Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Results of Riyo Codec cleanup


  • Please log in to reply
1 reply to this topic

#1 MorgothsBalrog

MorgothsBalrog

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 20 October 2007 - 01:14 PM

Here are the results of my fixwareout run after trying to fight the Riyo Codec. This is the second time I tried to run it; it didn't seem happy the first time. I can run a hijackthis report as well, if there's a preferred version for me to use. I'd be delighted if someone could take a look!


Username "Alex" - 10/20/2007 13:29:25 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check


System was rebooted successfully. 
 
~~~~~ Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "system"="" 
....
....
~~~~~ Misc files. 
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"EzButton"="C:\\Program Files\\EzButton\\EzButton.EXE"
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="C:\\Program Files\\Taskbar Shuffle\\taskbarshuffle.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\Wcescomm.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

    Advertisements

Register to Remove


#2 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 21 October 2007 - 02:31 PM

Howdy MorgothsBalrog,

Welcome to WTT. Bit of the cart before the horse here - let's start with some system information and then move forward from there.

If you don't already have it download and install HijackThis from here, run a scan and post back that log.

Also Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. No need to use the "Code" function when posting the logs.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users