Multiple instances of iexplorer in Task Manager appearing?

I noticed that once in a while, my taskmanager would fill with four or more "iexplorer" lines, when I in fact did not open Internet Explorer at all. I noticed because it began to lag an online game I was playing, and then later on I saw a window pop up and immediately disappear. Upon opening the Task Manager again, I found about a dozen of these "iexplorer" lines, however nȯne of them were actual windows or tabs on the start bar. I ran a quick search with Malwarebyt's anti-maleware remover that found nothing, then did a full scan of the C: drive with it. I'm running Windows XP.

It told me that there were some trojans in the "C:\System Volume Information" directory. Having never heard of this directory and curious, I went and opened the C: folder to find it, turned off the "hide system files" setting and such, but through some quirk my computer ended up freezing and requiring a hard reset before I could actually clear the files.

My question though is: Is it safe to remove those files? All I know is that the folder contains "system restore point" information. If necessary, I can run the 2+ hour scan again and post the log it creates.

This topic sounds kind of like my problem:
http://www.geekpolice.net/virus-spyware-malware-removal-f11/virus-help-internet-explorer-keeps-appearing-on-task-manager-when-ie-is-not-open-t11656.htm?highlight=explorer

Except I don't seem to have trouble with hanging links like this person mentioned, and as I said, a quick scan with MBAM doesn't find anything. Should I follow through with ComboFix as suggested there? I think I read elsewhere on this site that it's a strong tool that's usually best removed after using, and never used when one doesn't know what they're doing.

Update: I went ahead and did the full scal with MBAM and cleared the trojans, but after the computer restarted, the same thing happened again with iexplorers appearing. And now there's a nameless tab on the Start bar at the bottom, with an icon resembling vertical lines that increase in height. I've also started to get ad pages popping up once in a while So now I'm really lost.

Here is a HijackThis log if it helps:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:15, on 1/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\adobemedia.exe
C:\Program Files\Medialink\MWN-USB54G\Installer\WINXP\MWN-USB54G Wireless Client Utility .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [adobemedia.exe] C:\WINDOWS\system32\adobemedia.exe
O4 - Global Startup: MWN-USB54G Wireless Client Utility .lnk = C:\Program Files\Medialink\MWN-USB54G\Installer\WINXP\MWN-USB54G Wireless Client Utility .exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\PR17.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7945 bytes

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Hello, and thank you for the help you and others serve here:

