[crazyapple92]

All righty, for some time now the laptop I'm currently typing on has been having some serious video playback problems. I went through many steps to ensure that it wasn't any kind of codec conflict or programs interfering with each other. And finally I got sick of tinkering with it and as Windows 8 has their dev. version out I figured I'd just install that thus getting rid of whatever problems may be present. I was surprised to see that there was an option to keep all of my personal files and user accounts, now at the time I had no reason to believe this was malware so it seemed like a neat thing to try out... bad idea.

But here I am, running windows 8 and the problem still persists. All I can figure is there is some nasty little file buried in my personal files and it tagged along when I moved to 8 and then set up residence. As soon as I threw my codecs and player on here I tried and failed to view any videos.

I believe that about covers it, any help would be appreciated.

OTL log attached.

Attached Files

•  OTL.Txt   48.59KB   143 downloads

[Advertisements]

Something else worth mentioning:

I cant't be sure if this is the cause of my current issue of another one entirely, but I'll mention it as it may come in handy (once one of the 4 people who downloaded my otl log decide to post). In the previous OS which is where this problem began I had a windows.old folder that could not be deleted. And to be clear I know all the ways to delete locked folders and Microsoft's suggested steps to remove windows.old, NONE of them worked. No advanced removal programs would work either (unlocker, lock hunter, file assassin). And when I switched to windows 8 that folder came along for the ride. And I still can't remove it for the life of me.

Now I ran malware bytes before posting here, the quick scan found one infected registry key, a full scan found 2 trojans inside windows.old. I removed all 3 of those but the problem is still here. The fact that there were a couple viruses in there and the fact that I can't remove the thing from my computer no matter how hard I try makes me think there is some nasty malware in there, and it would be reasonable to think that's the cause of my video issues.

I have yet to try and delete the folder via command prompt or recovery console (I'm not sure if 8 has a RC or how to get to it yet). I figured it would be best to have an expert assist me in fixing the problem rather than just try to delete it and hope that does it.

I can proved the logs from both the malware bytes scans if needed.

[crazyapple92]

Something else worth mentioning:

I cant't be sure if this is the cause of my current issue of another one entirely, but I'll mention it as it may come in handy (once one of the 4 people who downloaded my otl log decide to post). In the previous OS which is where this problem began I had a windows.old folder that could not be deleted. And to be clear I know all the ways to delete locked folders and Microsoft's suggested steps to remove windows.old, NONE of them worked. No advanced removal programs would work either (unlocker, lock hunter, file assassin). And when I switched to windows 8 that folder came along for the ride. And I still can't remove it for the life of me.

Now I ran malware bytes before posting here, the quick scan found one infected registry key, a full scan found 2 trojans inside windows.old. I removed all 3 of those but the problem is still here. The fact that there were a couple viruses in there and the fact that I can't remove the thing from my computer no matter how hard I try makes me think there is some nasty malware in there, and it would be reasonable to think that's the cause of my video issues.

I have yet to try and delete the folder via command prompt or recovery console (I'm not sure if 8 has a RC or how to get to it yet). I figured it would be best to have an expert assist me in fixing the problem rather than just try to delete it and hope that does it.

I can proved the logs from both the malware bytes scans if needed.

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below.

I can proved the logs from both the malware bytes scans if needed.

Please do that.

[crazyapple92]

No problem, I'm just happy to be addressing the issue.

Logs are attached.

Attached Files

•  mbam-log-2011-12-12 (23-05-46).txt   2.08KB   110 downloads
•  mbam-log-2011-12-12 (23-14-13).txt   2.32KB   97 downloads

[Gammo]

Your OTL log appears to be clean, so it may not be a malware problem, just a 'normal' software problem. Let's dig a little bit deeper just to sure.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

[crazyapple92]

Well darn, combofix gave a message saying this OS is not supported. This is windows 8... Would running it in compatibility mode for Win 7 work? Will wait for your advice before trying anything else.

And as stated this is almost certainly not a software issue as I installed my codec pack and media player immediately after installing the OS and then attempted to play several types of video files. I only installed other applications after learning that the problem remained.

It does seem like an odd issue and perhaps not malware related but it's not hardware, it's not software, this is pretty much the only place left to look so I'd like to be %100 sure it's not malware before looking elsewhere (if there's anywhere left to look).

