All media players keep pausing and starting

I have a problem that just started two days ago, and I believe it must be some sort of virus, even though none of the anti-malware programs I tried have detected anything. Yesterday while skipping through a movie on my laptop with Media Player Classic, at one point it began stuttering. Upon closer examination I notice that it was actually pausing and then starting again. Went to VLC and KMPlayer, but same thing. Figured the jumping around must have mucked up a codec, a graphics driver, or some other video file. First I did a system restore, which didn't help. So I uninstalled all three players and reinstalled with updated versions. No change. Completely removed the Nvidia drivers and programs, ran a cleaner in Safe Mode, and reinstalled the updated Nvidia drivers. Things seems to be okay with VLC, But MPC was still doing it. Back to VLC, and it's doing it too. I don't play games much, but I had a vintage Serious Sam First Encounter installed so I decided to give the graphics card a better workout than the videos give it, but it worked perfectly, even running the Demo videos.

I also noticed that if I was in a folder containing a video file (though it might have just been with AVI files), Window Media Player would continuously keep opening it (with the same stuttering, of course). I disabled it to prevent this (I never use it anyway).

After that I went the malware route, scanning with Malwarebytes, MS Security Essentials, and Spyware Terminator, but nothing was detected. At this point I still thought it might be something other than malware, so I download a video I wanted to watch onto a flash drive so that I could watch it on a desktop PC. Now the same thing is happening on the desktop, so I figure something must have hitched a ride on the flash drive, but despite scans and close scrutiny I can detect nothing unusual there.

Also, if I open an image file in full screen in IrfanView, it randomly runs through some of the image files in the same folder; upon leaving full screen, the behavior stops.

Hovering over an image icon in Explorer causes the pointer arrow to jiggle back and forth. On other files in Explorer the popup info balloon now disappears almost immediately when hovering over them. I now see that it also does it with the links on this page.

I also went back through my internet browsing history for Wednesday, but did not find anything that seemed suspicious. Nor any careless click of a link in an email.

I'm running Windows 7 64 bit on a three year-old locally built laptop with Nvidia GeForce GT 530M video card and Intel HD 3000 graphics adapter.

At this point, I'm at a loss. I'd hate to have to trash everything and do a reinstall. Any help or insights would be much appreciated.

 

I want to check out, back up, and save a few things before proceeding with this. Probably will get to the steps in a couple of days.

 

Finally got the opportunity to have a go at the removal process. I am attaching the log files, though it appears that the problem is gone. I have played and jumped around in the 3 mentioned media players, and the behavior is no longer present. The popup information balloons in Explorer do not disappear almost immediately as they were doing, and the pointer cursor does not flicker back and forth when hovering over a thumbnail icon.

Since the only program that really made any changes was Ccleaner, I'm guessing that it was the solution. HitmanPro detected a couple of items, but I don't think the Junkware Removal Tool is actually a trojan. Since I don't need it, though, I will go ahead and delete it.

Though the problem is fixed, out of curiosity, and for future reference, do you have any idea what may have been causing this behavior? And now that I am thinking of it, how did it get to the desktop PC? The only thing I did was upload a video file to a flash disk and then download it to the desktop. I don't believe I uploaded any other files to the flash disk in that relative period (it would have had to have happened within about a 24-hr period, I believe). Though I haven't run it through its paces fully, running CCleaner on the desktop also seems to have fixed the problem there.

I'm a bit afraid now to use the flash disk with the computers. Any way I can salvage the files on it and wipe it clean without reinfecting the computers (if it indeed actually was a virus)?

I am very appreciative that there are people like you with your abilities who are willing to help out those who are less savvy with such things. At the moment I am not in a position to express my gratitude with monetary support, but when I am able to, I will try to send at least a little something to help you continue helping others.

 

I'm afraid I spoke too soon. Everything was going fine for a couple of hours. I put all three media plays to use with no problems and they worked fine. But as I was watching a 1-hour recorded TV program a few minutes ago, halfway through it began acting up again. So the "fix" just seems to have sent whatever is causing the problem reeling into the ropes for a bit, and now its gotten its footing again. So disappointed. So it looks like I still could use your help.

Just to rule it out for you, I have not plugged in that flash drive or any other external data source other than my internet connection.

 

Ran Hitman again, but because I used it once about 8 months ago, the repair part of the program is deactivated. I deleted the files manually and backed up (exported) and deleted the registry entries. JRTdid its work, knocking out Hotspot Shield again for me in the process. What is it that it doesn't like about that program? ( I actually don't use it very often but it has been very useful the few times I have needed it).

Things seem to be working again, but after the previous experience, I am keeping the celebration in check for the moment. If it is still behaving well tomorrow, then I will break out the champagne and toast Major Geeks.

I wish now that I would have checked things out after the manual deletions, to see if perhaps the problem was with those couple of files or registry entries. Oh well, the main thing is that it works. Of course, it is still likely that the desktop PC will get wonky again (I have only used it for a few minutes after "fixing" it with CCleaner consequently it hasn't had much of a chance to go rogue yet), so perhaps I can check it out there if Hitman brings up the same files and reg entries.

