Spyware Malware -- "Warning Media Codec Failed..."

Symptoms: "Warning codec failure...", a red circle with a white X now resides in the system tray that I cannot remove. It has also changed my screen resolution to 800x600 I'd say with about 16 colors.

Mcafee ServiceCenter is my main Anti-Virus. I have Spybot S&D and Malwarebytes' Anti Malware installed. Malwarebytes removed the wallpaper warning. The red circle remains, the screen resolution starts up normal for about 5 min before the screen converts to poor resolution and disruption occurs.

I have run combofix before I read deeper into the forums and learned to stop where I'm at and bring my problem to you for guidance. I have included the combofix notes below if it helps. (I had Mcafee firewall and anti virus disabled at that time.)

ALSO, I have downloaded and run - hijackthis - these notes are provided first. Then Combo after that.

Thank you for your help!

HIJACKTHIS NOTES:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:40, on 11/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\etSSBkgdupdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Documents and Settings\C21Agent\Local Settings\Temporary Internet Files\Content.IE5

\E1U0QILJ\winlogon[1].scr
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program

Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1

\mcafee\msk\mskapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - F:\Program

Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1

\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1

\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -

C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - F:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1

\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto

Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [etSSBkgdupdate] C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\etSSBkgdupdate.exe
O4 - HKLM\..\Run: [ett Shared\SSBkgdUpdate\etSSBkgdupdate] C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\etSSBkgdupdate.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-

Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\C21Agent\Application

Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"

-scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2020890953-1735307694-737598863-1007\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-2020890953-1735307694-737598863-1007\..\Run: [cdloader] "C:\Documents and

Settings\C21Agent\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?')
O4 - HKUS\S-1-5-21-2020890953-1735307694-737598863-1007\..\Run: [QuickenScheduledUpdates]

C:\Program Files\Quicken\bagent.exe (User '?')
O4 - HKUS\S-1-5-21-2020890953-1735307694-737598863-1007\..\Run: [ISUSPM] "C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')
O4 - HKUS\S-1-5-21-2020890953-1735307694-737598863-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32

\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

(User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

(User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program

Files\Linksys\WUSB600N\WUSB600N.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12

\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\Office12\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32

\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200

-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mfr.MLXchange.com
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) -

http://mfr.mlxchange.com/Control/FileCruiser.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -

http://forms.real.com/real/player/download.html?

f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -

http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) -

http://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -

http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -

http://mapguide.stpete.org/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

1247103034765
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) -

http://mfr.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) -

http://mfr.mlxchange.com/Control/LiteGrid.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) -

http://pro.mlxtempo.com/5.0.05.46/Control/IRCSharc.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) -

http://207.207.60.50/SiteRoots/main/Install/CentraDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) -

http://mfr.mlxchange.com/Control/AspCustomCtrls.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1

\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program

Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1

\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1

\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1

\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1

\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program

Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program

Files\McAfee\MSK\MskSrver.exe
O23 - Service: NeatWorks Database Controller (NeatWorksDatabaseController) - The Neat Company -

C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9

\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common

Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 15218 bytes

**************
COMBOFIX NOTES:
**************
ComboFix 09-11-01.04 - C21Agent 11/02/2009 8:29.1.1 - NTFSx86 MINIMAL
Running from: c:\documents and settings\C21Agent\Desktop\Commy.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-

DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( OtherDeletions )))))))))))))))))))))))))))))))))))
.

c:\program files\alexa toolbar
c:\program files\alexa toolbar\uninstall.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
F:\autorun.inf

.
(((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))
.

2009-11-02 13:19 . 2009-11-02 13:22 -------- d-----w- C:\Commy
2009-11-02 03:26 . 2009-11-02 03:26 -------- d-sh--w- c:\documents and

settings\Administrator\IETldCache
2009-11-01 22:43 . 2009-11-01 22:43 -------- d-----w- c:\documents and

settings\C21Agent\Application Data\Malwarebytes
2009-11-01 22:43 . 2009-11-01 22:43 -------- d-----w- c:\documents and

settings\All Users\Application Data\Malwarebytes
2009-11-01 22:03 . 2009-11-01 22:03 -------- d-----w- c:\program files\Enigma

Software Group
2009-11-01 21:22 . 2009-11-01 21:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-01 16:51 . 2009-11-01 16:51 -------- d-----w- c:\program files\MSECache
2009-10-30 21:59 . 2009-10-30 21:59 -------- d-----w- c:\documents and

settings\All Users\Application Data\HP Product Assistant
2009-10-30 21:54 . 2008-08-22 12:24 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-30 21:47 . 2009-10-30 21:47 -------- d-----w- c:\program files\Common

Files\HP
2009-10-30 21:47 . 2009-10-30 21:47 -------- d-----w- c:\program files\Hewlett

