Try this fix by Hattori and let us know how it goes:
http://forum.lowyat.net/index.php?showtopi...post&p=10982416

---

Added on April 1, 2007, 7:14 pmAlso, please do this after you've tried the fix by Hattori:

Please download OTMoveIt by OldTimer:

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  C:\WINDOWS\system32\wdata32.dll
  C:\WINDOWS\iun6002.exe
  C:\WINDOWS\system32\tlservet3.exe
  C:\WINDOWS\system32\Deleteme.bat
  C:\WINDOWS\IFinst27.exe
  C:\WINDOWS\rundl13a.exe
  C:\WINDOWS\uninstall\rundl132.exe
  C:\WINDOWS\LSASS.EXE
  C:\WINDOWS\system32\SVCH0ST.EXE"
  C:\DOCUME~1\Tan\LOCALS~1\Temp\upxdnd.exe
  C:\WINDOWS\RUNDLL32.exe
  C:\WINDOWS\CSRSS.exe
  C:\WINDOWS\SMSS.EXE
  
  
• Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
• Click the red MoveIt! button.
• Copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
• Close OTMoveIt.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well):



Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

1. The results report from OTMoveIt.
2. A new ComboFix log.
3. A new HijackThis log.

How are things running now? Please let me know of any problems that still persist.


This post has been edited by Sempurna: Apr 1 2007, 07:15 PM

Hi crazygalz,

OK, let's do this next.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well):



Save this as fix2.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: Thunder Browser Helper - {63B2D652-EAD9-4D6E-93ED-2CC51D22CF02} - C:\WINDOWS\system32\XunLeiBHO_001.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O23 - Service: C8518F14 - Unknown owner - C:\WINDOWS\system32\C8518F14.EXE (file missing)
O23 - Service: Windows SystemDown (tlWindows3) - Unknown owner - C:\WINDOWS\system32\tlservet3.exe (file missing)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please go to Start -> Run and type (or copy and paste) the following lines in the Open field, ONE AT A TIME, then click OK:

sc stop C8518F14

sc delete C8518F14

sc stop tlWindows3

sc delete tlWindows3


NEXT:

Please run OTMoveIt and quarantine the following files/folders (please also remember to copy the Results report and paste it in your next reply for me to see):

C:\WINDOWS\SYSTEM\network.exe
C:\WINDOWS\system32\C8518F14.EXE
C:\WINDOWS\system32\tlservet3.exe


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

For the Windows Media Player problem, have you tried uninstalling it, and then reinstall it to see if the problem goes away?

For the Yahoo Mail problem, please do this next.

Please download HostsXpert and save it to your desktop:

• Extract the zip file to your desktop or a permanent folder on your hard drive.
• Open the folder and double-click on HostsXpert.exe
• Make sure that the "Make hosts writable?" button in the upper right corner is checked.
• Click "Back up host files".
• Click "Restore original hosts".
• Click "OK" and exit the program.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

1. The results report from OTMoveIt.
2. A new HijackThis log.

How are things running now? Please let me know of any problems that still persist.

Hi crazygalz,



Yes, you can. Go to Add/Remove Program and click the Add/Remove Windows Components in the left pane.

Uncheck (untick) Windows Media Player and then click Next.
Follow the prompts to exit.

Reboot your system, then go back to Add/Remove Programs -> Add/Remove Windows Components, and check (tick) Windows Media Player to reinstall it. Click Next and follow the prompts to exit.

Reboot your system once more to complete the installation.

Let me know if Windows Media Player functions normally again.



Yes, it is "Create Backup". Then click on "Restore Microsoft's Hosts File".

Do you have some other media player other than Windows Media Player installed? Like Quicktime?

If you do, which one is set as the default player?

In the meantime, please do this next.

Please download DAFT and save it to your desktop:

1. Double-click the daft.exe icon. Read the disclaimer and click OK.
2. Click on the Scan button.
3. Save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.

Not sure, but is that program working? Is it set as your default player?

Try setting Windows Media Player as your default player and see if that works.

If you would like to set Windows Media Player as your default, open Windows Media Player and click on Tools across the top menu. A drop down box will appear, click on Options. Click on the tab File Types. Scroll down and place a check on the file types that you want to set WMP as the default player.

You're most welcome, crazygalz.

Since this problem appears to be resolved, this thread is closed.