ComboFix 10-01-02.05 - Compaq_Owner 01/03/2010 9:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.712 [GMT -7]
Running from: c:\documents and settings\Compaq_Owner\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-117609710-484061587-682003330-1003
c:\recycler\S-1-5-21-2053617178-2483209208-711516678-1009
c:\windows\ujisikom.dll
C:\8003199.exe
C:\8942225.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\MWN-USB54G Wireless Client Utility .lnk
c:\recycler\S-1-5-21-117609710-484061587-682003330-1003\desktop.ini
c:\recycler\S-1-5-21-117609710-484061587-682003330-1003\INFO2
c:\recycler\S-1-5-21-2053617178-2483209208-711516678-1009\Dc38.zip
c:\recycler\S-1-5-21-2053617178-2483209208-711516678-1009\Dc39.zip
c:\recycler\S-1-5-21-2053617178-2483209208-711516678-1009\Dc40.jpg
c:\recycler\S-1-5-21-2053617178-2483209208-711516678-1009\desktop.ini
c:\recycler\S-1-5-21-2053617178-2483209208-711516678-1009\INFO2
C:\Thumbs.db
c:\windows\system32\PR15.DLL
c:\windows\system32\WORK.DAT
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-02 22:38 . 2010-01-02 22:38 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-02 20:50 . 2010-01-02 20:50 13312 ---ha-w- c:\windows\system32\adobemedia.exe
2010-01-02 20:50 . 2010-01-02 20:50 24576 ----a-w- c:\windows\system32\PR17.DLL
2010-01-02 06:49 . 2010-01-02 22:01 0 ---ha-w- c:\windows\system32\wupd.dat
2010-01-02 06:49 . 2010-01-02 20:50 13312 ---ha-w- c:\windows\system32\wexe.exe
2010-01-02 06:49 . 2010-01-02 06:49 24576 ----a-w- c:\windows\system32\PR16.DLL
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\McAfee
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\McAfee.com
2009-12-21 19:02 . 2009-12-21 19:24 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\tdbfgt
2009-12-17 23:35 . 2009-12-17 23:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-12-17 22:27 . 2009-12-17 22:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-17 22:27 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 22:27 . 2009-12-17 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-17 22:27 . 2010-01-02 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 22:27 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 22:26 . 2006-08-15 18:15 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2009-12-17 22:26 . 2009-12-17 22:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 1.42
2009-12-17 22:25 . 2009-12-17 22:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-12-17 22:24 . 2009-12-17 22:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-17 22:00 . 2009-12-17 23:33 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\jjxqqr
2009-12-15 21:14 . 2009-12-15 21:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DivX
2009-12-12 02:48 . 2009-10-13 08:50 133632 ----a-w- c:\windows\system32\drivers\Mkd2kfNT.sys
2009-12-12 02:48 . 2009-07-13 08:37 79360 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2009-12-12 02:47 . 2009-12-12 02:47 -------- d-----w- c:\program files\AhnLab
2009-12-12 02:03 . 2009-12-12 02:17 65536 ----a-w- c:\windows\IFinst27.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 20:51 . 2009-11-15 20:45 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-29 20:51 . 2009-11-15 20:45 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-24 22:12 . 2009-11-06 06:13 -------- d-----w- c:\program files\Magic Set Editor 2
2009-12-24 20:05 . 2007-12-22 23:28 -------- d-----w- c:\program files\YouTUBE (TM) movie downloader
2009-12-21 19:14 . 2009-11-14 05:32 68608 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 06:47 . 2009-11-15 20:45 88 --sh--r- c:\documents and settings\All Users\Application Data\7F3C38874E.sys
2009-12-18 06:47 . 2009-11-15 20:45 88 --sh--r- c:\documents and settings\All Users\Application Data\7F3C38874E.sys
2009-12-16 19:57 . 2009-10-02 05:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\U3
2009-12-12 03:08 . 2006-01-11 06:12 -------- d-----w- c:\program files\Gravity
2009-11-28 16:31 . 2009-11-28 16:31 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-27 20:35 . 2006-07-24 19:10 -------- d-----w- c:\program files\portalgraphics
2009-11-25 04:19 . 2009-11-25 04:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Ventrilo
2009-11-25 04:14 . 2009-11-25 04:14 -------- d-----w- c:\program files\Ventrilo
2009-11-25 04:13 . 2009-11-25 04:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-19 04:58 . 2009-11-19 04:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Aim
2009-11-14 19:23 . 2009-11-14 19:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-14 05:52 . 2006-01-09 22:05 -------- d-----w- c:\program files\DivX
2009-11-14 05:51 . 2009-11-14 05:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 05:35 . 2009-10-01 05:53 -------- d-----w- c:\program files\Microsoft
2009-11-14 05:35 . 2009-11-14 05:34 -------- d-----w- c:\program files\Windows Live
2009-11-14 05:35 . 2009-11-14 05:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 05:33 . 2009-11-14 05:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 05:29 . 2009-11-14 05:29 -------- d-----w- c:\program files\DIFX
2009-11-12 06:12 . 2009-11-12 06:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\fltk.org
2009-11-09 06:10 . 2009-10-06 05:07 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-07 05:46 . 2009-11-01 06:09 453296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 04:20 . 2005-06-25 05:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 04:20 . 2009-10-28 04:20 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-10-28 04:20 . 2009-10-28 04:20 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2009-10-28 04:20 . 2009-10-28 04:20 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-10-28 04:20 . 2009-10-28 04:20 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-10-28 04:20 . 2009-10-28 04:20 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-10-28 04:20 . 2009-10-28 04:20 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-10-28 04:20 . 2009-10-28 04:20 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-10-28 04:20 . 2009-10-28 04:20 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 19:37 . 2009-10-12 19:37 65536 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58A4DBF-1D3A-415E-A35E-EED095A937AC}\_E6F1149B6427_4721_AF20_B0204398B4D8.exe
2009-10-12 19:37 . 2009-10-12 19:37 18902 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58A4DBF-1D3A-415E-A35E-EED095A937AC}\icons.exe
2009-10-12 18:16 . 2009-10-12 18:16 5535056 ----a-w- C:\lide20lide30n670un676un1240uvst7031a_xpen.exe
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 05:07 . 2009-10-06 05:07 56 --sh--r- c:\windows\system32\4E87383C7F.sys
2006-04-11 04:29 . 2006-04-11 04:29 8715352 ----a-w- c:\program files\Install_AIM.exe
2006-02-19 20:34 . 2006-02-19 20:34 9409224 ----a-w- c:\program files\Install_MSN_Messenger.exe
2006-06-26 04:12 . 2006-06-26 04:12 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-06-26 04:12 . 2006-06-26 04:12 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-26 04:12 . 2006-06-26 04:12 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@desktop@.dat
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"adobemedia.exe"="c:\windows\system32\adobemedia.exe" [2010-01-02 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"PCDrProfiler"="" [N/A]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-16 180269]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-16 98304]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [12/11/2009 19:48 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [12/11/2009 19:48 79360]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-04 00:12]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-12-24 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.playonline.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 09:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2010-01-03 09:34:54
ComboFix-quarantined-files.txt 2010-01-03 16:34