-Packard
2009-10-30 21:43 . 2009-10-30 22:01 188843 ----a-w- c:\windows\hpwins22.dat
2009-10-30 21:43 . 2008-10-25 09:40 2979 ------w- c:\windows\hpwmdl22.dat
2009-10-25 02:10 . 2009-10-25 02:10 -------- d-----w- c:\windows\system32

\LogFiles
2009-10-15 09:00 . 2009-10-15 09:00 -------- d-----w- c:\windows\system32

\config\systemprofile\Application Data\SACore
2009-10-09 17:51 . 2009-10-09 17:51 -------- d-----w- c:\documents and

settings\C21Agent\Application Data\HP
2009-10-09 13:09 . 2009-10-09 13:09 -------- d-----w- c:\documents and

settings\All Users\Application Data\WEBREG
2009-10-09 12:22 . 2009-10-15 00:26 -------- d-----w- c:\documents and

settings\LocalService\Application Data\SACore
2009-10-09 12:22 . 2009-11-02 12:44 -------- d-----w- c:\documents and

settings\C21Agent\Application Data\HPAppData
2009-10-09 07:50 . 2009-10-09 07:50 -------- d-sh--w- c:\windows\system32

\config\systemprofile\IETldCache
2009-10-09 03:43 . 2009-10-09 03:43 -------- d-----w- c:\documents and

settings\C21Agent\Local Settings\Application Data\HP
2009-10-09 03:37 . 2009-10-30 21:59 -------- d-----w- c:\documents and

settings\All Users\Application Data\HP
2009-10-09 03:36 . 2009-10-09 03:37 -------- d-----w- c:\windows\hpojp8500a909
2009-10-09 03:18 . 2007-07-09 18:13 16496 ----a-r- c:\windows\system32

\drivers\HPZipr12.sys
2009-10-09 03:18 . 2007-07-09 18:13 49920 ----a-r- c:\windows\system32

\drivers\HPZid412.sys
2009-10-09 03:17 . 2007-07-09 18:13 21568 ----a-r- c:\windows\system32

\drivers\HPZius12.sys
2009-10-09 02:54 . 2009-10-09 02:54 -------- d-----w- c:\documents and

settings\All Users\Application Data\SiteAdvisor
2009-10-09 02:50 . 2009-09-16 14:22 40552 ----a-w- c:\windows\system32

\drivers\mfesmfk.sys
2009-10-09 02:50 . 2009-09-16 14:22 35272 ----a-w- c:\windows\system32

\drivers\mfebopk.sys
2009-10-09 02:50 . 2009-09-16 14:22 79816 ----a-w- c:\windows\system32

\drivers\mfeavfk.sys
2009-10-09 02:50 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32

\drivers\Mpfp.sys
2009-10-09 02:49 . 2009-10-09 02:50 -------- d-----w- c:\program files\Common

Files\McAfee
2009-10-09 02:49 . 2009-10-09 02:49 -------- d-----w- c:\program

files\McAfee.com
2009-10-09 02:19 . 2009-09-16 14:22 34248 ----a-w- c:\windows\system32

\drivers\mferkdk.sys
2009-10-08 01:12 . 2008-08-12 14:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-10-08 01:07 . 2007-07-09 18:13 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-08 01:07 . 2007-07-09 18:13 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-08 01:07 . 2007-07-06 18:48 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-10-08 01:07 . 2008-10-06 19:11 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-10-08 01:07 . 2008-10-06 19:11 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-10-08 01:07 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32

\drivers\serscan.sys
2009-10-08 01:07 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32

\dllcache\serscan.sys
2009-10-08 00:40 . 2009-10-08 00:40 -------- d-----w- c:\program files\Common

Files\Hewlett-Packard
2009-10-08 00:33 . 2009-10-30 21:55 -------- d-----w- c:\program files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report

))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 04:04 . 2005-05-10 21:07 92608 ----a-w- c:\documents and

settings\C21Agent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 03:53 . 2009-07-03 17:18 -------- d-----w- c:\documents and

settings\All Users\Application Data\Microsoft Help
2009-11-02 03:51 . 2009-07-03 17:32 -------- d-----w- c:\program

files\Microsoft Works
2009-11-02 03:15 . 2007-06-29 20:30 -------- d---a-w- c:\documents and

settings\All Users\Application Data\TEMP
2009-11-02 02:06 . 2009-11-02 02:06 7396 ----a-w- c:\windows\system32

\drivers\pctcore.cat
2009-11-02 01:20 . 2009-06-22 12:48 -------- d-----w- c:\documents and

settings\C21Agent\Application Data\mjusbsp
2009-11-01 22:28 . 2008-08-22 18:48 -------- d-----w- c:\program files\Windows

