I feel so dirty with these infections

tRevHead62

Hello, thanks for this great forum.
Let me tell you a bit of a story...
After getting extremely annoyed at the amount of spyware, malware etc on my pc I decided to do a format and fresh install of XP Pro.
Step by step, I was carefull to prevent a re-occurance.
Here's what I did:
Installed XP Pro with SP1 built in.
Installed the following softawre in order:
BlackIce Firewalll - updated version.
NAV2003 - updated and scanned.
SpywareGuard - updated.
SpywareBlaster - updated.
XoftSpy - updated and scanned.
Installed all Critical Updates from M/Soft.
Installed my office software.
Installed updated microsoft messenger.
Installed Mozilla firefox browser and Thunderbird Email.
Surfed for two weeks - keeping the software updated.
Scanned with XoftSpy - found COOLWEBSEARCH - Again! I can't believe it!

Found this forum.
Uninstalled XoftSpy
Followed the advice and installed Ad-Aware and SpybotSD. Updated and ran the scans. Ad-aware and SbotSD finds cookies and malicious registry entries. I delete them after backing up.

Ran HJT. Here's the log:

Logfile of HijackThis v1.98.0
Scan saved at 3:24:52 PM, on 22/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareBlaster (2).lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE


Please help me to get rid of any spyware/malware on my pc - in particular, COOLWEBSEARCH. I hate it with a passion! Also, what else can I do to prevent future infections besides what I am already doing?


ps. I'm a shiftworker on nightshift. - will log in during the night tonight or tomorrow if I'm too busy. I'm in Melbourne Australia.
Thanks in advance...
tRev.

gibbonsl

http://www.short-media.com/download.php?dc=69

try running the program omagakiller

primesuspect

I really don't think you have CWS. Your log looks fine. I've never heard of XoftSpy. The only spyware removal tools I trust are Spybot Search and Destroy 1.3 and Lavasoft AdAware. Follow the instructions in this post and then post a new log.

tRevHead62

Thanks for the replies guys. I've just dl'd the omegakiller. I will install it after a sleep.
See xoftspy here > http://www.xoftspy.com/
tRev.

tRevHead62

BTW, I've already followed those instructions. Maybe after I ran both the programs as instructed I am now rid of infection!! I'll still run the omegakiller and see what it finds.
I'll post the results.
Thanks heaps.
tRev.

Dexter

There's nothing in your log that indicates an Omegasearch style infection, but it never hurts to run extra apps like that, or CWShredder.

Dexter...

tRevHead62

Well, I ran both CWShredder and Omegakiller and my system was reported to be clean! Yipee! I feel so clean and fresh now. hmmmm. I think I need to get out more after all this.
Thanks for all your help.

primesuspect

Check out our folding team... the best way to say thanks

Australia is fairly well represented on our site. You definitely need to stick around, you'll fit in very well here