[Gammo]

ComboFix doesn't work on Windows 8. That's just the way it is. Don't try to get around that. Why are you even using Windows 8 as your main OS? It's far from a final version (it's a dev version) and it is therefore not recommended to use it as your primary OS.

I can throw in some more tools to check for malware, but I'll doubt they find something interesting to be honest.



(This tool may not work on Windows 8 either)
Please download DDS and save it to your desktop.

• Disable any script blocking protection.
• Double click dds.com to run the tool..
• When done, DDS will open two logs (DDS.txt and Attach.txt).
• Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.





ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!





Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[crazyapple92]

Why not? This is a total spare laptop that was running Vista before hand, I'd leave it here and there and only really ever use it for reading a recipe while cooking or a tech write up while under my truck. Things like that. Nothing to lose if things don't go well. I just wanted to fix the problem it had and get something a little more modern and functional while I was at it. I also wanted to play around with the dev. build of Win 8. It was two birds with one stone really, and if it didn't work out then it was an easy fix. But honestly despite one or two little bugs that needed some attention 8 is proving to be very stable and impressive so far, it's honestly more stable than the beta builds of 7 were back in the day. This is just my experience I know and I haven't been using it for long but so far I have no complaints about 8, minus the current issue (which isn't an issue specific to Windows 8).

But I digress.

DDS does not run on 8.
ESET reported several things. Log attached.
TDSSKiller reported nothing. Log attached.
GMER opens then immediately freezes, maxes out one cpu core and does not do anything even when left to run for near an hour.

Problem still present. Windows.old seems to be a haven for malware and such on this computer, malware bytes found two there, now ESET found a couple I believe. And no measures I take will get rid of it. I'd like to try deleting it through command prompt, please let me know if I can go ahead and do that now or if it will somehow interfere with your efforts to help me.

Attached Files

•  log.txt   2.16KB   115 downloads
•  TDSSKiller.2.7.1.0_14.01.2012_16.55.19_log.txt   90.24KB   148 downloads

[Gammo]

1. What exactly is broken? Please explain that to me in detail. I understand it's something with playing video's, but I don't know what exactly. The program crashes? You get an error? You have no sound or video? Which video player program are you using anyway?

2. Please download and install VLC Media Player: http://www.videolan.org/vlc/
Then try playing your video's with that program. Does that work?



Regarding the windows.old, this may delete it:

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Windows.old

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

[crazyapple92]

Hmm, unfortunately The Avenger does not support Windows 7 or 8. I'm not sure if its similar but I've tried File Assasin, Unlocker, and another similar program that I can't recall, none of which worked.

And I'm using CCCP which uses media player home cinema. These are the only codecs on the system. Regardless of file type, codec, or container any and all videos will simply open the player, but show no space for video. If you're not familiar with CCCP or MPHC it opens with a bar on top and bottom with a black space in between, if the file is a video it will play in that black space, if it's an audio file the black vanish and the two bars will stack on top of each other. So when opening a video it will look like an mp3 is playing and it will instantly stop itself. And of course pressing play or seeking will do nothing.

On another note CCCP will still play audio files just fine.

VLC plays videos without a problem. But it's an entirely standalone application that relies on internal codecs so this makes sense. I suppose it does prove I don't have some strange hardware problem though. Please understand that VLC has a few major problems (for my needs) that I'd prefer not to have to live with.

I know that this sounds like a codec problem but bear in mind that it's a fresh install and the previous system also had no codecs besides CCCP. And the previous system worked fine for years until one day it just stopped.

[crazyapple92]

And now I learn that I can't delete windows.old even through an elevated command prompt. I get a combination of "Access is denied" and "Directory not empty" messages.

I suppose I could try it outside of windows, that will be next I suppose.

[Gammo]

Regarding the video issue:

I'm 99% sure it's not malware related. You're just gonna have to trust me on this one.
- Your logs are clean. (at least nothing shows up that could possibly explain the video problem)
- The problem just doesn't sound like a malware symptom. It just doesn't make sense.
- Even if it was malware, a reinstall should have fixed it, which it didn't.

