgs.exe is still here in my Internet Explorer folder. Here are the OTL(DDS doesn't work on my computer) logs and the GMER log:OTL logfile created on: 4/13/2010 10:01:49 PM - Run 1OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrator\Desktop64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18372)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 298.08 Gb Total Space | 224.61 Gb Free Space | 75.35% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loa... Read more

A:wmpscfgs.exe virus

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 3 answers
RELEVANCY SCORE 44.8

Despite my efforts to maintain a clean and safe computer, something miserable has bitten me. I'm not entirely sure what the issue is, but I know something unusual is going on.

Here are some signs and symptoms ...

Recently, after periods of unattended downloading, I would lose internet connectivity. The only way I could regain connectivity would be to reboot. Reboot would take what felt like forever. Sometimes there would be a windows dialogue box asking for login credentials for dial-up, which is odd considering I am not on dial

Today, while surfing, my AVG anti-virus went crazy picking up immediate virii from websites that were appearing out of knowwhere. There was also an unusual blue webpage titled windows critical update that could not be closed. I use Firefox, not IE, but if I recall, these websites may have been hosted by IE.

I have been asked on occassion to shut down.

I have lost ability to access regedit (says the administrator has removed priveledges, even in safe mode as the administrator)

I am unable to run Adaware ... it says it's already running.

Spybot identifies only 5 unresolved malware entries for zlob.AR and has requested restart to resolve.

My AVG antivirus has not detected anything beyond the virii in the temporary folders likely associated with the crazy website activity.

I run an application called "process detector" and this is where my concern comes from. Every minute, a process starts called wmpscfgs.exe. Right no... Read more

A:Oh No! 28 instances of wmpscfgs.exe!!

Hello and Welcome.

Thanks for taking the time to outline your issues in detail. Many do not. However, we would need a set of logs to more effectively help you.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 44.8

I've now reached meltdown and need help.
I continuously have the file wmpscfgs.exe opening on restart on my computer. I have done everything that I have seen on these forums without any success. I have currently downloaded HJT but have yet to install. I have it on my laptop, the issue is with my Desktop.
Although most of the programs identify and remove the operating file wmpscfgs.exe, they fail to remove the item causing it to run. The problem does not appear when in safe mode, only when logged in as per normal usage.
Since first appearing on my system on 1 Jan I have severely limited acces to the internet and hope that I have not let the Malware spread too far into the system. I have not had most of pervious people's problems. I don't have any pop up windows appearing, or music running in the background. All that I have is various wmpscfgs.exe files running, along with iexplore.exe running uncomanded.
I am currently running ESET NOD32 which has picked up wmpscfgs.exe in two folders calling it Win/32TrojanDownloader.Unruy.AY and says it is cleaned by deletion.
I was running Norton360, have tried SmitFraud, MalwareBytes, SUPERAntispyware,Spybot, DrWebCureit and now NOD32 which is currently running.
I think the only thing that has kept it at bay at the moment is Security Task Manager where I disable the files when they appear.
Can anyone please guide me further as I have just read on a windows forum that this re-writes some Key files that cannot be immediately re... Read more

A:Infected - wmpscfgs.exe

Did you remove Norton360 before installing NOD32? If not, you need to do so as ssing more than one anti-virus program is not advisable. The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management. Even when one of them is disabled for use as a stand-alone scanner, it can affect the other. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior. Please perform a scan with Kaspersky Online Virus Scanner.-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.[/i]Vista users: need to right-click either the IE or FF Start Menu or Quick Launch Bar icons and select Run As Administrator) from the context menu.Read the "Advantages - Requirements and Limitations" then press the ... button.You will be prompted to install an ap... Read more

Read other 22 answers
RELEVANCY SCORE 44

Hi,

I find the WMPSCFGS.EXE virus/Trojan.agent ..

I follow the link

http://www.howtogeek.com/howto/9727/
how-to-get-rid-of-the-wmpscfgs.exe-virus-a-reader-contributed-guide/



But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..

How can I remove it ....

Please advice

A:how to remove WMPSCFGS.EXE trojan

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 44

Hi,
I find the WMPSCFGS.EXE virus/Trojan.agent ..
I follow the link

http://www.howtogeek.com/howto/9727...mpscfgs.exe-virus-a-reader-contributed-guide/

But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..
How can I remove it ....
Please advice
 

A:hot to remove WMPSCFGS.EXE virus

Is this the same as the post here on the same machine ???
http://forums.techguy.org/malware-removal-hijackthis-logs/892726-missing-srr-exe-file-win.html
 