Pre-Run: 14,082,244,608 bytes free
Post-Run: 15,045,124,096 bytes free

- - End Of File - - 4FB782035E2273AB2C8332A298792FF5

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   killall::
   
   File::
   c:\windows\system32\PR17.DLL
   c:\windows\system32\adobemedia.exe
   c:\windows\system32\PR16.DLL
   c:\windows\system32\wupd.dat
   c:\windows\system32\wexe.exe
   c:\windows\IFinst27.exe
   C:\lide20lide30n670un676un1240uvst7031a_xpen.exe
   c:\windows\system32\drivers\Mkd2Nadr.sys
   c:\windows\system32\drivers\Mkd2kfNT.sys
   c:\WINDOWS\system32\dpvsetup.exe
   c:\Program Files\Ventrilo\Ventrilo.exe
   
   Folder::
   c:\documents and settings\Compaq_Owner\Local Settings\Application Data\tdbfgt
   c:\documents and settings\Compaq_Owner\Local Settings\Application Data\jjxqqr
   c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58A4DBF-1D3A-415E-A35E-EED095A937AC}
   
   DirLook::
   c:\documents and settings\Administrator\Application Data\U3
   
   Registry::
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "adobemedia.exe"=-
   
   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
   "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=-
   "c:\\WINDOWS\\system32\\dpvsetup.exe"=-
   
   Driver::
   Mkd2kfNt
   Mkd2Nadr
   
   FixCSet::
   Reboot::
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

==

Open a run line by clicking start -> run

Copy and paste the following bolded text into the Open: box and click OK

cmd /k cd\ && dir c:\atapi.sys /a /s > atapi.txt && notepad atapi.txt

Paste back the contents of the atapi.txt

ComboFix's new log:

ComboFix 10-01-02.05 - Compaq_Owner 01/03/2010 14:46:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.618 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Commy.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFscript.txt

FILE ::
"C:\lide20lide30n670un676un1240uvst7031a_xpen.exe"
"c:\program files\Ventrilo\Ventrilo.exe"
"c:\windows\IFinst27.exe"
"c:\windows\system32\adobemedia.exe"
"c:\windows\system32\dpvsetup.exe"
"c:\windows\system32\drivers\Mkd2kfNT.sys"
"c:\windows\system32\drivers\Mkd2Nadr.sys"
"c:\windows\system32\PR16.DLL"
"c:\windows\system32\PR17.DLL"
"c:\windows\system32\wexe.exe"
"c:\windows\system32\wupd.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58A4DBF-1D3A-415E-A35E-EED095A937AC}
c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58A4DBF-1D3A-415E-A35E-EED095A937AC}\_E6F1149B6427_4721_AF20_B0204398B4D8.exe
c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{F58A4DBF-1D3A-415E-A35E-EED095A937AC}\icons.exe
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\jjxqqr
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\tdbfgt
C:\lide20lide30n670un676un1240uvst7031a_xpen.exe
c:\program files\Ventrilo\Ventrilo.exe
c:\windows\IFinst27.exe
c:\windows\system32\adobemedia.exe
c:\windows\system32\dpvsetup.exe
c:\windows\system32\drivers\Mkd2kfNT.sys
c:\windows\system32\drivers\Mkd2Nadr.sys
c:\windows\system32\PR16.DLL
c:\windows\system32\PR17.DLL
c:\windows\system32\wexe.exe
c:\windows\system32\wupd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MKD2KFNT
-------\Service_Mkd2kfNt
-------\Service_Mkd2Nadr