So I won't thank you yet for the fix, but I will thank you for your guidance and time. I will let you know in a day or two if all is well (and sooner if not).

Addendum: I almost forgot, any advice regarding the flash disk that probably transferred the problem to the desktop PC?

 

So far so good. I think we may have gotten it this time. I will keep you posted.

This was the Hitman log for the laptop (the computer we are working on) before I removed everything manually. The scan I ran just now is clean except for the Threed20.ocx, which came back. Perhaps this is normal and belongs?

The computer I was actually referring to relative to this quote is the desktop PC, since the only program I ran on it was CCleaner. I thought this is where things might act up again and it would give me an opportunity to see if the files and keys shown by Hitman were to blame, before running JRT. But so far it is still behaving itself. So if it ain't broke...

I will try this, but seeing as the desktop PC probably got infected via this flash drive, if I plug it in to the laptop, isn't there a danger of reinfecting it?

 

The flash drive seems to come out clean. I redid all of the scans again and have attached results. It looks like nothing has been affected by using the flash drive.

I have had no problems since the cleanup on Thursday, so it appears we have knocked out whatever the problem was.

The desktop computer continues to function normally as well, so it looks like I won't get the opportunity to isolate what the problem may have been. It's an opportunity, though, that I don't mind having missed.

Once again, thank you for all your assistance.

 

I can't believe I'm back here again. Everything was working perfectly until today. I was part way through a video this afternoon and suddenly the skipping started again. The video itself is nothing new; it's been on the computer for nearly a year and it's never given me trouble before.

I ran through all the procedures again, especially following the final cleaning procedures that fixed it last time: CCleaner, Hitman (nothing to clean), and JRT. This time however it refuses to be fixed. The symptoms are even slightly worse this time.

I am attaching the usual files, though instead of the MalwareBytes log, which detected no problems, I am including the JRT log. RogueKiller seems to be showing more registry hits this time. As a note, I have installed Comodo Firewall since the last time.

Hope you can help again.

 

No, it's doing everything else it did before. The popup balloons disappear almost immediately, though this time not with items on the desktop. But in the Desktop folder it does happen. Selecting an item with a single left click makes the cursor move back and forth between arrow pointer and the processing circle. If this is an icon associated with opening a program, or at least some programs (JPG, PDF), it may crash Explorer. Clicking on an EXE file brings on the processing circle for a very long time and the fan usually kicks in, though I do not perceive any change in CPU use in Task Manager [edit: perhaps I missed this?]. It will stop after a short delay if I select another item in the same folder. The frequency and intensity of these behaviors seem to be random. As I write this, most of these behaviors have stopped or minimized. I just now clicked on CombFix.exe on the Desktop, the processing circle came on, this time explorer.exe showed over 90% CPU usage in TM, and after maybe 15 seconds Explorer crashed. Almost immediately after Explorer rebooted I tried a left click on a PDF file (all of this is on the Desktop, by the way), Explorer usage went up to around 20% CPU, and then crashed after about 10 seconds. After the reboot this time I let Explorer "settle" for a minute or two as I wrote the previous sentence. Clicked on the PDF file again and Explorer jumped around from 0 to as much as 20% CPU for maybe 2 minutes before finally crashing. Clicking on a folder seems to the same thing but with generally lower CPU figures, though it occasionally hits 20%, but so far it hasn't crashed Explorer. Deselecting an item by clicking on the Desktop stops the behavior.

With the media players, sometimes in VLC it will play a video with little or no skipping; simply the Play OSD arrow occasionally flashes on and off. Right now it is in a playable state, but yesterday and earlier it would constantly start and pause. In MPC it pauses and plays constantly for random times from maybe a second to 30 seconds (rarely). You can see the Play and Pause buttons being selected.

It still randomly moves through a folder's image files in IrfanView when in full screen mode.

I hope some of these newer observation are helpful to you. Here's hoping again that you can help me.

 

I just received your response as I posted this. Do you still think I should move to the software section? If it is not malware, why would it affect the desktop computer at the same time, which is running a different version of Win 7 (Enterprise. I am just now seeing small signs that the desktop is also returning to the problematic behavior; i.e., a pause in the middle of a video, little flickerings here and there).

I know this will bump me down in the queue but I thought it important.

I just had a hunch about this whole thing and decided to turn of the transparency feature in the theme personalization area, feeling that maybe the malware is working through the Aero feature. I also changed the background to get out of the previous theme. All of the bad behavior has stopped -- at least for now.

Hopefully this new bit of information will be of help. I will let you know if things revert.

 

Will do. Once again I am very grateful for your time and guidance, Kestrel13. May you be well always. :wine.

 

I was just cleaning up my bookmarks when I came across one to this thread. The problem soon came back, but not as bad as before turning the Aero transparency off. However, I finally discovered the source of this problem about two years ago (sorry for the late post). It turns out my wireless keyboard was picking up spurious RF signals on its receiver that mimicked certain functions of the keyboard. Since I use a KMV switch to use the same mouse and keyboard on both my laptop and desktop PCs, the problem was occurring on both computers. Changed out the mouse and keyboard and all is working without problem again. Wow, what a relief that was! Hope this may be useful to someone else.