PDA

View Full Version : Results I was told to post


Mitesh007
2006-08-26, 15:30
I had the IntCodec thing on my computer and followed the instructions to remove it and it then says the following so that is what I am doing:
Copy/paste into your own new topic.

* c:\rapport.txt
* Ewido log
* The HJT log


How to copy and paste

You may need to post several replies to your topic so that the logs are intact and not cut off.

Credit to: LonnyRJones and CalamityJane for their assistance in revising this topic.

Thank you S!Ri Developer and frequent updater of SmitfraudFix

SmitFraudFix v2.81

Scan done at 13:30:53.92, 26/08/2006
Run from C:\Documents and Settings\Mitesh\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\viruxz.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\IntCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:57:18 26/08/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.35:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.39:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.139:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.140:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.141:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.62:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.40:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.147:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.110:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.111:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.112:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.114:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.174:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.175:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.176:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.177:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.16:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.17:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.188:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.136:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.137:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.84:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.90:C:\Documents and Settings\Mitesh\Application Data\Mozilla\Firefox\Profiles\z6j3q01q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 14:21:13, on 26/08/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
pskelley
2006-08-27, 12:56
Welcome to the forum, Since you completed the steps I am going to help you complete the cleanup, but you have to know you are running your computer with no service pack and no critical updates. I don't usually work on those as it is a waste of both of our times, if you take the computer online it is going to get infected again, it is just a matter of when. See this information:
http://forums.spybot.info/showthread.php?t=425

You Java program is out of date, see this information: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< out of date

The removal by HJT is stuff not removed by the fix and your option as is the cleaning tool.

Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

tashi:) will close the topic in a few days.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldie
Mitesh007
2006-08-28, 22:43
Ok thanks ermm I'll do that lot then and I am suprised by the thorough reply I was expecting people to moan at me for putting such a a post up!
tashi
2006-09-02, 21:33
:laugh:

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.


Cheers