((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 16:21 . 2010-01-03 16:34 -------- d-----w- C:\Commy
2010-01-02 22:38 . 2010-01-02 22:38 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\McAfee
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\McAfee.com
2009-12-17 23:35 . 2009-12-17 23:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-12-17 22:27 . 2009-12-17 22:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-17 22:27 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 22:27 . 2009-12-17 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-17 22:27 . 2010-01-02 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 22:27 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 22:26 . 2006-08-15 18:15 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2009-12-17 22:26 . 2009-12-17 22:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 1.42
2009-12-17 22:25 . 2009-12-17 22:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-12-17 22:24 . 2009-12-17 22:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-15 21:14 . 2009-12-15 21:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DivX
2009-12-12 02:47 . 2009-12-12 02:47 -------- d-----w- c:\program files\AhnLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 21:50 . 2009-11-25 04:14 -------- d-----w- c:\program files\Ventrilo
2009-12-29 20:51 . 2009-11-15 20:45 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-29 20:51 . 2009-11-15 20:45 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-24 22:12 . 2009-11-06 06:13 -------- d-----w- c:\program files\Magic Set Editor 2
2009-12-24 20:05 . 2007-12-22 23:28 -------- d-----w- c:\program files\YouTUBE (TM) movie downloader
2009-12-21 19:14 . 2009-11-14 05:32 68608 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 06:47 . 2009-11-15 20:45 88 --sh--r- c:\documents and settings\All Users\Application Data\7F3C38874E.sys
2009-12-18 06:47 . 2009-11-15 20:45 88 --sh--r- c:\documents and settings\All Users\Application Data\7F3C38874E.sys
2009-12-16 19:57 . 2009-10-02 05:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\U3
2009-12-12 03:08 . 2006-01-11 06:12 -------- d-----w- c:\program files\Gravity
2009-11-28 16:31 . 2009-11-28 16:31 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-27 20:35 . 2006-07-24 19:10 -------- d-----w- c:\program files\portalgraphics
2009-11-25 04:19 . 2009-11-25 04:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Ventrilo
2009-11-25 04:13 . 2009-11-25 04:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-19 04:58 . 2009-11-19 04:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Aim
2009-11-14 19:23 . 2009-11-14 19:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-14 05:52 . 2006-01-09 22:05 -------- d-----w- c:\program files\DivX
2009-11-14 05:51 . 2009-11-14 05:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 05:35 . 2009-10-01 05:53 -------- d-----w- c:\program files\Microsoft
2009-11-14 05:35 . 2009-11-14 05:34 -------- d-----w- c:\program files\Windows Live
2009-11-14 05:35 . 2009-11-14 05:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 05:33 . 2009-11-14 05:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 05:29 . 2009-11-14 05:29 -------- d-----w- c:\program files\DIFX
2009-11-12 06:12 . 2009-11-12 06:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\fltk.org
2009-11-09 06:10 . 2009-10-06 05:07 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-07 05:46 . 2009-11-01 06:09 453296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 04:20 . 2005-06-25 05:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 04:20 . 2009-10-28 04:20 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-10-28 04:20 . 2009-10-28 04:20 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2009-10-28 04:20 . 2009-10-28 04:20 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-10-28 04:20 . 2009-10-28 04:20 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-10-28 04:20 . 2009-10-28 04:20 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-10-28 04:20 . 2009-10-28 04:20 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-10-28 04:20 . 2009-10-28 04:20 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-10-28 04:20 . 2009-10-28 04:20 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 05:07 . 2009-10-06 05:07 56 --sh--r- c:\windows\system32\4E87383C7F.sys
2006-04-11 04:29 . 2006-04-11 04:29 8715352 ----a-w- c:\program files\Install_AIM.exe
2006-02-19 20:34 . 2006-02-19 20:34 9409224 ----a-w- c:\program files\Install_MSN_Messenger.exe
2006-06-26 04:12 . 2006-06-26 04:12 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-06-26 04:12 . 2006-06-26 04:12 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-26 04:12 . 2006-06-26 04:12 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@desktop@.dat
.


