| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 80811 | 2007-07-05 22:59:00 | No video files will play (intermittent fault) | argus (366) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 566258 | 2007-07-05 22:59:00 | Any format - mpg, avi, wmv, as far as I can see all of them - and any player (I have tried Windows Media Player, DiVX, VLC and GOM Player). The most I can expect is a still image of the first frame of the video, but more frequently, it doesn't even open - and the whole system freezes. At first the cursor won'rt move, then perhaps it will do so with some delay, o will move but remain as an hourglass. Turning the machine off entirely and restarting it seems to be the only remedy - Ctrl-Alt-Delete doesn't bring up Task Manager for a selective termination of the offending application - even if I could point the cursor at it. The fault affected me for most of yesterday afternoon, then at about 5:30 (after an hour or so switched off) it abruptly cleared and everything performed faultlessly. This morning, I got about an hour's fault-free operation, then, about 6am it began again, and is still affecting the system. Everything else works well, if sometimes a bit slowly. WMP will play mp3 files; it seems to be just a video problem. Hardware: Toshiba Satellite laptop (about two years in my ownership and leased out for an unknown period before I got it); hard disk renewed/upgraded and all software reinstalled about six months ago. Operating System: XP Professional with st least two SP upgrades; when I tried to refresh the OS from the original CD it cautioned me not to as "the version on your computer is newer than the one on the CD" (which I got for an older machine shortly after XP was launched). Virus check (Norton) and spyware/adware check (Spybot Search & Destroy) both done for no result; virus-free and only a couple of pieces of adware, promptly deleted, but no improvement. Removed and reinstalled VLC and Gom players; still no joy. Any ideas? Could it just be age? Argus |
argus (366) | ||
| 566259 | 2007-07-06 00:35:00 | I would try trojan remover in my sig, and Rogueremover. You can post a hijackthis log too if u want. You may have picked something up. If u downloaded some codecs, you have to be careful as some are trojans. If Task Manager or regedit dont open, this is usually a sign of a trojan / worm or something nasty. |
Speedy Gonzales (78) | ||
| 566260 | 2007-07-06 19:40:00 | Thanks Speedy. Tried Trojan Remover and Rogue Remover; they find nothing. Hijack This presents me with a huge list that I can't make head or tail of - too big to post here. Obviously, as the documentation says, not everything it lists is suspect (it seems to have listed just about every .exe file on the whole system for a start). The oddest thing is that, as on Thursday, so on Friday; videos suddenly started behaving themselves again around 5:30pm. This time some wouldn't play, though most would (with no apparent pattern). The same ones were still playing early this morning (I got up at around 4:00 to check) but just now, at about 6:10 am, they've become unavailable and are once more jamming the system. I suppose if they can program viruses to know when it's Michelangelo's birthday, they can do one that knows when it's 5:30, but I don't see the point. (Gets obvious idea; goes away, having saved this in case I get another freeze). No, setting my clock back to 2:30 am doesn't work; same video still hanging the whole system. Any ideas? Argus PS: occastionally too, when I reboot, XP says "retrieving your settings" (or whatever the phrase is); that stage lasts for longer than normal, then it presents me with just the wallpaper, with no icons. It can take up to three more reboots to cure this problem. I've also had "Click you user name" with no user-name icons. Obviously the system is thoroughly compromised (hey for all I know it's had some dodgy porn planted on it too to entertain whatever repair shop I might be forced to take it to). But whatever's stuffing it is not known to Norton, Trojan Remover or Rogue Remover. Interesting. And worrying. |
argus (366) | ||
| 566261 | 2007-07-06 20:45:00 | Don't worry about the size of your HJT file argus, post it here so that Speedy can check it. | winmacguy (3367) | ||
| 566262 | 2007-07-07 00:03:00 | Don't worry about the size of your HJT file argus, post it here so that Speedy can check it. Here you go: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:08:37 a.m., on 7/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.0\CWDefScn.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Vidalia\vidalia.exe C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe C:\Program Files\Privoxy\privoxy.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PGPserv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.0\AcctMgr.exe" /startup O4 - HKLM\..\Run: [ncoOSCheck] C:\Program Files\Norton Confidential\osCheck.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: PGPtray.lnk = ? O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com 77367852 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program.exe (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8100 bytes |
argus (366) | ||
| 566263 | 2007-07-07 00:42:00 | Looks OK to me. Run HJT again tick these and tick fix checked. Close browser/s. You dont need these tho, theyre not nasty O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet |
Speedy Gonzales (78) | ||
| 1 | |||||