Jump to content

Keylogger Help!

Recommended Posts

Hey when ever I startup my laptop, vista, TWO Window Media Player automatically pops up and sometimes they crash..(like the one where you have 'End Now' or 'Wait until it responds' something like that).

I did not even click them but as soon as window vista starts, those two pop up asap, even way before my anti virus avira.. I had keylogger before and I am worried if this is a keylogger and screencapture etc :P Please help me solve this problem~

Here is hijackthis version 2.0.3 Beta Logs

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 오전 5:47:39, on 2010-03-08

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe




C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe


C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe


C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe


C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe


C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe


O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"

O4 - HKLM\..\Run: [RandMAC] C:\Netmarble\MS\v1\MadMACs\MadMACs.exe doittoit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Windows Media Player] C:\Program Files\Windows Media Player\wmplayer.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://miniclip2.shockplay.com/robotrage/rearmed/default.php"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O15 - Trusted Zone: http://www.arad.jp

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab

O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/plu...ller.cab?v=1036

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.27.0.cab

O16 - DPF: {8E9089E1-0461-4F60-8150-1E334629ABB7} (CNeopleInstallAXCtlJap6 Object) - http://webdown2.nexon.co.jp/arad/real/installer/arad_dis.cab

O16 - DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} (CNxSysInfoCtrl Object) - http://platform.nx.com/ActiveX/nxsysinfo.cab

O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} (MOPlayerWnd2 Class) - http://www.melon.com/cab/P3MelWebInstall.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangame.co.kr/naver/music/pl...averAXGuide.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\School\assessment\npkcmsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


End of file - 13253 bytes

And here is the hijack Uninstall Lists

7-Zip 4.65

Aarons Cliker Version 2.89

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.3

Adobe Shockwave Player 11.5

Age of Empires III


America's Army 3

Any Video Converter 2.6.7

Aquatica Azure

ArtMoney SE v7.31

AuthenTec Fingerprint Sensor Minimum Install


Avira Premium Security Suite

Bejeweled 2 Deluxe

Belkin Wireless USB Utility

Brother MFL-Pro Suite DCP-165C

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch




ClientKeeper KeyPro with E2E for 32bit

CommView for WiFi

Compatibility Pack for the 2007 Office system

Counter-Strike 1.6

Counter-Strike 1.6


Diablo II

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Dragon Age: Origins


DTS+AC3 Filter

Dungeon Siege 2

DVD Decrypter (Remove Only)


DzSoft Perl Editor 5.8.7

EA Download Manager

EA Download Manager UI

EA Download Manager UI

ESU for Microsoft Vista

Ethereal 0.99.0

EUO 1.2

Four Houses

Game Booster



GOM Audio

GOM Player

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent


Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Active Support Library 32 bit components

HP Customer Experience Enhancements

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Integrated Module with Bluetooth wireless technology

HP Photosmart Essential 2.0

HP Quick Launch Buttons 6.20 B1

HP QuickPlay 3.2

HP Update

HP User Guides 0057

HP Wireless Assistant

ijji Auto Installer


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Before we begin, please go to VirusTotal, and upload the following file for analysis:

C:\Program Files\Windows Media Player\wmplayer.exe

Post the results in your reply.


Hello, thank you for taking care of me and this are my results!