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator\Application Data\U3 ----

2009-12-17 22:29 . 2006-01-30 02:19 9062 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\F341CFFF-7836-4016-A7D6-E203E64100C7\Manifest\u3.ico
2009-12-17 22:29 . 2006-09-17 20:29 2518 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\F341CFFF-7836-4016-A7D6-E203E64100C7\Manifest\manifest.u3i
2009-12-17 22:29 . 2009-12-17 22:30 591 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\lplog.txt
2009-12-17 22:26 . 2006-08-15 18:15 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2007-06-07 22:14 . 2007-06-07 22:14 3477504 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\Launchpad.exe
2006-11-30 03:05 . 2006-11-30 03:05 1901 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPSecurityExtension.dll.sig
2006-11-30 00:42 . 2006-11-30 00:42 1650688 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPSecurityExtension.dll
2006-11-16 22:00 . 2006-11-16 22:00 12 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\version.dat
2006-11-16 21:38 . 2006-11-16 21:38 622592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\U3LauncherSetup.msi
2006-11-14 18:34 . 2006-11-14 18:34 78576 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPHelp-ch.chm
2006-11-14 18:34 . 2006-11-14 18:34 98339 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPHelp-de.chm
2006-11-14 18:34 . 2006-11-14 18:34 94194 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPHelp-es.chm
2006-11-14 18:34 . 2006-11-14 18:34 95968 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPHelp-fr.chm
2006-11-14 18:34 . 2006-11-14 18:34 94331 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPHelp-it.chm
2006-11-14 18:34 . 2006-11-14 18:34 90017 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPHelp-jp.chm
2006-11-05 17:44 . 2006-11-05 17:44 1163264 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\u3dapi10.dll
2006-10-14 07:41 . 2006-10-14 07:41 109621 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\LPHelp-en.chm
2006-10-13 00:38 . 2006-10-13 00:38 49152 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\U3AccessGrant.exe
2006-09-19 16:54 . 2006-09-19 16:54 58842 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\Loading.gif
2006-09-19 16:54 . 2006-09-19 16:54 328 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\Loading.htm
2006-08-15 18:15 . 2006-08-15 18:15 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\06413C70F0D1B8D8\cleanup.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"PCDrProfiler"="" [N/A]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-16 180269]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-16 98304]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-04 00:12]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-12-24 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.playonline.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ragnarok Online - c:\windows\IFinst27.exe
AddRemove-Ragnarok Sakray - c:\windows\IFinst27.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 14:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-01-03 14:57:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-03 21:57
ComboFix2.txt 2010-01-03 16:34

Pre-Run: 15,061,696,512 bytes free
Post-Run: 14,943,989,760 bytes free

- - End Of File - - 5FE9E0BF2DDCDCC1EA0AB1577218457C


Atapi.txt:

Volume in drive C is PRESARIO
Volume Serial Number is 4B47-B271

Directory of c:\WINDOWS\$NtServicePackUninstall$

08/04/2004 05:00 95,360 atapi.sys
1 File(s) 95,360 bytes

Directory of c:\WINDOWS\ERDNT\cache

04/13/2008 11:40 96,512 atapi.sys
1 File(s) 96,512 bytes

Directory of c:\WINDOWS\ServicePackFiles\i386

04/13/2008 11:40 96,512 atapi.sys
1 File(s) 96,512 bytes

Directory of c:\WINDOWS\system32\drivers

04/13/2008 11:40 96,512 atapi.sys
1 File(s) 96,512 bytes

Total Files Listed:
4 File(s) 384,896 bytes
0 Dir(s) 14,960,021,504 bytes free

Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Here is the log after a full scan. I have MBAM fully updated, but no infections were found.

Malwarebytes' Anti-Malware 1.43
Database version: 3482
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/3/2010 21:29:34
mbam-log-2010-01-03 (21-29-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 349711
Time elapsed: 2 hour(s), 26 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The Task Manager doesn't seem to spawn several iexplorers anymore. When I open Internet Explorer, two are listed in the task manager. They don't get listed next to each other or jump around like the malicious ones did, one's about 24,000-47,000 K and the other hanges around 2,000 K. Is that normal?