Read other 3 answers
RELEVANCY SCORE 44

Hi there. I've had some sort of virus for around a week now. It popped up last weekend - I noticed my headphones were picking up audio commercials. It didn't register with me that that could indicate some sort of infection. A few days later there was a new flashing icon in the system tray telling me I needed to install virus protection. It was 'Antivirus Live.' I ran rkill and managed to get rid of the flashing icon, and things were all right for a few days. Then the audio commercials started playing again, Internet Explorer would open spontaneously with with infinite blank tabs, and the fake virus warnings have come back. I think the source of all this discontent was a Temp file called wmpscfgs.exe. It kept reproducing itself and would not let me delete it. Malwarebytes' didn't work either. So this is where I probably made my biggest mistake. I searched up 'wmpscfgs.exe' and found a page for SUPERAntiSpyware... Wikipedia said it was safe, and I do genuinely think it was. So I ran a scan, it found the files, and gave me the option to delete/quarantine them. So I clicked 'OK' and it said I'd have to reboot. No biggie, right? I figured it would solve the problem. So start up works great. I select my user account, plop in my password, and click 'Login.' Except now I'm greeted with my cursor sitting in the middle of this empty black screen. I've tried restarting, I've tried running in safe mode... nothing. From the b... Read more

A:Trojan - wmpscfgs.exe...? And some complications

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 8 answers
RELEVANCY SCORE 44

I run Malwarebytes Pro and I recently encountered an infection where all of my Autorun executables were being renamed to have a space before the name and another executable was being put in its place. I manually removed all of these dummy .exe's and searched the entire drive for any other .exe's with the same file size and recent modification date. I removed all I found. I've not run into any further issues similar to this.

I originally removed wmpscfgs.exe and js.mui from various folders using MBAM.

However, Malwarebytes Pro is popping up daily saying that wmpscfgs is infected in my Internet Explorer directory. Each time, I tell it to quarantine. Rinse, repeat. Malwarebytes continuously pops up down at the bottom of the screen saying 'Malwarebytes has blocked access to a potentially harmful website at 58.240.239.70' or something similar. The popup doesn't stay up long enough for me to get exact wording. (The IP varies, but this is the most recent pop up as of now.)

I've scanned with MBAM, SASW, CWShredder... It's still happening and I'm at a bit of a loss as to how to proceed. Any help is greatly appreciated.

I am running Windows 7 64 bit.

A:wmpscfgs.exe Keeps coming back

Hello,At this point I'd suggest you follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 44

Posting here, as instructed by Orange Blossom.I run Malwarebytes Pro and I recently encountered an infection where all of my Autorun executables were being renamed to have a space before the name and another executable was being put in its place. I manually removed all of these dummy .exe's and searched the entire drive for any other .exe's with the same file size and recent modification date. I removed all I found. I've not run into any further issues similar to this.I originally removed wmpscfgs.exe and js.mui from various folders using MBAM.However, Malwarebytes Pro is popping up daily saying that wmpscfgs is infected in my Internet Explorer directory. Each time, I tell it to quarantine. Rinse, repeat. Malwarebytes continuously pops up down at the bottom of the screen saying 'Malwarebytes has blocked access to a potentially harmful website at 58.240.239.70' or something similar. The popup doesn't stay up long enough for me to get exact wording. (The IP varies, but this is the most recent pop up as of now.)I've scanned with MBAM, SASW, CWShredder... It's still happening and I'm at a bit of a loss as to how to proceed. Any help is greatly appreciated.I am running Windows 7 64 bit. I don't know if GMER just isn't compatible with the OS or what, but I wasn't able to select any of the checkboxes other than Services, Registry, Files, and ADS in addition to the C drive. It found nothing and the ark.log is empty, so I've not uplo... Read more

A:wmpscfgs.exe Keeps coming back

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 81 answers
RELEVANCY SCORE 44

Hi

I have got the protection system virus and the WMPSCFGS.exe virus, i have tried Malwarebytes software and this gets rid of the protection system virus, but when i reboot the computer, it comes back, i found a website that told me how to get rid of the WMPSCGS.exe virus, but this tells me show hidden files, but i cannot click on the folder options, i get a message box saying explorer.exe can not be found, so can not get rid of this virus, i am at my wits end with these virus's.

I am using vista home premium.

Please help

Read other answers
RELEVANCY SCORE 43.6

Hi,

I find the WMPSCFGS.EXE virus/Trojan.agent ..

I follow the link

http://www.howtogeek.com/howto/9727/
how-to-get-rid-of-the-wmpscfgs.exe-virus-a-reader-contributed-guide/



But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..

How can I remove it ....
I use combofix before .
After reboot , the virus/trojan WMPSCFGS.exe is still existed .
Please advice


Please refer to the attachmnet below
http://www.techsupportforum.com/f100/how-to-remove-wmpscfgs-exe-virus-trojan-464584.html#post2612485


there is the necessary log file

A:Cannot remove virus/trojan WMPSCFGS.exe

As I said in your previous post,

http://www.techsupportforum.com/f100...an-464584.html

you're being helped elsewhere

http://www.geekstogo.com/forum/how-t...t-t269488.html

Go there, work with Rorschach112. Do NOT create another topic here for this issue.

