Hi all,

We seem to have been hit by a lovely trojan WIN32.Agent.pz. We discovered this only after having installed service pack 2 :oops:(as the computer was having some problems and we thought that this may solve them) Having tried and tried to remove it using SPYBOT we followed some threads in the forum and discovered that there are some saints in this world :angel:who are combating those XXXXXX :devil: and are coming to the rescue of people like us.

We have followed the "BEFORE YOU POST" info and below are the logs of the HJT and Kaspersky.

I am not that computer literate, but can follow easy instructions so please be gentle and looking forward to hearing from a knight in shining armour!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:31, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\TEMP\winlogan.exe
C:\WINDOWS\system32\head2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCE.EXE
C:\DOCUME~1\ADRIAN~1\LOCALS~1\Temp\csrssc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\RMClient\PMClient.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: C:\WINDOWS\System32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\System32\jfiehayd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Run: [Sonic] C:\WINDOWS\RCFaxJob.exe
O4 - HKLM\..\Run: [NewSOED] C:\WINDOWS\system32\head2.exe
O4 - HKLM\..\Run: [9c3f5f10] rundll32.exe "C:\WINDOWS\System32\nspxyvuh.dll",b
O4 - HKLM\..\Run: [BM9f0c6c8c] Rundll32.exe "C:\WINDOWS\System32\xugbukpa.dll",s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [\\MARK\EPSON Stylus D120 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCE.EXE /FU "C:\DOCUME~1\ADRIAN~1\LOCALS~1\Temp\E_SC6F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\ADRIAN~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [jdgf894jrghoiiskd] C:\WINDOWS\TEMP\winlogan.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Jnskdfmf9eldfd] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - Startup: outlook.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [international] International*
O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207907501375
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mm.server
O17 - HKLM\Software\..\Telephony: DomainName = mm.server
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mm.server
O20 - AppInit_DLLs: ?????
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\System32\jfiehayd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LPTRDC server (lptrdcsrv) - Unknown owner - C:\WINDOWS\ctfmon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - http://www.nuts.co.uk/images/07723_131116_Iss2407_lucy_michelle_04.jpg
O24 - Desktop Component 1: (no name) - http://www.thewolvessite.co.uk/graphics/wallpaper/legends01.jpg

--
End of file - 7230 bytes

Infected Object Name Virus Name Last Action
C:\Documents and Settings\AdrianColeman\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F8463F92-1618-4679-B076-B9AAB899ADF3} Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\History\History.IE5\MSHist012008041520080416\index.dat Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\1676989192.exe Infected: Trojan-Downloader.Win32.Agent.lfo skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\20771896.exe Infected: Trojan-Downloader.Win32.Agent.lfo skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\Acr30BC.tmp Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\csrssc.exe Infected: Trojan-Downloader.Win32.Agent.lfo skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\IMG13.tmp Object is locked skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\NI.UWAS6_0001_N69M0903\setup.exe Infected: not-a-virus:FraudTool.Win32.WinAnti skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\WinAntiSpyware2006Setup.exe/file03 Infected: not-a-virus:FraudTool.Win32.WinAnti skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temp\WinAntiSpyware2006Setup.exe Inno: infected - 1 skipped

C:\Documents and Settings\AdrianColeman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\AdrianColeman\My Documents\My Pictures\sinstallerandtoolbar3_en-gb.exe/data0003/data0002 Infected: not-a-virus:AdWare.Win32.Comet.bl skipped

C:\Documents and Settings\AdrianColeman\My Documents\My Pictures\sinstallerandtoolbar3_en-gb.exe/data0003 Infected: not-a-virus:AdWare.Win32.Comet.bl skipped

C:\Documents and Settings\AdrianColeman\My Documents\My Pictures\sinstallerandtoolbar3_en-gb.exe NSIS: infected - 2 skipped

C:\Documents and Settings\AdrianColeman\ntuser.dat Object is locked skipped

C:\Documents and Settings\AdrianColeman\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b8747d358eeb1cc716fc24765aeb78b_802063bd-7544-4dce-80f4-41ca23994e39 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\541758ad6f4550fb343bb2d46a974da5_802063bd-7544-4dce-80f4-41ca23994e39 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6221518d63a59f2782520fff05633993_802063bd-7544-4dce-80f4-41ca23994e39 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b83b0312ba06f63ef712f0215096b76_802063bd-7544-4dce-80f4-41ca23994e39 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6da7631b9071b047ab019e34a6b27a78_802063bd-7544-4dce-80f4-41ca23994e39 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd70f19454cb3f7fe67a3e9ba760a90c_802063bd-7544-4dce-80f4-41ca23994e39 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04142008-123932.log Object is locked skipped

C:\Documents and Settings\JoeJones\ntuser.dat Object is locked skipped

C:\Documents and Settings\JoeJones\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\User\ntuser.dat Object is locked skipped

C:\Documents and Settings\User\NTUSER.DAT.LOG Object is locked skipped

C:\Email Archive\30 June & older\Old Emails.pst/Archive Folders/26 Sep 2007 06:40 from Elnora Kane:Hot game/image.zip/image.exe Infected: Trojan-Downloader.Win32.Banload.drs skipped

C:\Email Archive\30 June & older\Old Emails.pst/Archive Folders/26 Sep 2007 06:40 from Elnora Kane:Hot game/image.zip Infected: Trojan-Downloader.Win32.Banload.drs skipped

C:\Email Archive\30 June & older\Old Emails.pst Mail MS Mail: infected - 2 skipped

C:\mjdqc.exe Infected: Trojan-Spy.Win32.Zbot.axu skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP712\A0060933.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP713\A0060947.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP713\A0060969.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP714\A0061025.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP714\A0061027.dll Infected: Trojan.Win32.KillAV.rf skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP714\A0061029.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP714\A0061031.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP715\A0061040.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP718\A0061080.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP718\A0063668.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP718\A0063715.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP719\A0067124.dll Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP719\A0067499.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP723\A0067733.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP723\A0068675.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP723\A0069677.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP723\A0069689.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP723\A0069690.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mju skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP726\A0069741.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mcg skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP726\A0070734.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\System Volume Information\_restore{79B53CE0-E73F-4E92-9300-B2D0420A16CB}\RP727\change.log Object is locked skipped

C:\whcbdc.exe Infected: Trojan-Clicker.Win32.Costrat.fl skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shdocvw.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\urlmon.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\ctfmon.exe Infected: Packed.Win32.Monder.gen skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\UWAS6_0001_N69M0903NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.n skipped

C:\WINDOWS\RCFaxJob.exe Infected: Trojan.Win32.Agent.dqx skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\bio2.exe Infected: Trojan.Win32.Agent.dqx skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\csrssw.dll Infected: Trojan-Spy.Win32.Agent.bcq skipped

C:\WINDOWS\system32\fatrbyqr.dll Infected: Trojan.Win32.KillAV.rf skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\head2.exe Infected: Trojan.Win32.Agent.bea skipped

C:\WINDOWS\system32\ielijydq.dll Infected: Trojan.Win32.KillAV.rf skipped

C:\WINDOWS\system32\jfiehayd.dll Infected: Trojan-Downloader.Win32.Agent.lxt skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\csrssc.exe Infected: Trojan-Downloader.Win32.Agent.lfo skipped

C:\WINDOWS\Temp\winlogan.exe Infected: Trojan-Downloader.Win32.Agent.lxt skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\zeqbqwp.sys Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Hoping that some when gets back to us before I throw either a) the computer, b) myself out of the window!!!! :)

Hi FLOWERMAGNET

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)

When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.