I use Firefox...

**ChaoticBeautyMusic** · 2006-07-31, 16:33

Does all of this relate to me in the same way?I have gotten a doozy of a virus.Zone Labs at first was saying it was untreatable,but now says its treating it,though not getting rid of it.Its jumping around all over and changing its little face..Ive done everythig in this forum...downloaded a trillion things to fix it...things get tacken out but dont leave.

**tashi** · 2006-07-31, 16:50

Hello, please see our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps

Run the scans first.

Copy paste the HJT log here into this thread along with the results of the on-line anti-virus scan, and a helper will advise you as soon as available to do so.

**ChaoticBeautyMusic** · 2006-07-31, 18:10

It didnt find and get rid of Win32.SillyDl.AGC that Zone Alarm says I have.I have deleted temp int files etc.under this is my Clean up report and under that my Hijack this report.

--- Report generated: 2006-07-31 10:25 ---

Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

AstaKiller: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MezziaCodec.Chl

AstaKiller: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}

**ChaoticBeautyMusic** · 2006-07-31, 18:11

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

Clean Up report
CleanUp! started on 07/31/06 12:05:11.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\O3ZNMS1R\srvyox[1].exe - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\adsEnd[1].js - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\Com_Mess;MN=93189867;wm=o;rm=1;af2=1;ua=32;ug=2;!c=d-dxp;sz=120x90;tile=1;dcove=d;ord=87810962[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\Com_Mess;MN=93189867;wm=o;rm=1;af2=1;ua=32;ug=2;!c=d-dxp;sz=120x90;tile=1;dcove=d;ord=87881228[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\AIM_text[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\1960[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\O8ZSZNGL\adsWrapper[1].js - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\O8ZSZNGL\Com_Mess;MN=93189867;wm=o;rm=1;af2=1;ua=32;ug=2;!c=d-dxp;sz=120x90;tile=1;dcove=d;ord=87569056[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\O8ZSZNGL\ctrt=4[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\O8ZSZNGL\ctrt=4[2] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\O8ZSZNGL\pixel[1].gif - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\ctrt=4[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\AIM_UAC[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\Com_Mess;MN=93189867;wm=o;rm=1;af2=1;ua=32;ug=2;!c=d-dxp;sz=120x90;tile=1;dcove=d;ord=87848618[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\Com_Mess;MN=93189867;wm=o;rm=1;af2=1;ua=32;ug=2;!c=d-dxp;sz=120x90;tile=1;dcove=d;ord=87914165[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\AIM_text[1].htm - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\K95326S4\adsWrapperAIM[1].js - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\K95326S4\optn=1[1].gif - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\K95326S4\ctrt=4[1] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\K95326S4\ctrt=4[2] - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\K95326S4\pixel[1].gif - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\AntiPhishing\07FB382D-AA75-4683-82F4-EAB265A275CB.dat - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\AntiPhishing\ - deleted
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\AIM_text[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\AIM_UAC[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\AIM_text[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\AIM_UAC[1].htm currently in use. Will be deleted when Windows is restarted.
http://mir.atdmt.com/images/pixel.gif - deleted
http://spe.atdmt.com/images/pixel.gif - deleted
http://servedby.advertising.com/ctst...B%7Esscs%3D%3f - deleted
http://servedby.advertising.com/ctst...B%7Esscs%3D%3f - deleted
http://ar.atwola.com/file/adsWrapper.js - deleted
http://twx.doubleclick.net/adj/TW.AI...;ord=87810962? - deleted
http://servedby.advertising.com/ctst...B%7Esscs%3D%3f - deleted
http://twx.doubleclick.net/adj/TW.AI...;ord=87569056? - deleted
http://ar.atwola.com/file/adsEnd.js - deleted
http://www.aim.com/redirects/inclien...mberlyChaotic1 - deleted
