Win32:Dialer-gen13 and Win32:Klone-N problems

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Thursday 23.1.2025 / 00:00

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:dialer-gen13 and win32:klone-n problems

Browse by topic

Forums

Start a new thread

Win32:Dialer-gen13 and Win32:Klone-N problems

Jump to:

Posted

Message

Gothica

Newbie

12. October 2006 @ 02:10

Link to this message

I have been getting these popping up through Avast! a full system scan finds nothing, yet they keep popping up. They are trying to download through http://d.mettere.com

Here is my HjT log

Logfile of HijackThis v1.99.1
Scan saved at 12:16, on 06-10-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\HJT\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ixukajn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixukajn.dll,zjcqpbe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\server2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC3DBDA8-91CB-4899-8B17-26076A0721D4}: NameServer = 212.135.1.38 195.40.1.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Any help would be greatly appreciated :D

[ + quote]

This message has been edited since posting. Last time this message was edited on 12. October 2006 @ 05:49

Niobis

Senior Member

12. October 2006 @ 20:31

Link to this message

Hello Gothica, welcome to Afterdawn.

Go here to download the trial version of AVG Anti-spyware.
Install and update.
Do not run a scan yet, will later in safe mode.

Go here and download KillBox.
Do not run KillBox yet, will later in safe mode.

Open HijackThis.
Run a scan only and check these(if there):

O4 - HKLM\..\Run: [ixukajn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixukajn.dll,zjcqpbe
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\server2.exe

Close all windows except HijackThis then click "Fix checked".

Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines below one at a time. Then click the red button with a white X after you enter each file.
You will be prompted to confirm, click Yes.

C:\WINDOWS\system32\ixukajn.dll
C:\WINDOWS\server2.exe

Close KillBox.
Open AVG AS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.
Restart in normal mode.

Post back with the AVG report and a new HijackThis log.

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

Gothica

Newbie

13. October 2006 @ 07:34

Link to this message

I ran both AVG and Killbox

here is the AVG logfile

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:24 06-10-13

+ Scan result:

HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iifcyab.dll -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP297\A0044015.exe -> Hijacker.VB.ph : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ategwwqv.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\byybafan.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\evmueduq.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kkjaotkj.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\Program Files\Cheat Engine\dbk32.sys -> Rootkit.Small : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.209:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.210:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.211:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.160:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.161:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.221:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.116:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.117:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.118:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.119:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.120:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.188:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.189:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.190:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.20:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.21:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.15:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.218:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.138:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.142:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.143:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.144:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.145:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.201:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.202:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.213:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.84:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.228:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.229:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.230:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.231:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.164:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.165:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.166:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.167:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.168:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.279:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.154:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.65:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.66:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.64:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.243:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.178:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.180:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.273:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.274:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.275:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.276:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.45:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.46:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.48:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.49:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.52:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.53:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.54:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.56:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.57:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.58:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.346:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.352:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.353:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.354:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.355:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.356:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.323:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.261:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.262:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.169:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.170:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Chris\Cookies\chris@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.320:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.322:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.85:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.86:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.87:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.88:C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ke0q4x2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP296\A0043997.exe -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP296\A0043998.exe -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP338\A0045102.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4B736C32-C6B2-4A7B-BFFA-2EFC7D537976}\RP337\A0045090.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\Program Files\Bit Lord 1.1\Downloads\RPG Maker XP.rar/SetupMenu.EXE/fun.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\Program Files\Bit Lord 1.1\Downloads\SetupMenu.EXE/fun.exe -> Trojan.Pakes : Cleaned with backup (quarantined).

::Report end

Here is the new HjT report

Logfile of HijackThis v1.99.1
Scan saved at 16:31, on 06-10-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC3DBDA8-91CB-4899-8B17-26076A0721D4}: NameServer = 212.135.1.38 195.40.1.38
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[ + quote]

Niobis

Senior Member

13. October 2006 @ 16:02

Link to this message

Go here and run Kaspersky Online Scanner.
Accept the terms.
After downloading, click "My Computer" to scan.
After scanning, click "Save report as".

Rename HijackThis to any name of your choice.
Rescan and post the new log along with the Kaspersky log.

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:dialer-gen13 and win32:klone-n problems


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.