Member Avatar for CaliGal100

Hi, and thank you so much for this forum!
I've read problems simular but not quite like mine and was hesitant to follow the instructions given since they may not apply to me.

I did run the AVG Anti-Spyware as suggested in this topic, however I blew it and have 2 reports to share. I scanned before changing settings, then "fixed" 15 things, changed settings and scanned again. I will include both reports.

My problem started after visiting jokeroo.com and watching some funny videos. When I left the internet I opened Quicktime Pro to convert some of my own video, which I'd been working on with no problem for several days. Quicktime opened the .mov file, but when I clicked on "export" to convert it to an mpg4 file I received the following pop-up:
"Microsoft Visual C++ Runtime Library"
Buffer overrun detected!
Program: C:\ProgramFiles\Quicktime\QuicktimePlayer.exe

I tried a few times, no change, so I decided to try the conversion with another program I own called 'Video Edit Magic", which has also always worked with no problems. This time it opened fine, but when I tried to open a file it either shut down and disappeared or if I actually got a file opened it returned an error message and not being able to complete the process.

I tried Windows Movie Maker - that one just shuts down when I click "file" and before I can choose "open".

I uninstalled Quicktime and Itunes.
I ran McAfee Security Center Virus Scan.
I ran Registry Mechanic.
I ran SpyBot Search & Destroy.
I ran Lavasoft AdAware.
I reinstalled Quicktime.
No change.
I uninstalled QT again.
I contacted McAfee. Per their directions I disabled System Restore, booted in safe mode and ran a full scan. It found 7 things that had not been there before and removed them.

McAfee tells me it is not a virus and that I need to contact Quicktime for a patch.

Quicktime says it is Microsoft/Windows.

Microsoft says it is probably malware, please contact McAfee.

I've searched the phrase "buffer overrun detected" on many search engines and do not find my specific error.

Any ideas?

Thanks so much in advance.

Here are both AVG reports, the longest one was the first scan before putting the settings as recommended in your post. The second is after the cleaning. I searched for the file mentioned:
corkb100.exe (don't know what that is or why it's in my picture folder?) but "search" does not find it?

Thank you again!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:22:17 PM 5/31/2007
+ Scan result:

L:\Transfer from D\My Documents2\My Pictures2\open\Corkb100.exe/F0000019.DAT -> Adware.Gator : Ignored.
C:\Program Files\Common Files\{6194C90A-088C-1033-0117-060507190001}\system.dll -> Adware.Softomate : Ignored.
C:\Program Files\music_now\inetchk.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\WINDOWS\system32\wnstssv.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:44:16 PM 5/31/2007
+ Scan result:

L:\Transfer from D\My Documents2\My Pictures2\open\Corkb100.exe/F0000019.DAT -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{6194C90A-088C-1033-0117-060507190001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).

::Report end

  • 3 Contributors
  • 7 Replies
  • 142 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by Chaky

Recommended Answers

All 7 Replies

Member Avatar for CaliGal100

Did I post in the wrong place?

Member Avatar for happygeek

You posted in the right place, but need to give people time to read your problem and see if they can help. Not all problems get solved immediately, sometimes even DaniWeb members do not have a solution.

Member Avatar for Chaky

Please, download Hijackthis, extract it, run it and post the log here. We'll go from there.

Member Avatar for CaliGal100

Please, download Hijackthis, extract it, run it and post the log here. We'll go from there.

Thank you so much!
Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 5:30:59 PM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\arservice.exe
K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
K:\hijackthis_199\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=206.55.237.3
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Microsoft Explorer - {39D7900C-461D-86A5-81BA-CF35914FAC04} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180592016156
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{B612613D-54FA-420C-AC89-FEC59F31D82C}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - K:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Member Avatar for Chaky

I'm afraid that your problem isn't caused by malware. My best guess is that your mpeg4 (or quicktime) codec got corrupted or replaced by incompatible one or one that doesn't support coding (decoding only). WMP has a habit of automatically downloading and installing codecs. To find out which codec is causing problems, you will have to do a system of elimination. Try format by format converting (doesn't matter which software you use... they all use same codecs) until you are certain which video format you can't produce. I say mpeg4 codec is to blame.
If so, to repair the damage you will need to reinstall it. Biggest problem there is that video editing software (and video players) install codecs without notice or prompting, so finding which one installed working mpeg4 codec (or whichever is the problematic one) can be painfully long process. There are allot of codec bundles out there, but I can't recommend that option because not all codecs within those bundles are the latest ones, or fully coding and decoding capable.

Member Avatar for CaliGal100

Thank you.

I ended up buying another registry cleaner, it found some stuff but didn't fix the problem.

Because I needed to finish a project for work I just bit the bullet and reformatted my hard drive. I've reinstalled almost everything I need and so far so good.

Thank you again.

Caligal

Member Avatar for Chaky

Look on the bright side: atleast you have new regcleaner.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.