The most likely cause is a software problem, codecs indeed. Please download/install this codec pack: http://filehippo.com...te_mega_codec/. Then try running your video's in media player classic again. I always use that one myself.

Regarding windows.old:

Yes, we could go outside of Windows, but I'd like to try something else first.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

• Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  
• Click the Script tab and copy/paste the following text there:

DeleteFolder:
C:\Windows.old

• Click Execute Now. Your computer will need to reboot in order to replace the files.
  
• When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

If BlitzBlank doesn´t support Windows 8 as well, do this instead:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  [override]
  C:\Windows.old
  [stopoverride]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

[crazyapple92]

Yes, I more or less figured it wasn't, but it never hurts to be sure. And problem is still present with K lite.

But this is a security thread, I'll have to take this issue to the appropriate place.

BlitzBlank ran... Though to be honest I have no clue what it's function was meant to be? Windows.old is still present if that matters.

Log attached.

Attached Files

•  blitzblank.log   950bytes   138 downloads

[Gammo]

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Files
  [override]
  C:\Windows.old
  [stopoverride]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[crazyapple92]

Hmm, well that seems to have done the trick, thanks for your efforts, you were a huge help. Now I can scratch off a few problems and possible causes and get to fixing things.

The below was in the green column, uploading the log is giving me some trouble, will try it in another post.

C:\Windows.old\Program Files\GIMP-2.0 folder moved successfully.
C:\Windows.old\Program Files\Common Files\System\Ole DB\en-US folder moved successfully.
Folder move failed. C:\Windows.old\Program Files\Common Files\System\Ole DB scheduled to be moved on reboot.
C:\Windows.old\Program Files\Common Files\System\msadc\en-US folder moved successfully.
Folder move failed. C:\Windows.old\Program Files\Common Files\System\msadc scheduled to be moved on reboot.
C:\Windows.old\Program Files\Common Files\System\ado\en-US folder moved successfully.
Folder move failed. C:\Windows.old\Program Files\Common Files\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Windows.old\Program Files\Common Files\System scheduled to be moved on reboot.
C:\Windows.old\Program Files\Common Files\microsoft shared\vgx folder moved successfully.
C:\Windows.old\Program Files\Common Files\microsoft shared\MSInfo\en-US folder moved successfully.
Folder move failed. C:\Windows.old\Program Files\Common Files\microsoft shared\MSInfo scheduled to be moved on reboot.
C:\Windows.old\Program Files\Common Files\microsoft shared\DAO folder moved successfully.
Folder move failed. C:\Windows.old\Program Files\Common Files\microsoft shared scheduled to be moved on reboot.
C:\Windows.old\Program Files\Common Files\InstallShield\Professional\RunTime\11\50 folder moved successfully.
C:\Windows.old\Program Files\Common Files\InstallShield\Professional\RunTime\11 folder moved successfully.
C:\Windows.old\Program Files\Common Files\InstallShield\Professional\RunTime folder moved successfully.
C:\Windows.old\Program Files\Common Files\InstallShield\Professional folder moved successfully.
C:\Windows.old\Program Files\Common Files\InstallShield folder moved successfully.
C:\Windows.old\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients folder moved successfully.
C:\Windows.old\Program Files\Common Files\Apple\Mobile Device Support\SyncServices folder moved successfully.
C:\Windows.old\Program Files\Common Files\Apple\Mobile Device Support folder moved successfully.
C:\Windows.old\Program Files\Common Files\Apple folder moved successfully.
Folder move failed. C:\Windows.old\Program Files\Common Files scheduled to be moved on reboot.
C:\Windows.old\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\chrome folder moved successfully.
C:\Windows.old\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39 folder moved successfully.
C:\Windows.old\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared folder moved successfully.
C:\Windows.old\Program Files\AVG\AVG9\Toolbar.old\Firefox folder moved successfully.
C:\Windows.old\Program Files\AVG\AVG9\Toolbar.old folder moved successfully.
C:\Windows.old\Program Files\AVG\AVG9 folder moved successfully.
C:\Windows.old\Program Files\AVG folder moved successfully.
Folder move failed. C:\Windows.old\Program Files scheduled to be moved on reboot.
C:\Windows.old folder moved successfully.

OTM by OldTimer - Version 3.1.19.0 log created on 01152012_180927