Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

riyocodec removal, did i get it all?


  • This topic is locked This topic is locked
1 reply to this topic

#1 jimbo2

jimbo2

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 02 November 2007 - 07:08 PM

Hi after following your step by step for removing RIYOCODEC my computer seems to be running alright again. But I'll get you to have a look at my logs to make sure


REPORT.TXT from FIXWAREOUT


Username "Jyah" - 03/11/2007 11:30:45 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdmwo.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.123 85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0A579

053-86A8-48FB-9412-3A89D064A0F3}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0B6FC

43E-A259-4634-9CFC-DDF0F23D0A50}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1096E

44D-25F4-4BD3-AE79-FA1B68C1A345}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{31C16

4C6-17EF-4A56-A8F6-652F64CE5CE2}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{43AAF

DDB-564D-4BAC-A494-DDAA4A9302A8}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{47578

3EB-1715-4FC7-A66C-6ECAC054D0EB}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C8887

445-8E62-4436-A0F6-BC8C29F61F63}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D0E33

8BF-9C39-4B98-AC12-1EFA394C403E}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E1684

E3B-77E8-4458-B28C-2C7092B0EC1A}
"nameserver"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0B6FC

43E-A259-4634-9CFC-DDF0F23D0A50}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1096E

44D-25F4-4BD3-AE79-FA1B68C1A345}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{246CC

5E1-AA90-456E-8F0E-BF47E920B21A}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{31C16

4C6-17EF-4A56-A8F6-652F64CE5CE2}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{47578

3EB-1715-4FC7-A66C-6ECAC054D0EB}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C8887

445-8E62-4436-A0F6-BC8C29F61F63}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D0E33

8BF-9C39-4B98-AC12-1EFA394C403E}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E1684

E3B-77E8-4458-B28C-2C7092B0EC1A}
"DhcpNameServer"="85.255.113.123,85.255.112.186" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdmwo.ren 72252 13/06/2007

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Dit"="Dit.exe"
"CHotkey"="mHotkey.exe"
"ledpointer"="CNYHKey.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCMService"="\"C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -

osboot"
"Error Nuker"="C:\\Program Files\\Error Nuker\\bin\\ErrorNuker.exe autostart"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6172\\SiteAdv.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SP2 Connection Patcher"="\"C:\\Program Files\\SP2 Connection

Patcher\\SP2ConnPatcher.exe\" -n=200"
"CM"="\"C:\\PROGRA~1\\VCM\\cm.exe\" 212.150.243.4"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"Intra book"="C:\\DOCUME~1\\Jyah\\APPLIC~1\\PLUSDA~1\\BALL GRID.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~~~~~~









And the HIJACKTHIS report










Logfile of HijackThis v1.99.1
Scan saved at 12:09:22 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aapt.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [CM] "C:\PROGRA~1\VCM\cm.exe" 212.150.243.4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Intra book] C:\DOCUME~1\Jyah\APPLIC~1\PLUSDA~1\BALL GRID.exe
O4 - Startup: VCM.lnk = C:\Program Files\VCM\cm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A579053-86A8-48FB-9412-3A89D064A0F3}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1684E3B-77E8-4458-B28C-2C7092B0EC1A}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A579053-86A8-48FB-9412-3A89D064A0F3}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A579053-86A8-48FB-9412-3A89D064A0F3}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A579053-86A8-48FB-9412-3A89D064A0F3}: Domain = nsw.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe





Cheers

    Advertisements

Register to Remove


#2 jimbo2

jimbo2

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 05 November 2007 - 02:15 AM

bump

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users