Infected with Rootkit.Win32.tdl4

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 16:07:45.18 on Wed 09/15/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.137 [GMT -4:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\regedit.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Documents and Settings\Administrator.WORKGROUP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.mapletronics.com/
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100
TCP: {96679D84-359B-4A1E-8B5C-02B31B19BB94} = 192.168.200.254
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-14 47640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-09-15 19:21:42 0 d-----w- C:\MGtools
2010-09-15 18:55:09 0 d-----w- c:\program files\trend micro
2010-09-15 18:29:08 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-15 18:29:07 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-15 18:29:05 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-09-15 18:29:05 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-09-15 18:29:05 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-09-15 18:27:59 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2010-09-15 18:26:59 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-09-15 18:25:58 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2010-09-15 18:24:58 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2010-09-15 18:23:58 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-09-15 18:22:56 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-09-15 18:21:59 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2010-09-15 18:20:58 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-09-15 18:19:58 27648 -c--a-w- c:\windows\system32\dllcache\cyzports.dll
2010-09-15 18:18:59 66082 -c--a-w- c:\windows\system32\dllcache\c_20420.nls
2010-09-15 18:17:59 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-09-15 15:55:38 0 d-----w- c:\docume~1\admini~1.wor\applic~1\Malwarebytes
2010-09-15 15:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-15 14:13:09 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 15:03:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041620090417\index.dat

============= FINISH: 16:08:36.54 ===============

Good evening.

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

• Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
• When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
• Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

As there has been no response for five days this thread is now closed.