res://C:\Program Files\AIM\WNDUTILS.dll/1960 - deleted
http://twx.doubleclick.net/adj/TW.AI...;ord=87848618? - deleted
http://cdn.aim.com/redirects/inclient/AIM_text.adp - deleted
http://ar.atwola.com/file/adsWrapperAIM.js - deleted
http://twx.doubleclick.net/adj/TW.AI...;ord=87914165? - deleted
http://servedby.advertising.com/ctst...B%7Esscs%3D%3f - deleted
http://twx.doubleclick.net/adj/TW.AI...;ord=87881228? - deleted
http://servedby.advertising.com/site.../bins=1/optn=1 - deleted
http://servedby.advertising.com/ctst...B%7Esscs%3D%3f - deleted
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Jason Piona@http://cdn.aim.com/redirects/i...t/AIM_text.adp - deleted
Visited: Jason Piona@file:///C:/Documents%20and%20S...s/Resident.log - deleted
Visited: Jason Piona@res://C:\Program%20Files\AIM\WNDUTILS.dll/1960 - deleted
Visited: Jason Piona@res://C:\Program Files\AIM\WNDUTILS.dll/1960 - deleted
Visited: Jason Piona@file:///C:/Documents%20and%20S...60731-1024.txt - deleted
Visited: Jason Piona@mk:@MSITStore:C:\Program%20Fil.../scanning.html - deleted
Visited: Jason Piona@file:///C:/Documents%20and%20S...0downloads.log - deleted
Visited: Jason Piona@file:///C:/Documents%20and%20S...60731-1025.txt - deleted
Visited: Jason Piona@file:///C:/Documents%20and%20S...60731-1111.txt - deleted
C:\Documents and Settings\Jason Piona\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Cookies\jason_piona@atwola[1].txt - deleted
Cookie:jason piona@atwola.com/ - deleted
C:\Documents and Settings\Jason Piona\Application Data\Mozilla\Firefox\Profiles\k3nccvhv.default\history.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Application Data\Mozilla\Firefox\Profiles\k3nccvhv.default\cookies.txt.old - deleted
C:\Documents and Settings\Jason Piona\Recent\Checks.060731-1111.txt.lnk - deleted
C:\Documents and Settings\Jason Piona\Recent\Logs.lnk - deleted
C:\Documents and Settings\Jason Piona\Recent\Resident.log.lnk - deleted
C:\Documents and Settings\Jason Piona\Recent\Fixes.060731-1025.txt.lnk - deleted
C:\Documents and Settings\Jason Piona\Recent\Update downloads.log.lnk - deleted
C:\Documents and Settings\Jason Piona\Recent\Checks.060731-1024.txt.lnk - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\jusched.log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\~DFF5CE.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\~DF6DC9.tmp - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OPMLog.log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\ZLT05aa0.TMP currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\ZLT05ae2.TMP currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\AIME.tmp.arf - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\AIMF.tmp.arf - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\FFToolbar_Cache\ff.ico - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\FFToolbar_Cache\f027cb4b07049bf0cc21c6192b777250 - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\FFToolbar_Cache\a6f18b09fcb76d45da084e63d2f6626d - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\FFToolbar_Cache\ - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OHotfix\OHotfix(00001).log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OHotfix\OHotfix(00001)_Msi.log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OHotfix\OHotfix(00002).log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OHotfix\OHotfix(00002)_Msi.log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OHotfix\OHotfix(00003).log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OHotfix\OHotfix(00003)_Msi.log - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\OHotfix\ - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\VBE\ - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\WER8937.dir00\iexplore.exe.mdmp - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\WER8937.dir00\iexplore.exe.hdmp - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\WER8937.dir00\ - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\WERbb46.dir00\iexplore.exe.mdmp - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\WERbb46.dir00\iexplore.exe.hdmp - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\WERbb46.dir00\ - deleted
