Need help please with virus - ipodservice.exe is infected. Do you want to...

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5328

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/16/2010 12:30:39 PM
mbam-log-2010-12-16 (12-30-39).txt

Scan type: Quick scan
Objects scanned: 151050
Time elapsed: 14 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=b2000a7d3c57a04dbdd08229925c6ec3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-16 09:23:31
# local_time=2010-12-16 02:23:31 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777177 100 75 1044462 21676351 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=82311
# found=0
# cleaned=0
# scan_time=5185

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF89F2000 \WINDOWS\system32\KDCOM.DLL
0xF8902000 \WINDOWS\system32\BOOTVID.dll
0xF83C3000 ACPI.sys
0xF89F4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF83B2000 pci.sys
0xF84F2000 isapnp.sys
0xF8906000 compbatt.sys
0xF890A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8ABA000 pciide.sys
0xF8772000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF89F6000 intelide.sys
0xF8502000 MountMgr.sys
0xF8393000 ftdisk.sys
0xF877A000 PartMgr.sys
0xF8512000 VolSnap.sys
0xF837B000 atapi.sys
0xF8522000 disk.sys
0xF8532000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF835B000 fltmgr.sys
0xF8349000 sr.sys
0xF82EC000 mfehidk.sys
0xF82D7000 drvmcdb.sys
0xF8542000 PxHelp20.sys
0xF82C0000 KSecDD.sys
0xF8233000 Ntfs.sys
0xF8206000 NDIS.sys
0xF81EC000 Mup.sys
0xF8702000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF89DE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF79D5000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF79C1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7999000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF884A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7975000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8852000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8712000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF791A000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF8722000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78EB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8A28000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF885A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8862000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8732000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8A2A000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8742000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8752000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF78C8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF886A000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF8B08000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78B4000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF8762000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF89EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF789D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8562000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8572000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8872000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF788C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8582000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7868000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF781D000 \SystemRoot\system32\drivers\mfefirek.sys
0xF887A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8882000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF85B2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8A32000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7797000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF85C2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA6CC000 \SystemRoot\system32\drivers\sthda.sys
0xAA6A8000 \SystemRoot\system32\drivers\portcls.sys
0xF85E2000 \SystemRoot\system32\drivers\drmk.sys
0xAA5D6000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA4D9000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA429000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF888A000 \SystemRoot\System32\Drivers\Modem.SYS
0xF85F2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89AA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8A3E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B6D000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A40000 \SystemRoot\System32\Drivers\Beep.SYS
0xF889A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF88A2000 \SystemRoot\System32\drivers\vga.sys
0xF8A44000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A46000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88AA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88B2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF89BA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA389000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA330000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA31D000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xAA2F7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA2CF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA2AD000 \SystemRoot\System32\drivers\afd.sys
0xF8612000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA282000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA1EA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8632000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8652000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF89DA000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF86F2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA1D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A56000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA3D4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF87EA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B93000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8602000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8C08000 \SystemRoot\system32\dla\tfsndres.sys
0xAA07C000 \SystemRoot\system32\dla\tfsnifs.sys
0xAA1AA000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8A5C000 \SystemRoot\system32\dla\tfsnpool.sys
0xF8802000 \SystemRoot\system32\dla\tfsnboio.sys
0xF8642000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C0A000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA063000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA04A000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA0BA000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA0B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9CFD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8A9A000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF8A9C000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA9C2D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9CD1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9B28000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9D9A000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9019000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8F2D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8DFC000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA9F7A000 \SystemRoot\system32\drivers\mfebopk.sys
0xF8A86000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xA86AD000 \SystemRoot\system32\drivers\kmixer.sys
0xF8892000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
1148 C:\WINDOWS\system32\smss.exe
1272 csrss.exe
1296 C:\WINDOWS\system32\winlogon.exe
1340 C:\WINDOWS\system32\services.exe
1352 C:\WINDOWS\system32\lsass.exe
1512 C:\WINDOWS\system32\svchost.exe
1596 svchost.exe
1632 C:\WINDOWS\system32\svchost.exe
1700 svchost.exe
1760 svchost.exe
452 C:\WINDOWS\explorer.exe
492 C:\WINDOWS\system32\WLTRYSVC.EXE
504 C:\WINDOWS\system32\BCMWLTRY.EXE
592 C:\WINDOWS\system32\spoolsv.exe
700 svchost.exe
764 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
780 C:\Program Files\Bonjour\mDNSResponder.exe
860 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
908 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
968 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
984 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
1124 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1196 C:\WINDOWS\system32\svchost.exe
1276 wdfmgr.exe
1916 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
332 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1796 wmiprvse.exe
2356 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2380 C:\WINDOWS\system32\hkcmd.exe
2388 C:\WINDOWS\system32\igfxpers.exe
2408 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
2424 C:\WINDOWS\stsystra.exe
2432 C:\WINDOWS\system32\WLTRAY.EXE
2448 C:\Program Files\Dell\QuickSet\quickset.exe
2456 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
2480 C:\Program Files\Real\RealPlayer\realplay.exe
2496 C:\WINDOWS\system32\dla\tfswctrl.exe
2512 C:\WINDOWS\system32\igfxsrvc.exe
2600 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2616 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2644 C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
2708 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2908 C:\Program Files\iTunes\iTunesHelper.exe
3052 C:\Program Files\McAfee.com\Agent\mcagent.exe
3108 C:\Program Files\NetWaiting\netwaiting.exe
3288 C:\Program Files\DellSupport\DSAgnt.exe
3308 C:\WINDOWS\system32\wscntfy.exe
3336 C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
3384 C:\Program Files\MSN Messenger\msnmsgr.exe
3404 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3420 C:\Program Files\Digital Line Detect\DLG.exe
3432 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
3452 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
3684 alg.exe
256 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
3156 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
3668 C:\WINDOWS\system32\wuauclt.exe
3736 C:\Program Files\iPod\bin\iPodService.exe
1392 C:\WINDOWS\system32\ctfmon.exe
1588 C:\Documents and Settings\Tricia\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00fb0400 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGMP0402H, Rev: UC200-16

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!

Hi,

How is your computer running now?

It is running great, no issues. Dare we say that we have victory?

Yep, you are all clean.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade

Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===============

Staying Protected

If you don't have a Anti-Virus I recommend to download these free Anti-Virus programs:
1. Avast!
2. Avira
3. Microsoft Security Essentials

If you don't have a good firewall I recommend these free firewalls:
1. Comodo Firewall
2. Tallemu Online Armor

I recommend using MalwareBytes Anti-Malware for a anti-malware program.

If you don't have a anti-spyware I recommend to download these free programs to help keep you spyware free:
1. SpywareBlaster
2. Spybot - Search & Destroy

Please don't download more than one Anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.XP or Vista/7

4. Always make sure you have the latest Windows update.

5. Use a Site Advisor so you don't go to sites that will infect you. Web-of-Trust or Mcafee Siteadvisor

6. Also there are many holes and flaws in Internet Explorer I recommend using Firefox or Google Chrome to keep you more safe.

7. Always keep your Java and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information on keeping yourself safe please visit Here

Thank you so much for helping me with this. Your service is invaluable and I really appreciate it. Thank you again.

You're welcome, glad to help.