Got a nasty little one here, tried to get rid of it myself, but to no avail, I've had this disable my task manager (now back working), change my desktop picture to a picture that was advertising a spyware programme, Eset keeps popping up with the following:
HTTP filter file <hxxp://212.117.174.14/lmn_setup.exe> a variant of Win32/Rootkit.Agent.NIZ trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access
31/05/2009 22:17:13 Startup scanner operating memory Operating memory Win32/Rootkit.Agent.ODG trojan unable to clean
31/05/2009 22:17:18 Startup scanner file \\?\globalroot\systemroot\system32\gxvxcnsieobnevxepfbdvbfdxnpaskpxvhosb.dll a variant of Win32/Kryptik.PF trojan cleaned by deleting (after the next restart) - quarantined
No idea why it keeps selecting the date as 31/05/2009, my clock is set right.
Any help is much appreciated.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Phil at 23:48:14.98 on 19/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.479.75 [GMT 1:00]
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Phil\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mWinlogon: Taskman=c:\recycler\s-1-5-21-7124721480-8244315837-552910097-8019\rundll32.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DiskChk help] rundll32.exe "c:\documents and settings\all users\proto.dll" run
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\phil\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\phil\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\phil\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\phil\applic~1\mozilla\firefox\profiles\sdc5oxav.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.evertonfc.com/home/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p=
FF - component: c:\documents and settings\phil\application data\mozilla\firefox\profiles\sdc5oxav.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
============= SERVICES / DRIVERS ===============
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\b1.tmp --> c:\windows\system32\B1.tmp [?]
=============== Created Last 30 ================
2009-05-19 22:40 24,576 a------- c:\windows\system32\lmn_setup.exe
2009-05-19 21:54 5,760 -------- c:\windows\system32\53.tmp
2009-05-19 21:44 <DIR> --d----- c:\program files\Sophos
2009-05-19 20:47 1,400 a------- c:\windows\system32\ahtn.htm
2009-05-19 20:47 4,785 a------- c:\windows\system32\warning.gif
2009-05-19 20:47 103,156 a------- c:\windows\system32\ntdll64.exe
2009-05-19 20:47 1 a------- c:\windows\system32\uniq.tll
2009-05-19 20:47 19,968 a------- c:\windows\system32\loader49.exe
2009-05-18 22:26 <DIR> --d----- C:\VundoFix Backups
2009-05-18 22:15 293 a------- c:\windows\wininit.ini
2009-05-18 21:40 <DIR> --d----- c:\windows\system32\xircom
2009-05-18 21:35 <DIR> a-dshr-- C:\cmdcons
2009-05-18 21:33 161,792 a------- c:\windows\SWREG.exe
2009-05-18 21:33 98,816 a------- c:\windows\sed.exe
2009-05-18 21:20 <DIR> --d----- c:\program files\Trend Micro
2009-05-18 21:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-18 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-18 20:25 <DIR> --d----- C:\EasyBoot
2009-05-18 19:59 <DIR> --d----- C:\XPSETUP
2009-05-18 19:56 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-05-18 19:56 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-05-18 19:55 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-05-18 19:55 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-05-18 19:55 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-05-18 19:55 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-05-18 19:55 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-05-18 19:55 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-05-18 19:55 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-05-18 19:55 38,912 -------- c:\windows\system32\picn20.dll
2009-05-16 21:41 <DIR> --dsh--- c:\windows\system32\bookls
2009-05-16 21:41 80,896 a---h--- c:\windows\internat.exe
2009-05-16 21:41 65,024 a------- C:\calc.exe
2009-05-16 19:13 <DIR> --d----- c:\windows\pss
2009-05-15 22:19 32,592 a------- c:\windows\system32\msonpmon.dll
2009-05-15 22:13 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-05-15 22:12 <DIR> --d----- c:\windows\SHELLNEW
2009-05-15 21:05 27,136 a--sh--- c:\documents and settings\all users\proto.dll
2009-05-14 20:07 <DIR> --d----- c:\program files\ESET
==================== Find3M ====================
2009-05-17 07:38 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-14 20:47 4,113 a------- c:\windows\mozver.dat
2009-04-05 17:34 639,224 a------- c:\windows\system32\drivers\sptd.sys
2009-04-05 17:26 21,640 a------- c:\windows\system32\emptyregdb.dat
============= FINISH: 23:48:28.62 ===============
Attached Files
Edited by Orange Blossom, 11 February 2013 - 05:03 AM.
Deactivate link. ~ OB