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\~DFF5CE.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\ZLT05aa0.TMP currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\ZLT05ae2.TMP currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\temp\WGAErrLog.txt - deleted
C:\WINDOWS\temp\win402.tmp - deleted
C:\WINDOWS\temp\WGANotify.settings - deleted
C:\WINDOWS\temp\ZLT0033c.TMP - deleted
C:\WINDOWS\temp\ZLT0036a.TMP - deleted
C:\WINDOWS\temp\win40E.tmp - deleted
C:\WINDOWS\temp\d.bat - deleted
C:\WINDOWS\temp\win420.tmp.exe - deleted
C:\WINDOWS\temp\mpasbase.vdm - deleted
C:\WINDOWS\temp\mpasdlta.vdm - deleted
C:\WINDOWS\temp\MpEngine.dll - deleted
C:\WINDOWS\temp\MpSigStub.log - deleted
C:\WINDOWS\temp\win432.tmp - deleted
C:\WINDOWS\temp\win437.tmp - deleted
C:\WINDOWS\temp\win438.tmp - deleted
C:\WINDOWS\temp\TMP00000001FA7DFAE581AEA6C6 - deleted
C:\Documents and Settings\Jason Piona\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\locals~1\tempor~1\Content.IE5\QUX5Y1YK\AIM_text[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\locals~1\tempor~1\Content.IE5\Y5A635Q2\AIM_UAC[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temp\~DFF5CE.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temp\ZLT05aa0.TMP currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temp\ZLT05ae2.TMP currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\QUX5Y1YK\AIM_text[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\Y5A635Q2\AIM_UAC[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\Internet Logs\xDB40C.tmp - deleted
C:\WINDOWS\Internet Logs\xDB40D.tmp - deleted
C:\WINDOWS\Internet Logs\xDBC.tmp - deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf9.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfA.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.chk - deleted
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temp\~DFF5CE.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temp\~DFF5CE.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temp\ZLT05aa0.TMP currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temp\ZLT05ae2.TMP currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat - deleted
C:\Documents and Settings\Jason Piona\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Jason Piona\Application Data\Mozilla\Firefox\Profiles\k3nccvhv.default\bookmarks.bak - deleted
C:\Documents and Settings\Jason Piona\Application Data\Mozilla\Firefox\Profiles\k3nccvhv.default\bookmarks.html.sbsd.bak - deleted
C:\Documents and Settings\Jason Piona\Application Data\Mozilla\Firefox\Profiles\k3nccvhv.default\forecastfox\profiles.bak - deleted
C:\Documents and Settings\Jason Piona\Application Data\Aim\oalxknko\kimberlychaotic1\urlcache\aimD.tmp - deleted
C:\Documents and Settings\Jason Piona\UserData\index.dat - deleted
C:\Program Files\Spybot - Search & Destroy\advcheck.dll.bak - deleted
'Run MRU' list - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 27.7 MB of disk space from 104 files.
CleanUp! finished on 07/31/06 12:06:13.

Hijack this in next reply

**ChaoticBeautyMusic** · 2006-07-31, 18:11

Hijack this report
Logfile of HijackThis v1.99.1
Scan saved at 12:07:58 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\AOL\1145977308\ee\AOLSoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Jason Piona\My Documents\Highjack\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145977308\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://secure.comodo.net/cab/xenroll.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141450809951
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

**ChaoticBeautyMusic** · 2006-07-31, 18:13

In all of these Win32.SillyDl.AGC is never gotten rid of..I went in in safe mode ,Ive tried manually...grrr

**LonnyRJones** · 2006-08-05, 10:05

Hi
rightclick on this file > properties and tell us the information you see there
C:\WINDOWS\system32\SearchIndexer.exe

scan and fix this item with Hijackthis
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)

I see prevx, Windows Defender, SpyBot, Zone Labs but no antivirus software, why is that ?

**tashi** · 2006-08-11, 06:34

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a pm and provide a link to the thread.

Applies only to the original topic starter.

Thread: I use Firefox...

Thread Tools

Display

I use Firefox...

My Spybot report

Clean up report

Hijack this report

Notice how

Posting Permissions