Win32.Agent.pz

squidol · 12-27-2007, 04:46 PM

Recent Scans : Spybot search & destroy (scanned twice)
NOD32 Full Scan
Ad Ware SE Pro

Scan Results : Win32.Agent.pz
And other unknown

Case : Game Guard by nProtect detects an unwanted program so my
game does not start

Deckard's System Scanner v20071014.68
Run by new on 2007-12-28 07:29:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as new.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:28 AM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\new\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\new.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe SSCVIHOST.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [bload] C:\WINDOWS\system32\bload.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6EADB0C-9121-4E50-AC5F-514D444E56E1}: NameServer = 209.58.80.5 209.58.80.7
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4716 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 aslm75 - c:\windows\system32\drivers\aslm75.sys

S0 FILELOCK - c:\windows\system32\drivers\flockxp.sys
S2 ASInsHelp - c:\windows\system32\drivers\asinshelp32.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 npkcrypt - c:\gravity\ragnarokonline\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 XDva025 - c:\windows\system32\xdva025.sys (file missing)
S3 XDva031 - c:\windows\system32\xdva031.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-12-27 21:17:00 236 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2007-12-27 09:00:00 354 --a------ C:\WINDOWS\Tasks\At2.job
2007-12-27 09:00:00 354 --a------ C:\WINDOWS\Tasks\At1.job
2007-12-21 17:15:00 386 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2007-11-28 and 2007-12-28 -----------------------------

2007-12-27 19:28:13 0 d-------- C:\Program Files\Trend Micro
2007-12-27 17:27:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 15:54:54 0 d-------- C:\Program Files\Batch Image Resizer
2007-12-27 10:25:06 0 d-------- C:\Program Files\AdultPDF
2007-12-26 13:08:51 0 d-------- C:\Program Files\Webzen
2007-12-17 22:10:33 0 d-------- C:\jc
2007-12-09 18:29:49 0 d-------- C:\Program Files\Lavasoft
2007-12-09 18:29:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-09 18:23:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-09 15:08:25 0 d-------- C:\Documents and Settings\new\Shared
2007-12-09 15:08:22 0 d-------- C:\Documents and Settings\new\Incomplete
2007-12-09 15:07:41 0 d-------- C:\Documents and Settings\new\Application Data\LimeWire
2007-12-09 15

35 0 d-------- C:\Program Files\LimeWire
2007-12-08 16:10:09 0 d-------- C:\logs
2007-12-08 11:36:00 0 d-------- C:\Program Files\ASCII Art Generator
2007-12-08 11:35:07 0 d-------- C:\Program Files\XP Repair Pro 2007
2007-12-05 13:37:30 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-12-04 21:33:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-04 21:25:45 0 d-------- C:\Program Files\Alwil Software
2007-12-04 15:38:31 12288 --a------ C:\Documents and Settings\new\~tmp1174.exe
2007-12-04 15:37:22 65149 --a------ C:\Documents and Settings\new\nax.exe
2007-11-30 03:42:27 54272 --a------ C:\WINDOWS\cpu.exe

