Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Riyo Codec How do I remove?


  • This topic is locked This topic is locked
1 reply to this topic

#1 Timmie_guts

Timmie_guts

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 29 September 2007 - 04:49 PM

This my Hijac log

I've installed Riyo Codec and does anyone have a clou how to remove this?
It's very anoying.

StartupList report, 30-9-2007, 0:35:52
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[D:\Documents and Settings\Tim van Broekhuizen.Bambi\Menu Start\Programma's\Opstarten]
OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

Shell folders Common Startup:
[D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]
Adobe Acrobat Speed Launcher.lnk = ?
Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan = SOUNDMAN.EXE
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Vade Retro Outlook Express = "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Ulead AutoDetector v2 = C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
PCMService = "c:\Apps\Powercinema\PCMService.exe"
ACTIVBOARD = c:\apps\ABoard\ABoard.exe
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Acrobat Assistant 8.0 = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
(Default) =
EPSON Stylus C86 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O5 "LPT1:" /M "Stylus C86"
RegistryMechanic =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
SmpcSys = C:\APPS\SMP\SmpSys.exe
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
Philips Intelligent Agent = "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
LightScribe Control Panel = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11}
(no name) - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Herinnering voor registratie 1.job
Herinnering voor registratie 2.job
Herinnering voor registratie 3.job
Norton Security Scan.job
Symantec NetDetect.job
Uitgebreide garantie.job

--------------------------------------------------

Enumerating Download Program Files:

[Installation Helper Object]
InProcServer32 = C:\WINDOWS\DOWNLO~1\instwact.dll
CODEBASE = http://kitcentral.wa...ct/instwact.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: D:\DOCUME~1\TIMVAN~1.BAM\LOCALS~1\Temp\_iu14D2N.tmp|||L

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 9.021 bytes
Report generated in 0,078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 29 September 2007 - 08:54 PM

http://forums.whatth...ker_t83698.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users