Thank you.

Read other 1 answers
RELEVANCY SCORE 43.6

Hi,

I find the WMPSCFGS.EXE virus/Trojan.agent ..

I follow the link

http://www.howtogeek.com/howto/9727/
how-to-get-rid-of-the-wmpscfgs.exe-virus-a-reader-contributed-guide/



But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..

How can I remove it ....

Please advice



DDS (Ver_09-12-01.01) - NTFSx86
Run by Chui King Man at 20:04:27.73 on 02/25/2010 Thu
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_18
Microsoft Windows XP Professional 5.1.2600.3.950.852.1033.18.1983.986 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscnt... Read more

A:how to remove WMPSCFGS.EXE virus /Trojan

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.




As you've posted for help at several other forums, and are receiving help already, this thread is closed. Please have the courtesy to have other threads closed so a helper at another forum does not waste time researching your issue.

Read other 1 answers
RELEVANCY SCORE 43.6

Hi,
I find the WMPSCFGS.EXE virus/Trojan.agent ..
I follow the link
http://www.howtogeek.com/howto/9727/...ributed-guide/
But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..
I use Combofix before .
But the problem is still existed after reboot the PC.
How can I remove it ....
Please advice
The preivous question is fix .It is new question
 

A:how to remove WMPSCFGS.EXE virus /Trojan

Do not create new threads for the same problem even across different sites as you are wasting resources.

This is the second thread closed for you regarding this machine.

http://forums.techguy.org/malware-removal-hijackthis-logs/905233-hot-remove-wmpscfgs-exe-virus.html

If you post again on this issue your account will be disabled for a minimum of 3 days.
Reply to your thread at geekstogo
 

Read other 1 answers
RELEVANCY SCORE 43.6

So..

Over the past few days my computer's been going verrrrry sluggish.
I thought it was just due to my harddrive slowly getting towards the full side.
It wasn't until last night, that I knew I had some bad stuff.

My windows firewall was turned off. I turned it back on, and it turned itself off.
I started to panic, so ran spybot. It came up with a few things, and removed 4 of the 5
pieces of rubbish. However, as mentioned, there was still one there... so i rebooted
and ran spybot again... and again it couldnt be removed. I started to panic more,
so turned off my internet, hopped onto a friends computer and trawled through the
internet, armed with the name of a dodgy exe file (igqjj.exe). I searched around
and got some advice by leeching off other's posts in forums, and came back to my
laptop after downloading several programs (MBAM, Regmech, hijackthis, things like that).

I've run all the programs in safe mode, and they got rid of some stuff, but again...
wmpscfgs. is still here grrrr! I read another forum post, telling some to open regedit.exe
and do something (to help remove wmpscfgs.exe) and i tried it, and realised my regedit
doesnt work.. Which is mooooreee malware, supposedly.

Can I have some help in removing these horrid things?

Tell me what I should do . Please

And thank you.

Read other answers
RELEVANCY SCORE 43.6

Hello,

I got a rogue antivirus on my desktop computer yesterday, which is fun because i've been having virus issues on my laptop also. I got the rogue program removed using a bleepingcomputer guide, but now AVG shows me constant (about once every 2-3 minutes) "Threat detected" warnings, that the file name C:\Program Files\Internet Explorer\wmpscfgs.exe is infected with "Trojan horseSHeur3.BXZ" If I don't click "move to vault" or "heal" within a few minutes, the window will change to a detailed view of multiple threats with that file name listed as being infected. If I do remove/heal the infection, the same thing just happens again within a few minutes.

When I try to move/heal when there are multiple instances of the file listed, it will remove the most recent one but say "the specified file is not found" when trying to delete the original one.

Other than this problem, the computer is running great. Any suggestions would be greatly appreciated. You guys have helped me constantly and a thoughtful tech is helping with my laptop as we speak, this seems like a less serious problem since I can manage the problem using AVG, but it is very annoying and makes me think if I make one wrong move I'll get another rogue program.

Thanks,

Fred
running a Dell Dimension E510
Windows XP Service Pack 3

A:C:\Windows\InternetExplorer\wmpscfgs.exe problems

This is possibly a False positive. We should double check it before we take action.Lets' upload this file for a second opinion on what it actually is..Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsPlease click this link-->JottiWhen the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit. <filepath>suspect.file Please post back the results of the scan in your next post.If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/NOTE:For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.

Read other 9 answers
RELEVANCY SCORE 43.2

Hi,

I find the WMPSCFGS.EXE virus/Trojan.agent in win XP home edition..