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:


Save this as seek.bat Choose to "Save as type - All Files"
Double click on seek.bat & allow it to run

Post back to tell me what it says

Following those instructions created a log stating this:

\Program Files\AhnLab\ASP\MyKeyDefense 2.5\mkd2nadr.sys
\Program Files\AhnLab\ASP\Smart Update i\update\patch\40\win\p\mykd25\nt\mkd2nadr.sys

My bad. Good thing we checked that. Otherwise your AV software would not work correctly.

Re-running ComboFix to replace AhnLab drivers:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   FCopy::
   C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\mkd2nadr.sys | c:\windows\system32\drivers\Mkd2nadr.sys
   C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\mkd2kfnt.sys | c:\windows\system32\drivers\Mkd2kfNT.sys
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

I installed McAfee at some point before the second scan with ComboFix. I thought I had disabled everything, but in this log toward the top it mentions that "McAfee Personal Firewall" was "enabled", so I guess I didn't turn everything off. Would that have interferred with the scan? Then after the scan, I re-enabled McAfee's protections, and some while later it identified ComboFix(or "commy.exe" as I renamed upon download) as a trojan and removed it with the CFscript.txt file. Should I worry about that?

ComboFix 10-01-03.03 - Compaq_Owner 01/03/2010 22:54:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.473 [GMT -7]
Running from: c:\documents and settings\Compaq_Owner\Desktop\commy.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\program files\AhnLab\ASP\MyKeyDefense 2.5\mkd2nadr.sys --> c:\windows\system32\drivers\Mkd2nadr.sys
c:\program files\AhnLab\ASP\MyKeyDefense 2.5\mkd2kfnt.sys --> c:\windows\system32\drivers\Mkd2kfNT.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 05:54 . 2009-10-13 08:50 133632 ----a-w- c:\windows\system32\drivers\Mkd2kfNT.sys
2010-01-04 05:54 . 2009-07-13 08:37 79360 ----a-w- c:\windows\system32\drivers\Mkd2nadr.sys
2010-01-04 05:23 . 2010-01-04 05:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-01-04 05:16 . 2010-01-04 05:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-04 05:13 . 2010-01-04 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-01-04 05:10 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-01-04 05:06 . 2009-11-04 23:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-01-04 05:06 . 2010-01-04 05:10 -------- d-----w- c:\windows\LastGood
2010-01-03 16:21 . 2010-01-03 16:34 -------- d-----w- C:\Commy
2010-01-02 22:38 . 2010-01-02 22:38 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-24 22:11 . 2010-01-04 05:12 -------- d-----w- c:\program files\McAfee
2009-12-24 22:11 . 2009-12-24 22:11 -------- d-----w- c:\program files\McAfee.com
2009-12-24 22:11 . 2009-11-04 23:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-24 22:11 . 2009-11-04 23:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-12-24 22:11 . 2009-11-04 23:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-17 23:35 . 2009-12-17 23:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-12-17 22:27 . 2009-12-17 22:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-17 22:27 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 22:27 . 2009-12-17 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-17 22:27 . 2010-01-02 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 22:27 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 22:26 . 2006-08-15 18:15 110592 ----a-w- c:\documents and settings\Administrator\Application Data\U3\temp\cleanup.exe
2009-12-17 22:26 . 2009-12-17 22:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 1.42
2009-12-17 22:25 . 2009-12-17 22:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-12-17 22:24 . 2009-12-17 22:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-15 21:14 . 2009-12-15 21:14 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\DivX
2009-12-12 02:47 . 2009-12-12 02:47 -------- d-----w- c:\program files\AhnLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 05:16 . 2006-07-29 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-03 21:50 . 2009-11-25 04:14 -------- d-----w- c:\program files\Ventrilo
2009-12-29 20:51 . 2009-11-15 20:45 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-29 20:51 . 2009-11-15 20:45 1890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-12-24 22:12 . 2009-11-06 06:13 -------- d-----w- c:\program files\Magic Set Editor 2
2009-12-24 20:05 . 2007-12-22 23:28 -------- d-----w- c:\program files\YouTUBE (TM) movie downloader
2009-12-21 19:14 . 2009-11-14 05:32 68608 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 06:47 . 2009-11-15 20:45 88 --sh--r- c:\documents and settings\All Users\Application Data\7F3C38874E.sys
2009-12-18 06:47 . 2009-11-15 20:45 88 --sh--r- c:\documents and settings\All Users\Application Data\7F3C38874E.sys
2009-12-16 19:57 . 2009-10-02 05:35 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\U3
2009-12-12 03:08 . 2006-01-11 06:12 -------- d-----w- c:\program files\Gravity
2009-11-28 16:31 . 2009-11-28 16:31 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-11-27 20:35 . 2006-07-24 19:10 -------- d-----w- c:\program files\portalgraphics
2009-11-25 04:19 . 2009-11-25 04:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Ventrilo
2009-11-25 04:13 . 2009-11-25 04:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-19 04:58 . 2009-11-19 04:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Aim
2009-11-14 19:23 . 2009-11-14 19:23 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-14 05:52 . 2006-01-09 22:05 -------- d-----w- c:\program files\DivX
2009-11-14 05:51 . 2009-11-14 05:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 05:35 . 2009-10-01 05:53 -------- d-----w- c:\program files\Microsoft
2009-11-14 05:35 . 2009-11-14 05:34 -------- d-----w- c:\program files\Windows Live
2009-11-14 05:35 . 2009-11-14 05:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 05:33 . 2009-11-14 05:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 05:29 . 2009-11-14 05:29 -------- d-----w- c:\program files\DIFX
2009-11-12 06:12 . 2009-11-12 06:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\fltk.org
2009-11-09 06:10 . 2009-10-06 05:07 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-07 05:46 . 2009-11-01 06:09 453296 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-04 23:54 . 2009-11-04 23:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 04:20 . 2005-06-25 05:31 81867 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-28 04:20 . 2009-10-28 04:20 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-10-28 04:20 . 2009-10-28 04:20 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\scripts\devcon.exe
2009-10-28 04:20 . 2009-10-28 04:20 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-10-28 04:20 . 2009-10-28 04:20 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-10-28 04:20 . 2009-10-28 04:20 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-10-28 04:20 . 2009-10-28 04:20 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-10-28 04:20 . 2009-10-28 04:20 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-10-28 04:20 . 2009-10-28 04:20 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2006-04-11 04:29 . 2006-04-11 04:29 8715352 ----a-w- c:\program files\Install_AIM.exe
2006-02-19 20:34 . 2006-02-19 20:34 9409224 ----a-w- c:\program files\Install_MSN_Messenger.exe
2006-06-26 04:12 . 2006-06-26 04:12 60526 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-06-26 04:12 . 2006-06-26 04:12 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-06-26 04:12 . 2006-06-26 04:12 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@desktop@.dat
2009-10-06 05:07 . 2009-10-06 05:07 56 --sh--r- c:\windows\system32\4E87383C7F.sys
.