a-squared 2010.03.07 -

AhnLab-V3 2010.03.07 -

AntiVir 2010.03.05 -

Antiy-AVL 2010.03.05 -

Authentium 2010.03.06 -

Avast 4.8.1351.0 2010.03.07 -

Avast5 5.0.332.0 2010.03.07 -

AVG 2010.03.07 -

BitDefender 7.2 2010.03.07 -

CAT-QuickHeal 10.00 2010.03.06 -

ClamAV 2010.03.06 -

Comodo 4091 2010.02.28 -

DrWeb 2010.03.07 -

eSafe 2010.03.04 -

eTrust-Vet 35.2.7342 2010.03.05 -

F-Prot 2010.03.06 -

F-Secure 9.0.15370.0 2010.03.07 -

Fortinet 2010.03.07 -

GData 19 2010.03.07 -

Ikarus T3. 2010.03.07 -

Jiangmin 13.0.900 2010.03.07 -

K7AntiVirus 7.10.990 2010.03.04 -

Kaspersky 2010.03.07 -

McAfee 5912 2010.03.06 -

McAfee+Artemis 5912 2010.03.06 -

McAfee-GW-Edition 6.8.5 2010.03.07 -

Microsoft 1.5502 2010.03.07 -

NOD32 4922 2010.03.07 -

Norman 6.04.08 2010.03.07 -

nProtect 2009.1.8.0 2010.03.07 -

Panda 2010.03.07 -

PCTools 2010.03.04 -

Prevx 3.0 2010.03.08 -

Rising 2010.03.07 -

Sophos 4.51.0 2010.03.07 -

Sunbelt 5780 2010.03.07 -

Symantec 20091.2.0.41 2010.03.07 -

TheHacker 2010.03.07 -

TrendMicro 2010.03.07 -

VBA32 2010.03.05 -

ViRobot 2010.3.5.2214 2010.03.05 -

VirusBuster 2010.03.06 -

추가 정보

File size: 168960 bytes

MD5...: 54e5e08643a4b26379abdf33ed761bda

SHA1..: e3628e4ce81560df22fedfb01b4d51fa3db4a099

SHA256: be39266204cbbf77ac7c78998940adda8b87021f93b1e1a30352405b060bc635

ssdeep: 3072:6jRIfdco0N5hVyhan/qtArmgPKDtLNAzyP+msVK0Zj:io0N5hVsYqtArnEm


PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x1238

timedatestamp.....: 0x4aa91960 (Thu Sep 10 15:21:04 2009)

machinetype.......: 0x14c (I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x1c11 0x1e00 5.80 d6504d94f7dba469fe134841be93c293

.data 0x3000 0x370 0x200 0.44 65d9f4ae1cfea8409bd15a01efd4b7e1

.rsrc 0x4000 0x26d70 0x26e00 6.61 0842a1438efc47055dd943beb89e3b72

.reloc 0x2b000 0x184 0x200 5.29 294291eb2dcc11d4738b1dd7a3873be7

( 3 imports )

> ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegCloseKey

> KERNEL32.dll: GetLastError, lstrlenW, CompareStringA, ExitProcess, FreeLibrary, SetErrorMode, GetProcAddress, HeapFree, SetCurrentDirectoryW, ExpandEnvironmentStringsW, HeapAlloc, CreateMutexW, GetStartupInfoW, GetProcessHeap, SetThreadPriority, GetCurrentThread, LocalFree, LoadLibraryW, FormatMessageW, GetCommandLineW, GetModuleHandleW, CloseHandle, SetEvent, OpenEventW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LoadLibraryA, InterlockedExchange, LocalAlloc, RaiseException

> USER32.dll: SetForegroundWindow, GetClassNameA, GetParent, GetDesktopWindow, GetWindowThreadProcessId, IsWindowVisible, GetWindow, MessageBoxW, GetSystemMetrics, ShowWindow, FindWindowW, SendMessageTimeoutW, IsIconic

( 0 exports )

RDS...: NSRL Reference Data Set


pdfid.: -

trid..: Win64 Executable Generic (87.2%)

Win32 Executable Generic (8.6%)

Generic Win/DOS Executable (2.0%)

DOS Executable Generic (2.0%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)


publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Windows Media Player

original name: wmplayer.exe

internal name: wmplayer.exe

file version.: 11.0.6001.7008 (vistasp1_gdr.090910-0436)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

Link to post
Share on other sites

  • Staff


Please open HijackThis, and select Do a system scan only.

Place a checkmark next to the following entry (if present):

O4 - HKCU\..\Run: [Windows Media Player] C:\Program Files\Windows Media Player\wmplayer.exe

Then, close all other open windows, leaving only HijackThis open, and select Fix checked.

Restart your computer and let me know what issues remain.


Link to post
Share on other sites

Hey whenever I try to open HiJackThis i keep getting this error,

"Windows cannot access the specified device,path, or file. You may not have the appopriate permissions to access the item."

Eventhough i uninstalled it and resinstall,, it still gives me the same error and cant execute.

*Side note, I am now running MBAM and Kaspersky KIS 2010 but when i change to kaspersky from Avira, i get this heavy cpu usage and computer lag.. especially when i run MBAM and Kaspersky together..

Also when i open process list I see 'System |304k| NT Kernal & System' Is this a trojan or virus?

also is it normal to have more than 10 svchost.exe and System Idle process with 97 CPU? O.o

Thank you in advance.

Link to post
Share on other sites

  • Staff
Hey whenever I try to open HiJackThis i keep getting this error,

"Windows cannot access the specified device,path, or file. You may not have the appopriate permissions to access the item."

Eventhough i uninstalled it and resinstall,, it still gives me the same error and cant execute.

*Side note, I am now running MBAM and Kaspersky KIS 2010 but when i change to kaspersky from Avira, i get this heavy cpu usage and computer lag.. especially when i run MBAM and Kaspersky together..

Also when i open process list I see 'System |304k| NT Kernal & System' Is this a trojan or virus?

also is it normal to have more than 10 svchost.exe and System Idle process with 97 CPU? O.o

Thank you in advance.


Add these files to Kaspersky's exclusion list, and see if the conflict/lag stops:



C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

The System process is normal, and multiple svchost.exe files are also normal.

System Idle Process is how much of your CPU is not being used, so that is normal as well.

Please visit this webpage for instructions for running ComboFix:


  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.


Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.