Tech Support Forum - View Single Post

Oller · 08-26-2005, 05:26 PM

Now it worked with the "regfix.reg" installation. Please find below the results of smitfiles and Ewido.

smitRem log file
version 2.3

by noahdfear

The current date is: 2005-08-26
The current time is: 23:57:20,40

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Wininet.dll ~~~

CLEAN! :)

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:49:30, 2005-08-27
+ Report-Checksum: 5DBA1FD9

+ Scan result:

HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8236B10D-9307-EADD-079C-2AA0DFC7F33E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7470F262-EE76-4C96-C6B1-C89A02CDC7FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8236B10D-9307-EADD-079C-2AA0DFC7F33E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EB1A1C8-8CC8-6825-33BD-4EE8A5DC0D9E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3DD5740-8C65-5FF3-1225-F170898543B8} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050810154558.zip/WINDOWS/system32/winyw32.exe -> Trojan.Agent.bi : Error during cleaning
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050814232407.zip/WINDOWS/system32/winlo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050823204317.zip/WINDOWS/syslr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050825183641.zip/WINDOWS/system32/ipst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050825183641.zip/WINDOWS/system32/msph32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32:jhaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup

::Report End

If it is of any use for you I get one hit with Pestpatrol that says the computer is infected with CWS.HomeSearch (but Pestpatrol cannot remove it)in Key: hkey_local_machine\system\currentcontrolset\enum\root\legacy_11f*00df*00e4*0006#*00b7*00ba*00c4*00d6`i

Thanks for your invaluable help! // Oller

08-26-2005, 05:26 PM	#7 (permalink)
Oller Registered User Join Date: Aug 2005 Posts: 8 OS: XP	Logs as requested Now it worked with the "regfix.reg" installation. Please find below the results of smitfiles and Ewido. smitRem log file version 2.3 by noahdfear The current date is: 2005-08-26 The current time is: 23:57:20,40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 00:49:30, 2005-08-27 + Report-Checksum: 5DBA1FD9 + Scan result: HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8236B10D-9307-EADD-079C-2AA0DFC7F33E} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7470F262-EE76-4C96-C6B1-C89A02CDC7FF} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8236B10D-9307-EADD-079C-2AA0DFC7F33E} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EB1A1C8-8CC8-6825-33BD-4EE8A5DC0D9E} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3DD5740-8C65-5FF3-1225-F170898543B8} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-3498072062-1930564202-3063918916-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050810154558.zip/WINDOWS/system32/winyw32.exe -> Trojan.Agent.bi : Error during cleaning C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050814232407.zip/WINDOWS/system32/winlo.exe -> Trojan.Agent.bi : Cleaned with backup C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050823204317.zip/WINDOWS/syslr.exe -> Trojan.Agent.bi : Cleaned with backup C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050825183641.zip/WINDOWS/system32/ipst32.exe -> Trojan.Agent.bi : Cleaned with backup C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050825183641.zip/WINDOWS/system32/msph32.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\SYSTEM32:jhaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup ::Report End If it is of any use for you I get one hit with Pestpatrol that says the computer is infected with CWS.HomeSearch (but Pestpatrol cannot remove it)in Key: hkey_local_machine\system\currentcontrolset\enum\root\legacy_11f00df00e40006#00b700ba00c4*00d6`i Thanks for your invaluable help! // Oller