((((((((((((((((((((((((((((( SnapShot@2010-01-03_16.32.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2008-04-14 00:12 83456 c:\windows\system32\dllcache\dpvsetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"PCDrProfiler"="" [N/A]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-16 180269]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-16 98304]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/3/2010 22:12 203280]
S2 0273681262581811mcinstcleanup;McAfee Application Installer Cleanup (0273681262581811);c:\docume~1\COMPAQ~1\LOCALS~1\Temp\027368~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\027368~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HTTPFILTER
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MCAFEE_SITEADVISOR_SERVICE
*NewlyCreated* - MCMSCSVC
*NewlyCreated* - MCNASVC
*NewlyCreated* - MCPROXY
*NewlyCreated* - MCSHIELD
*NewlyCreated* - MCSYSMON
*NewlyCreated* - MFEAVFK
*NewlyCreated* - MFEBOPK
*NewlyCreated* - MFEHIDK
*NewlyCreated* - MFERKDK
*NewlyCreated* - MFESMFK
*NewlyCreated* - MPFP
*NewlyCreated* - MPFSERVICE
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-04 00:12]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-12-24 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.playonline.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-03 23:02:06
ComboFix-quarantined-files.txt 2010-01-04 06:01
ComboFix2.txt 2010-01-03 21:57
ComboFix3.txt 2010-01-03 16:34

