Multiple "iexplore" instances, suspicious adobemedia.exe found

I was reading through a thread which seemed to cover a very similar problem I've recently encountered on my computer. It can most easily be identified by the multiple instances of "iexplore" spawning.

http://www.geekpolice.net/virus-spyware-malware-removal-f11/multiple-instances-of-iexplorer-in-task-manager-appearing-t17665.htm

The first thing I noticed was my Google Desktop flashing, then a message asking if I wanted to make IE my default browser. I checked the task manager and had multiple instances of "iexplore" which I ended but only to have them respawn. I use Google Chrome as my default browser and noticed that any website I tried to access would return a "Web page not available" error. I tried IE and my searches would get redirected, possibly some DNS attack. I tried Firefox and that seemed to have the same issue, could google search but clicking on any result would land me at something like searchquest.com. I ran ATF Cleaner, cleared all for IE and Firefox. I ran Hijackthis, noticed a suspicious "adobemedia.exe" and removed that, but it reappeared upon restarting. I ran Malwarebytes, updated, full-scanned and no infected items appeared. I became worried about leaving my computer connected to the internet so I pulled the network cable and switched over to a crappy spare laptop. However, I noticed the instances of "iexplore" would continue to spawn. As a quick fix for the spawning, I changed the iexplore.exe file to iFAIL.exe and that's working. I'm inclined to say the problem is that adobemedia.exe, but you're the experts, so I'll sit and wait to see what you guys can come up with.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:44 AM, on 1/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\program files\steam\steam.exe
C:\Documents and Settings\JOHNATHAN\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\JOHNAT~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wexe.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\JOHNATHAN\Desktop\HijackThis.exe

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\JOHNATHAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [adobemedia.exe] C:\WINDOWS\system32\adobemedia.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A64AA40-16BC-4324-B004-3FEFDF91BE6C}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\PR19.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 5699 bytes


Note:
The first O2 - BHO and the two O8 - Extra context menu items come up with the use of a download manager called Flashget, I assume these are harmless.
The O17 is due to a DNS direction which I entered per recommendation by Time Warner Cable.


In anticipation of having to download ComboFix would you advise is safe to use a USB drive to transfer files to and from this laptop and my infected computer? I had another virus a while back (amv0, I think) and that spread by removable media so I'm hesitant.

In advance, thank you so much for your time!
Johnathan

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Thanks Jay.

ComboFix 10-01-04.01 - JOHNATHAN 01/06/2010 8:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1700 [GMT -8:00]
Running from: c:\documents and settings\JOHNATHAN\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JOHNATHAN\Application Data\inst.exe
c:\windows\system32\WORK.DAT

.
((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-04 06:51 . 2010-01-06 15:58 0 ---ha-w- c:\windows\system32\wupd.dat
2010-01-04 06:51 . 2010-01-04 08:20 13312 ---ha-w- c:\windows\system32\wexe.exe
2010-01-04 06:51 . 2010-01-04 08:20 13312 ---ha-w- c:\windows\system32\adobemedia.exe
2010-01-04 06:51 . 2010-01-04 06:51 24576 ----a-w- c:\windows\system32\PR19.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 16:12 . 2009-06-09 02:12 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\Skype
2010-01-06 16:11 . 2009-06-09 02:13 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\skypePM
2010-01-06 16:11 . 2009-06-09 23:47 -------- d-----w- c:\program files\Steam
2010-01-05 07:15 . 2009-07-01 07:41 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\IM
2010-01-04 07:27 . 2009-06-09 06:24 -------- d-----w- c:\program files\FlashGet
2010-01-04 07:26 . 2009-11-15 20:12 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\vlc
2010-01-04 06:58 . 2009-06-09 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 06:58 . 2009-06-19 22:46 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-31 07:34 . 2009-06-09 08:29 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\SolidWorks
2009-12-30 22:55 . 2009-06-09 08:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 22:54 . 2009-06-09 08:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 04:15 . 2009-06-10 07:15 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\Spotify
2009-12-16 02:10 . 2009-06-09 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-05 19:07 . 2009-06-09 02:16 55832 ----a-w- c:\documents and settings\JOHNATHAN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 11:04 . 2009-06-09 23:22 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 11:06 . 2009-12-03 11:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-03 11:01 . 2009-12-03 11:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-17 16:19 . 2009-11-17 16:19 79488 ----a-w- c:\documents and settings\JOHNATHAN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 20:01 . 2009-11-15 19:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-29 07:45 . 2008-04-14 12:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:42 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:41 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 07:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 12:42 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:42 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:42 79872 ----a-w- c:\windows\system32\raschap.dll
2009-12-04 18:21 . 2009-06-19 22:36 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]
"Steam"="c:\program files\steam\steam.exe" [2009-11-07 1217808]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-07-16 25604904]
"adobemedia.exe"="c:\windows\system32\adobemedia.exe" [2010-01-04 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-04 30192]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-10 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\JOHNATHAN\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-8 809488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Steam\\steamapps\\dontstealmyshit\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/9/2009 12:08 AM 721904]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/8/2009 6:25 PM 10384]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9/9/2008 5:01 AM 79144]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/8/2009 6:16 PM 30192]
S3 iJoyKB;ZooZ Control Keyboard;c:\windows\system32\DRIVERS\iJoyKB.sys --> c:\windows\system32\DRIVERS\iJoyKB.sys [?]
S3 iJoyM;ZooZ Control Mouse;c:\windows\system32\drivers\iJoyM.sys [11/15/2009 12:04 PM 5504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-839522115-1801674531-1003Core.job
- c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 05:31]