-- Find3M Report ---------------------------------------------------------------

2007-12-28 07:04:16 0 d-------- C:\Program Files\RF Online
2007-12-27 14:56:13 0 d-------- C:\Program Files\Warcraft III
2007-12-27 11:13:19 8 --a------ C:\WINDOWS\system32\TLFL6.dat
2007-12-27 07:39:57 0 d-------- C:\Program Files\Messenger
2007-12-26 13:08:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-13 18:46:13 0 d-------- C:\Documents and Settings\new\Application Data\Adobe
2007-12-09 18:23:48 0 d-------- C:\Program Files\Common Files
2007-12-09 14:31:35 0 d-------- C:\Program Files\WinX DVD Player 3.0
2007-12-08 07:36:03 0 d-------- C:\Program Files\LineageII
2007-11-26 21:34:17 0 d-------- C:\Program Files\AMPED
2007-11-21 05:45:22 94202 --a------ C:\WINDOWS\War3Unin.dat
2007-11-17 08:17:07 32 --a------ C:\WINDOWS\go
2007-11-12 19:09:54 0 d-------- C:\Program Files\Ocean Technology
2007-11-12 19:09:47 0 d-------- C:\Documents and Settings\new\Application Data\InstallShield
2007-11-10 23:46:04 0 d-------- C:\Documents and Settings\new\Application Data\TuneUp Software
2007-11-07 12:33:52 0 d-------- C:\Program Files\WPM
2007-11-02 09:07:42 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-11-02 09:07:42 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-10-31 16:42:55 0 d-------- C:\Documents and Settings\new\Application Data\Real
2007-10-31 16:42:55 0 d-------- C:\Documents and Settings\new\Application Data\Media Player Classic
2007-10-31 16:42:54 0 d-------- C:\Documents and Settings\new\Application Data\DivX
2007-10-21 12:50:08 1 --a------ C:\WINDOWS\system32\msql32sys.dll
2007-10-17 18:01:50 61440 --ahs---- C:\WINDOWS\sysconf.dll
2007-10-14 09:12:29 2 --a------ C:\WINDOWS\system32\wnscpsv32.exe
2007-10-14 01:03:50 38 --ahs---- C:\WINDOWS\system32\srsc.dat
2007-10-13 22:05:39 139264 --a------ C:\WINDOWS\syshook.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 06:48 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/28/2004 06:21 AM C:\WINDOWS\system32\HdAShCut.exe]
"EPSON Stylus C67 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.exe" [01/25/2005 12:00 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/13/2007 08:34 AM]
"nwiz"="nwiz.exe" [07/13/2007 08:34 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/13/2007 08:34 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [12/05/2007 01:36 PM]
"bload"="C:\WINDOWS\system32\bload.exe" [08/04/2004 06:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/06/2007 07:51 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 04:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\new\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [12/4/2007 5:35:53 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"PolicyRun"=C:\WINDOWS\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NofolderOptions"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,"
"Shell"="Explorer.exe SSCVIHOST.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20d67b50-b123-11dc-9031-0015f253bddf}]
Autoplay\Command- smss.exe
AutoRun\command- smss.exe
Explore\Command- smss.exe
Open\Command- smss.exe

-- End of Deckard's System Scanner: finished at 2007-12-28 07:34:11 ------------

squidol · 12-29-2007, 10:36 PM

bump..

squidol · 01-02-2008, 06:45 AM

bump.

**TheBruce1** · 01-02-2008, 07:02 AM

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

============================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean that you are clean.

===========================

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

===========================

P2P

P2P - I see you have P2P software LimeWire 4.14.12 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

==============================

Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop

Do not run just yet,we will shortly

===============================

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum

================================

Go to

→ Run → paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

==========================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========================
Logs Required
Report.txt(from SDFix)
C:\Combofix.txt
Hijackthis log

squidol · 01-03-2008, 04:55 PM

topic solved. Thread locked

**TheBruce1** · 01-04-2008, 07:13 AM

Ok, thanks for letting us know.

12-29-2007, 10:36 PM	#2 (permalink)
squidol Registered User Join Date: Dec 2007 Posts: 4 OS: XP SP2	Re: Win32.Agent.pz bump..

01-02-2008, 06:45 AM	#3 (permalink)
squidol Registered User Join Date: Dec 2007 Posts: 4 OS: XP SP2	Re: Win32.Agent.pz bump.

01-02-2008, 07:02 AM	#4 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 3,247 OS: XP	Re: Win32.Agent.pz Hello and welcome to TSF Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. ============================ Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean that you are clean. =========================== Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. =========================== P2P P2P - I see you have P2P software LimeWire 4.14.12 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. ============================== Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe * IMPORTANT !!! Place combofix.exe on your Desktop Do not run just yet,we will shortly =============================== Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum ================================ Go to → Run → paste in the single line command & click OK "%userprofile%\desktop\combofix.exe" /killall When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ========================== Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ========================== Logs Required Report.txt(from SDFix) C:\Combofix.txt Hijackthis log __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating

01-03-2008, 04:55 PM	#5 (permalink)
squidol Registered User Join Date: Dec 2007 Posts: 4 OS: XP SP2	Re: Win32.Agent.pz topic solved. Thread locked

01-04-2008, 07:13 AM	#6 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 3,247 OS: XP	Re: [SOLVED] Win32.Agent.pz Ok, thanks for letting us know. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information. Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit. If we have helped you in anyway,please consider Donating