Pre-Run: 14,817,120,256 bytes free
Post-Run: 14,796,824,576 bytes free

- - End Of File - - D2ADC57BC4CE136140191E80ADE06C20

It is fine now.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Here is the created log. At this point nothing seems to be weird on the outside; I only ever have as many iexplorers in the Task Manager as I have Internet Explorer windows conciously open. This scan found 10 files, and when it finished, it had the option to check a box next to "Delete Quarantined Files" before clicking "Finish" to close the window, so I still have it up in case that's what I should do.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cf8c8495aac5234d8b9a219f731c1e57
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-01-04 06:42:42
# local_time=2010-01-04 11:42:42 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776869 100 96 0 15457365 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=221980
# found=10
# cleaned=10
# scan_time=6323
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\0124a02419.exe a variant of Win32/Starter.NAI trojan (cleaned by deleting - quarantined) 18EB45C07FF9932511ED995F56D7EB3B C
C:\Qoobox\Quarantine\C\WINDOWS\system32\PR15.DLL.vir a variant of Win32/Agent.QOH trojan (cleaned by deleting - quarantined) F3B05A02F034A43AF91F8465AEDBD8E5 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP119\A0021437.exe a variant of Win32/Agent.QOH trojan (cleaned by deleting - quarantined) A80E601D3D7B1CDFF79BCE6A5A807579 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP120\A0022521.DLL a variant of Win32/Agent.QOH trojan (cleaned by deleting - quarantined) F3B05A02F034A43AF91F8465AEDBD8E5 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP120\A0022608.exe probably unknown NewHeur_PE virus (deleted - quarantined) 7140D1037338373029BDCB52D2C08DFE C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP120\A0022612.DLL a variant of Win32/Agent.QOH trojan (cleaned by deleting - quarantined) F3B05A02F034A43AF91F8465AEDBD8E5 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP120\A0022613.DLL a variant of Win32/Agent.QOH trojan (cleaned by deleting - quarantined) 4B320AC0926D0758981958ADB8D6D269 C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP120\A0022614.exe probably unknown NewHeur_PE virus (deleted - quarantined) 7140D1037338373029BDCB52D2C08DFE C
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP121\A0023196.exe a variant of Win32/Starter.NAI trojan (cleaned by deleting - quarantined) 18EB45C07FF9932511ED995F56D7EB3B C
C:\WINDOWS\mpib402.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) F4F8CE55AEC752A3BB7306BC9BD25A90 C

These two need removed:
C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\0124a02419.exe a variant of Win32/Starter.NAI trojan (cleaned by deleting - quarantined) 18EB45C07FF9932511ED995F56D7EB3B C

C:\WINDOWS\mpib402.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) F4F8CE55AEC752A3BB7306BC9BD25A90 C

=====

For the rest of them:

There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

I'm sorry, how should I "remove" the two files you mentioned at the beginning of your post?

C:\Documents and Settings\NetworkService\Application Data\Macromedia\Common\0124a02419.exe a variant of Win32/Starter.NAI trojan (cleaned by deleting - quarantined) 18EB45C07FF9932511ED995F56D7EB3B C

C:\WINDOWS\mpib402.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) F4F8CE55AEC752A3BB7306BC9BD25A90 C

You said this:

This scan found 10 files, and when it finished, it had the option to check a box next to "Delete Quarantined Files" before clicking "Finish" to close the window, so I still have it up in case that's what I should do.

So, I was telling you what should be removed.

===

If you are using McAfee now, then remove AhnLab's protection.

I see, thank you. I followed those instructions, and the Quick Scan with MBAM turned up no infected files.

Malwarebytes' Anti-Malware 1.43
Database version: 3493
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2010 13:06:30
mbam-log-2010-01-04 (13-06-30).txt

Scan type: Quick Scan
Objects scanned: 117616
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Update: The bloated second iexplorer seems to be present. I don't think it's spawning other iexplorers in the Task Manager, and if I exit the one window I have up it goes away with the normal iexplorer leaving nȯne, but when I open the window back up it, two iexplorers become listed again. I haven't done anything or gone anywhere but this forum.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

That will happen with Internet Explorer. Especially version 8. It seems to multiply processes to make sure it does not crash. Most of the time, you will have two iexplore.exe processes listed. One is for the current session your are on (what you see in the window), and the other is a backup. If an Internet Explorer process crashes, the other process kicks in to replace it, and you get a message saying it crashed but IE restored the tabs.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

I have no more questions. Thank you SO MUCH for your clear, prompt, and patient help through this and following information. I definately want to go through the learning program talked about on this site during a less busy college semester and learn how all of this works. I'll recommend you guys to everyone I meet!

Very well.