Help, unidentified infection

Hello, I have this odd infection that I can’t get rid of:

Comodo does not detect it, but here are the symptoms:

An application named ctvXXXX.exe or ctvXXX.exe (where the Xs are random numbers) and they keep reappearing in my C:\Documents and Settings\Owner\Local Settings\Temp folder, and COMODO keeps popping up when one of them tries to “access COM interface” for “internetexplorer.application.1” on a regular basis. There is also a 100.dat file that keeps making an appearing as well and doesn’t belong to any program I have. I am also battling a file that I know is malware, “remind_xp” located in C:\WINDOWS\creator. The remind xp files keep reappeaing as well.

Here is my Hijack this log, I hope it helps:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:19 PM, on 8/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Dynex Enhanced G USB Network Adapter\DynexWCUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Digital Media Reader\shwiconem .exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [CHotkey] zHotkey.exe
O4 - HKLM…\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM…\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
O4 - HKLM…\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM…\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM…\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM…\RunOnce: [FolderProtection] regsvr32 ShellvRTF.dll /s
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18…\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -,0,0,101/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Filter hijack: text/html - {d2f5051f-5e9d-47bf-86eb-2994b64a9027} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Just Flight Limited License Service - Just Flight Limited - C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

End of file - 8965 bytes

I ran the log on and the following ones look really suspicious.

O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) -			Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!

Start with fixing these two reboot and scan again.

O18 - Filter hijack: text/html - {d2f5051f-5e9d-47bf-86eb-2994b64a9027} - C:\WINDOWS\system32\msiebbar.dll Nasty (2.44 / 5.00)

Hello again and thanks for the assistance. I have uncovered something:

It turns out whatever malware I had modified my shwiconEM.exe file in my C:\Program Files\Digital Media Reader folder. This modified shwiconem produced a ctvxxx.exe or ctvxxxx.exe that would try to access the COM interface, which I set COMODO to block. It would try every couple of minutes by making a new ctv file in my C:\Documents and Settings\Owner\Local Settings\Temp folder.

I had to dissable schwiconem starup via msconfig, delete the file and reinstall my rediar reader application to have the REAL schwiconEM. Also, it modified my wltry.exe file, which I had to delete and reinstall (wireless adapter application). It also modified my RECGUARD.exe, which I don’t know how to delete and restore. (can anyone help me replace this file with another one just in case?)

Having deleted the infected schwiconem stopped the constant creation of ctv files and the constant attempt to access the COM interface. I was surprised that no malware application was able to find and fix the problem.

Congratulations with solving this your self.