Thanks, I don't get it how to get to the link you provided for the news
group. Here is my log by the way.
I also booted in safe mode and was able to delete files and folders that
had
to do with the trojan, like OkayHearts.exe and files synonymous with the
*.exe file that were hiding in the folder Application Data
Logfile of HijackThis v1.99.1
Scan saved at 13:16:18, on 2005-12-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Stardock\SDMCP.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\Program\Stardock\Object Desktop\IconX\IconX.exe
C:\Program\Microsoft IntelliType Pro\type32.exe
C:\Program\Alwil Software\Avast4\ashdisp.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Winamp\winampa.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\CursorXP\CursorXP.exe
C:\Program\CDSPEE~1\cdspeed.exe
C:\Program\FREEDO~1\fdm.exe
C:\Program\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program\Webshots\webshots.scr
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Raxco\PerfectDisk\PDSched.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRAM\WINZIP\winzip32.exe
C:\Documents and Settings\Nico\Lokala
inställningar\Temp\wz4025\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Länkar
O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} -
C:\Program\ICOO Loader\addons\icooue.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} -
C:\Program\ICOO Loader\addons\icoou.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\Program\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [type32] "C:\Program\Microsoft IntelliType
Pro\type32.exe"
O4 - HKLM\..\Run: [SmcService] C:\Program\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ashdisp] C:\Program\Alwil Software\Avast4\ashdisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [CD_Speed] C:\Program\CDSPEE~1\cdspeed.exe /boot
O4 - HKCU\..\Run: [Free Download Manager]
C:\Program\FREEDO~1\fdm.exe -autorun
O4 - Startup: Webshots.lnk = C:\Program\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &ieSpell Options -
res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling -
res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download all by Free Download Manager -
file://C:\Program\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager -
file://C:\Program\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager -
file://C:\Program\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager -
file://C:\Program\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -
C:\Program\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
C:\Program\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} -
C:\Program\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36D6C7040} -
C:\Program\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {410C30C7-098A-4090-928E-F1D356D34C7F} -
(no
file) (HKCU)
O9 - Extra 'Tools' menuitem: &IESnap -
{410C30C7-098A-4090-928E-F1D356D34C7F} - (no file) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software
AutoUpdate) -
http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage
Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload
ActiveX Control) -
http://82.99.38.123/SAXFile/saxfile.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) -
http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download
Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) -
http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) -
http://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) -
http://www.aebn.net/ws/DownloadCoach/dc5/files/objectCubeInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134918739242
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} -
http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements
Lab)
-
http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime
Environment
1.4.1_02) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service
Client v.3.4) -
http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments
Control) -
http://by14fd.bay14.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15014/CTPID.cab
O20 - Winlogon Notify: MCPClient - C:\Program\Delade
filer\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB -
C:\Program\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: LF Connection Keeper Service (LFCK) - Unknown owner -
C:\Program\LennartFranzén\LFConnectionKeeper\lfck.exe" --startAsService
(file
missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. -
C:\Program\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. -
C:\Program\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) -
Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools -
C:\Program\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate
Technologies,
Inc. - C:\Program\Sygate\SPF\smc.exe