Mystery Spyware

At 2-4 random times per hour, Windows Explorer starts iexplore.exe in hidden state (no window).
Here is a capture from a Sysinternals Process Monitor log:

21:56:02.5806187 Explorer.EXE 2492 Process Create C:\Program Files\Internet Explorer\iexplore.exe SUCCESS PID: 1320, Command line: "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://top-name.cn/in.cgi?5

In addition to this spyware, when I click on the results of any search engine in IE, I get randomly redirected to an ad site.
I need to click on the search result several times before reaching the site that's listed in the search result.
This browser hijack was noticed as the same time as the spyware problem.

DDS (Ver_09-11-24.02) - NTFSx86
Run by BobD at 17:16:54.00 on 11/26/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.501 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\ObjREXX\rxapi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Setup\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [UserInit] %windir%\System32\StartH.exe c:\bat\UserInit.bat
mRun: [RTHDCPL] ; RTHDCPL.EXE
mRun: [SkyTel] ; SkyTel.EXE
mRun: [Alcmtr] ; ALCMTR.EXE
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [AppleSyncNotifier] ; c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [IgfxTray] ; c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] ; c:\windows\system32\hkcmd.exe
mRun: [Persistence] ; c:\windows\system32\igfxpers.exe
mRun: [Monitor.exe] ; c:\program files\wireless-g internet home monitoring camera\Monitor.exe
mRun: [Recorder.exe] ; c:\program files\wireless-g internet home monitoring camera\Recorder.exe
mRun: [dla] ; c:\windows\system32\dla\tfswctrl.exe
mRun: [MSched] ; "c:\program files\mjt net ltd\macro scheduler\msched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE /NOSPLASH
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CloneCDElbyCDFL] "c:\program files\elaborate bytes\clonecd\ElbyCheck.exe" /L ElbyCDFL
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R0 Ramdisk;Ramdisk [ QSoft ];c:\windows\system32\drivers\RAMDisk.sys [2008-8-24 8192]
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R2 RXAPI;RXAPI;c:\objrexx\rxapi.exe [2009-1-11 61440]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-8-24 30720]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2008-12-9 35107]
S3 AutoLogon;Auto Logon Service;c:\program files\mjt net ltd\macro scheduler\autologonsvc.exe [2005-12-13 200344]
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [2007-7-20 11392]
S3 FILEMON;FILEMON;\??\c:\windows\system32\drivers\filem.sys --> c:\windows\system32\drivers\FILEM.SYS [?]
S3 mschedsvc;Macro Scheduler Service;c:\program files\mjt net ltd\macro scheduler\msschedsvc.exe [2005-12-13 186008]

=============== Created Last 30 ================

2009-11-21 18:34:33 0 d-----w- c:\docume~1\bobd\applic~1\MSNInstaller
2009-11-21 01:27:48 48922803 ----a-w- c:\windows\system32\GMKMQKHECE
2009-11-04 03:11:44 0 ----a-w- c:\windows\MEMORY.DMP
2009-10-31 15:12:07 81 ----a-w- C:\CTX.DAT
2009-10-31 15:11:57 0 d-----w- c:\documents and settings\bobd\Citrix

==================== Find3M ====================


============= FINISH: 17:17:25.53 ===============

Edited by Orange Blossom, 26 November 2009 - 07:20 PM.
Deactivate link. ~ OB