Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wincodecpro infection wipes out audio/video


  • Please log in to reply
1 reply to this topic

#1 cmk4

cmk4

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 19 February 2009 - 12:01 AM

My start screen turned into a red lettered message * all media systems on your computer have been crashed*. I can still access the internet, but no media. A website wincodecpro.com pops up occasionally. Your help is appreciated.

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 22:41:05.93 on Wed 02/18/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.27.1033.18.1982.1510 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\program files\avg\avg8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\notepad.exe
c:\program files\avg\avg8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\documents and settings\hp_administrator\desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-system: NoDispAppearancePage = 1 (0x1)
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
uPolicies-system: NoDispSettingsPage = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\mle55pcs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\mle55pcs.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCMListControl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcyworld.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: XUL Cache: {F171D067-0A94-4AEF-93FE-43FE0702DC31} - c:\documents and settings\hp_administrator\local settings\application data\{F171D067-0A94-4AEF-93FE-43FE0702DC31}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-11 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-7 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-7 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-7 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-9 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-9 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]

=============== Created Last 30 ================

2009-02-18 19:58 389,120 a------- c:\windows\system32\CF26416.exe
2009-02-18 19:29 2,924,367 a------- c:\program files\ComboFix.exe
2009-02-18 16:32 <DIR> --d----- c:\program files\Trend Micro
2009-02-18 16:14 812,344 a------- c:\program files\HJTInstall.exe
2009-02-18 13:52 <DIR> --d----- c:\program files\MediaSystem
2009-02-17 06:44 3,136 a------- c:\windows\system32\vscan.dat
2009-02-11 19:05 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-11 19:03 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-11 08:01 34,543,112 a------- c:\program files\Ad-AwareAE.exe
2009-02-04 17:55 132,096 a------- c:\windows\iqedadotib.dll
2009-01-25 23:14 136 a------- c:\windows\system32\srvblck.tmp
2009-01-25 23:14 <DIR> --d----- c:\windows\system32\dtw5d
2009-01-25 23:14 <DIR> --d----- c:\windows\system32\cks
2009-01-25 23:14 <DIR> --d----- c:\windows\system32\UAs
2009-01-25 23:11 997,888 a------- c:\windows\system32\dllcache\kernel32.dll
2009-01-25 23:11 21,504 a------- c:\windows\system32\dllcache\powrprof.dll
2009-01-25 23:11 997,888 a------- c:\windows\system32\nwklr.ini
2009-01-25 23:11 989,696 a------- c:\windows\system32\korlg.ini
2009-01-25 23:11 850,944 a------- c:\windows\system32\nwwlnt.ini
2009-01-25 23:11 826,368 a------- c:\windows\system32\worlg.ini
2009-01-25 23:11 21,504 a------- c:\windows\system32\nwpp.ini
2009-01-25 23:11 17,408 a------- c:\windows\system32\pporlg.ini
2009-01-25 23:11 42,048 a------- c:\windows\system32\ldshyr.old
2009-01-22 15:13 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-01-22 13:56 109 a--sh--- c:\windows\system32\2761079719.dat

==================== Find3M ====================

2009-02-18 16:11 210,488 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-14 22:23 850,944 a------- c:\windows\system32\wininet.dll
2009-02-14 22:23 850,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-14 22:23 21,504 a------- c:\windows\system32\powrprof.dll
2009-02-14 09:29 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-14 09:29 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-14 09:29 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-13 15:17 1,851,544 a------- C:\install_flash_player.exe
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-04-06 14:35 166 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2007-11-28 14:49 6,026,136 a------- c:\program files\Firefox Setup 2.0.0.10.exe
2007-11-28 13:35 54,330,664 a------- c:\program files\iTunes75Setup.exe
2007-03-04 17:32 22 a--sh--- c:\windows\sminst\HPCD.SYS
2008-10-05 07:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100520081006\index.dat

============= FINISH: 22:41:29.34 ===============

Attached Files


Edited by cmk4, 19 February 2009 - 12:10 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:14 AM

Posted 24 February 2009 - 01:11 PM

Hello Cmk4 and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users