2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-839522115-1801674531-1003UA.job
- c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 05:31]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: {4A64AA40-16BC-4324-B004-3FEFDF91BE6C} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\documents and settings\JOHNATHAN\Application Data\Mozilla\Firefox\Profiles\8ucw1zbn.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 08:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DCD1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> atapi.sys @ 0xb7dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb7cdfbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7ceca21
SendHandler -> NDIS.sys @ 0xb7cca87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1804)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\SetPoint\LU\LULnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\docume~1\JOHNAT~1\LOCALS~1\Temp\SolidWorksLicTemp.0001
c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
.
**************************************************************************
.
Completion time: 2010-01-06 08:14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-06 16:13

Pre-Run: 6,005,952,512 bytes free
Post-Run: 6,055,739,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BBDE379D5FD2BA40B78C8C94BCE7B89B

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\windows\system32\wupd.dat
   c:\windows\system32\wexe.exe
   c:\windows\system32\adobemedia.exe
   c:\windows\system32\PR19.DLL
   
   Registry::
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "adobemedia.exe"=-
   
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

ComboFix 10-01-04.01 - JOHNATHAN 01/06/2010 16:30:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1715 [GMT -8:00]
Running from: c:\documents and settings\JOHNATHAN\Desktop\commy.exe
Command switches used :: c:\documents and settings\JOHNATHAN\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\adobemedia.exe"
"c:\windows\system32\PR19.DLL"
"c:\windows\system32\wexe.exe"
"c:\windows\system32\wupd.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\adobemedia.exe
c:\windows\system32\PR19.DLL
c:\windows\system32\wexe.exe
c:\windows\system32\wupd.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 16:20 . 2009-06-09 02:12 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\Skype
2010-01-06 16:11 . 2009-06-09 02:13 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\skypePM
2010-01-06 16:11 . 2009-06-09 23:47 -------- d-----w- c:\program files\Steam
2010-01-05 07:15 . 2009-07-01 07:41 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\IM
2010-01-04 07:27 . 2009-06-09 06:24 -------- d-----w- c:\program files\FlashGet
2010-01-04 07:26 . 2009-11-15 20:12 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\vlc
2010-01-04 06:58 . 2009-06-09 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 06:58 . 2009-06-19 22:46 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-31 07:34 . 2009-06-09 08:29 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\SolidWorks
2009-12-30 22:55 . 2009-06-09 08:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 22:54 . 2009-06-09 08:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 04:15 . 2009-06-10 07:15 -------- d-----w- c:\documents and settings\JOHNATHAN\Application Data\Spotify
2009-12-16 02:10 . 2009-06-09 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-05 19:07 . 2009-06-09 02:16 55832 ----a-w- c:\documents and settings\JOHNATHAN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 11:04 . 2009-06-09 23:22 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 11:06 . 2009-12-03 11:06 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-03 11:01 . 2009-12-03 11:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-17 16:19 . 2009-11-17 16:19 79488 ----a-w- c:\documents and settings\JOHNATHAN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 20:01 . 2009-11-15 19:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-29 07:45 . 2008-04-14 12:42 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2008-04-14 12:42 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:41 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 07:23 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 12:42 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:42 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:42 79872 ----a-w- c:\windows\system32\raschap.dll
2009-12-04 18:21 . 2009-06-19 22:36 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-06_16.11.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-07 00:29 . 2010-01-07 00:29 16384 c:\windows\Temp\Perflib_Perfdata_344.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-09 133104]
"Steam"="c:\program files\steam\steam.exe" [2009-11-07 1217808]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-04 30192]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-10 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\documents and settings\JOHNATHAN\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-8 809488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Steam\\steamapps\\dontstealmyshit\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/8/2009 6:25 PM 10384]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/9/2009 12:08 AM 721904]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9/9/2008 5:01 AM 79144]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/8/2009 6:16 PM 30192]
S3 iJoyKB;ZooZ Control Keyboard;c:\windows\system32\DRIVERS\iJoyKB.sys --> c:\windows\system32\DRIVERS\iJoyKB.sys [?]
S3 iJoyM;ZooZ Control Mouse;c:\windows\system32\drivers\iJoyM.sys [11/15/2009 12:04 PM 5504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 6:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-839522115-1801674531-1003Core.job
- c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 05:31]

2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-839522115-1801674531-1003UA.job
- c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 05:31]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: {4A64AA40-16BC-4324-B004-3FEFDF91BE6C} = 4.2.2.2,4.2.2.1
FF - ProfilePath - c:\documents and settings\JOHNATHAN\Application Data\Mozilla\Firefox\Profiles\8ucw1zbn.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\JOHNATHAN\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 16:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-01-06 16:34:50
ComboFix-quarantined-files.txt 2010-01-07 00:34
ComboFix2.txt 2010-01-06 16:14

Pre-Run: 6,039,674,880 bytes free
Post-Run: 6,008,160,256 bytes free

- - End Of File - - 455A65CF06EB19B31CAF26088879009B

Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.43
Database version: 3508
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/7/2010 9:19:18 AM
mbam-log-2010-01-07 (09-19-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 226955
Time elapsed: 24 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\adobemedia.exe.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\PR19.DLL.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wexe.exe.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EFF34C35-6989-441B-BB3B-BE30A5FAB8C8}\RP208\A0016040.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EFF34C35-6989-441B-BB3B-BE30A5FAB8C8}\RP209\A0016203.sys (Malware.Trace) -> Quarantined and deleted successfully.

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Cheetah Anti-Rogue v1.0.26
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Thu 01/07/2010 18:47:38.10


-- Known infection --



Extra message: Detection only.


EOF

And the Security Check results please!

Missed that!


Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Finally went through and followed your recommendations.

All seems well on my PC now! Thanks for your help! I really appreciate it.

You are welcome.