I have an unknown process called mdm0.exe, which tries to access the internet and is also set as an exception in the windows firewall settings. I've disabled it on startup and blocked it via Zone alarm, which told me it was trying to act as a server. Does anyone know what this process is? Thanks

Go here http://www.virustotal.com/en/indexf... and upload that entry. Post back with the result.

Hi, I got the following report: AntiVir 7.2.0.22 09.30.2006 no virus found Authentium 4.93.8 09.29.2006 no virus found Avast 4.7.892.0 09.29.2006 no virus found AVG 386 10.01.2006 no virus found BitDefender 7.2 10.01.2006 BehavesLike:Trojan.FirewallBypass CAT-QuickHeal 8.00 09.30.2006 no virus found ClamAV devel-20060426 10.01.2006 no virus found DrWeb 4.33 10.01.2006 Trojan.Proxy.1159 eTrust-InoculateIT 23.73.10 09.30.2006 no virus found eTrust-Vet 30.3.3106 09.30.2006 no virus found Ewido 4.0 09.30.2006 no virus found Fortinet 2.82.0.0 10.01.2006 suspicious F-Prot 3.16f 09.29.2006 no virus found F-Prot4 4.2.1.29 09.29.2006 no virus found Ikarus 0.2.65.0 09.29.2006 no virus found Kaspersky 4.0.2.24 10.01.2006 no virus found McAfee 4863 09.29.2006 no virus found Microsoft 1.1603 10.01.2006 no virus found NOD32v2 1.1784 09.29.2006 a variant of Win32/Agent.KA Norman 5.90.23 09.29.2006 W32/Malware Panda 9.0.0.4 10.01.2006 Suspicious file Sophos 4.10.0 10.01.2006 no virus found Symantec 8.0 10.01.2006 no virus found TheHacker 6.0.1.088 09.30.2006 no virus found UNA 1.83 09.29.2006 no virus found VBA32 3.11.1 10.01.2006 suspected of Malware.Agent.53 VirusBuster 4.3.7:9 10.01.2006 no virus found File size: 40960 bytes MD5: 32fa8275aa248087bb5fa498a9fae004 SHA1: 22d3dcf24f7d7b2b5967c88b38fd1177ac7de592 packers: UPX Norman SandBox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Decompressing UPX. * File length: 40960 bytes. [ Changes to registry ] * Creates key "HKCUSoftwareMicrosoftSCVMan". * Sets value "Name"="lsass4.exe" in key "HKCUSoftwareMicrosoftSCVMan". * Creates value "SvcManager"="lsass4.exe" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun". [ Security issues ] * Possible backdoor functionality [UNKNOWN] port 15707. * Possible backdoor functionality [UNKNOWN] port 34333. [ Process/window information ] * Will automatically restart after boot (I'll be back...).

Murr asked me to take a look at your post as had some work to manage. Let see what shows up in a Hijack This log. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.