I follow the link

hxxp://www.howtogeek.com/howto/9727/
how-to-get-rid-of-the-wmpscfgs.exe-virus-a-reader-contributed-guide/

But after reboot, the virus/Trojan,agent WMPSCFGS.EXE is still found ..

How can I remove it ....

Please advice

A:how to remove WMPSCFGS.EXE virus/Trojan agent

You have posted a Malware type log here and you are already receiving assistance.Please refrain from asking for help from others while you are being instructed by someone helping you with a Malware log elsewhere. Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the Helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. If you had posted your log here, similar rules would apply. We would ask that you refrain from asking for help elsewhere. If you followed any other advice already, please ensure you inform the MRT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.To avoid confusion, I am closing this topic. If you still need assistance after your log has been reviewed and you have been cleared, please start a new topic. If you have any questions, please PM me or another moderator.Thanks for your cooperation.

Read other 1 answers
RELEVANCY SCORE 43.2

Hello thanx in advance,Fricken kid downloaded something off Bit torrent and now I am getting all kinds of iexplore.exe running invisible and playing advertisements for products and stuff. Then it started connecting to different mail servers as I noticed the mail scanner from AVG keep popping up showing trying to connect to different IP addresses every couple mins. Then last night it started with the Windows XP 2010 Anti-virus bogus malware program pop ups. Windows Defender keeps coming up stating that it is seeing a bogus process and asks me to accept or deny this process:Resources:file:C:\WINDOWS\tasks\At##.jobfile:c:\program files\internet explorer\wmpscfgs.exeI have tried to delete wmpscfgs.exe and it keeps re-adding it self. I have tried to rename Iexplore.exe to .old and Iexplore.exe keeps coming back.I have windows Defender running, Windows firewall, Spy Bot S&D Teat Timer running, AVG 8 Full version running, Norton Protection Center running. I have done several scans with AVG, SB S&D, Malewarebytes. it has found some stuff to where the Email scanner and the XP 2010 antivirus stuff has stopped but I still show that wmpscfgs.exe there and the invisible IE windows running with advertisements playing over speakers. Today I have been having random Tabs in Firefox popping up web sites for junk / advertisements. I see from other posts you wanted Hijackthis and OTL logs so here are both of those:Logfile of Trend Micro HijackThis v2.0.2Sc... Read more

A:wmpscfgs.exe and also invisible ie windows running advertisements.

Still having Issue, Now got IE windows popping up to add sites about 10 and hour any help???===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your t... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

It all started when a popup started up on it's own and my system started a 'security scan'. It installed the "user protection" fake security program. Using MBAM, I managed to clean up almost all of that - MBAM found a lot of real problems besides user protection that I fixed. But...1. MBAM can not delete js.mui and 2 instances of wmpscfgs.exe. It reboots the system, but I think the startup programs (#2 below) reinfect the system.2. I have found some exe files that have been duplicated and renamed, adding a space before the suffex ( .exe). Here are a couple...C:\program files (x86)\avg\avg9\avgtray .exeC:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon .exeC:\program files (x86)\itunes\ituneshelper .exeC:\program files (x86)\adobe\acrobat 9.0\acrobat\acrotray .exeI'm running windows 7 64bit with NBAM, firefox, AVG installed. I got as far as I know how... Please help!MarkCODEMalwarebytes' Anti-Malware 1.44Database version: 3922Windows 6.1.7600Internet Explorer 8.0.7600.163853/28/2010 3:36:51 PMmbam-log-2010-03-28 (15-36-51).txtScan type: Quick ScanObjects scanned: 107681Time elapsed: 2 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected:... Read more

A:User Protection, js.mui & wmpscfgs.exe trojan infection

I have managed to solve this. Thanks!Mark

Read other 2 answers
RELEVANCY SCORE 42.4

It all started when I got the FBI DOJ virus. I got rid of it:
Malwarebytes helped me unlock the computer
SuperAntiSpyware helped me get rid of the remaining fbedojg.exe processes and self-installing startup scripts
However, since then I started experiencing another problem which I can't resolve. As soon as I connect to the internet, without having started any programs, the CPU usage spikes to full capacity and I start hearing these random sound clips playing simultaneously. They sound like radio or video ads and news clips.
 
In the Task Manager I saw that when I connect to the Internet, just as the sound clips are about to start, two instances of wmpscfgs.exe appear, and then disappear within seconds.
 
Other seemingly innocent system processes appear in Task Manager when the computer is on, even though logically they shouldn't - which I think could be the trojan. If I uninstall the corresponding program or end process, another such process from another program appears.
 
Would so much appreciate your help... Thanks in advance!!
 
Attaching the requested logs...
 

A:Sound clips play simultaneously when I connect to the Internet (wmpscfgs.exe)

Hello silverstoneI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

Read other 16 answers