Live Safety Center
2009-11-01 21:22 . 2005-04-22 10:59 -------- d-----w- c:\program files\Java
2009-11-01 16:13 . 2009-01-22 14:04 256 ----a-w- c:\windows\system32\pool.bin
2009-10-26 04:11 . 2005-05-10 21:17 -------- d-----w- c:\program files\McAfee
2009-10-25 20:01 . 2008-09-03 14:56 -------- d-----w- c:\documents and

settings\All Users\Application Data\VisualTour
2009-10-25 14:08 . 2009-07-09 02:31 -------- d-----w- c:\program files\RegCure
2009-10-20 13:46 . 2005-05-11 19:28 -------- d-----w- c:\program files\Common

Files\Adobe
2009-10-09 12:21 . 2008-09-03 11:59 -------- d-----w- c:\program files\VNC4
2009-10-09 05:50 . 2005-11-30 04:20 -------- d-----w- c:\documents and

settings\All Users\Application Data\McAfee
2009-10-09 01:40 . 2008-01-28 15:57 -------- d-----w- c:\documents and

settings\All Users\Application Data\CA
2009-10-08 00:03 . 2008-06-25 18:25 -------- d-----w- c:\program files\Canon
2009-10-08 00:01 . 2008-06-25 19:09 -------- d-----w- c:\documents and

settings\C21Agent\Application Data\Canon
2009-09-27 16:14 . 2006-05-11 21:08 -------- d--h--w- c:\program

files\InstallShield Installation Information
2009-09-27 16:14 . 2009-02-25 02:21 -------- d-----w- c:\program files\Linksys
2009-09-27 15:01 . 2009-09-27 15:01 86016 ----a-w- c:\windows\system32\netsh.exe
2009-09-26 22:17 . 2009-08-15 13:57 -------- d-----w- c:\documents and

settings\All Users\Application Data\DriverCure
2009-09-16 14:22 . 2009-07-08 17:44 214664 ----a-w- c:\windows\system32

\drivers\mfehidk.sys
2009-09-11 16:07 . 2006-05-11 21:08 -------- d-----w- c:\program

files\GeacInterealty
2009-09-11 16:07 . 2009-06-15 14:23 -------- d-----w- c:\program files\Quicken
2009-09-11 16:07 . 2009-06-12 03:07 -------- d-----w- c:\program files\Zoom
2009-09-11 16:07 . 2008-09-03 11:58 -------- d-----w- c:\program files\VTStudio
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 19:45 . 2009-08-27 19:45 60744 ----a-w- c:\documents and

settings\C21Agent\g2mdlhlpx.exe
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 10:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 10:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points

))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-14

68856]
"cdloader"="c:\documents and settings\C21Agent\Application Data\mjusbsp\cdloader2.exe" [2009-08-

01 50520]
"QuickenScheduledUpdates"="c:\program files\Quicken\bagent.exe" [2007-05-07 87592]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24

206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe"

[2006-09-28 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-

03 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto

Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[2009-04-11 236016]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"etSSBkgdupdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\etSSBkgdupdate.exe"

[2009-11-01 66560]
"ett Shared\SSBkgdUpdate\etSSBkgdupdate"="c:\program files\Common Files\Scansoft

Shared\SSBkgdUpdate\etSSBkgdupdate.exe" [2009-11-01 66560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe [2008-9-17 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16

214360]
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop

Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe

Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed

Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows

Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getca
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LELA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcalwj0et37
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcelwj0et37
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMshcclwj0et37
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\Li

st]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CentraOne\\bin\\launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\C21Agent\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program

files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program

files\NeatWorks\exec\NeatWorksDatabaseController.exe [2009-06-10 351384]
R3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys [x]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1

\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys

[2007-12-14 551680]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat

Company\Neat ADF Scanner 2008" /s /f
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-09 16:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-09 16:22]

2009-11-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-02 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-02 c:\windows\Tasks\WebReg Officejet Pro 8500 A909n Series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-16 23:22]
.
.
------- Supplementary Scan -------
.
uStart Page = gmail.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
Trusted Zone: MLXchange.com\mfr
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} -

hxxp://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://mfr.mlxchange.com/Control/MLXClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} -

hxxp://pro.mlxtempo.com/5.0.05.46/Control/IRCSharc.cab
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} -

hxxp://207.207.60.50/SiteRoots/main/Install/CentraDownloader.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-

Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 08:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-11-02 8:41
ComboFix-quarantined-files.txt 2009-11-02 13:40

Pre-Run: 21,821,952,000 bytes free
Post-Run: 21,880,664,064 bytes free

- - End Of File - - 919946A049E852BAA03286B0ACEFADF4

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Thank you! ESET has begun....

Ok. Post when ready.

Here is the log file...

C:\Program Files\EsetOnlineScanner\log.txt

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cafd0fcf12225d4fbea0ce0b42708652
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-02 10:23:53
# local_time=2009-11-02 05:23:53 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776533 100 96 102154 9204521 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80533
# found=2
# cleaned=2
# scan_time=4839
C:\Documents and Settings\C21Agent\Application Data\Sun\Java\Deployment\cache\6.0\10\6b4f5f4a-3953863c Java/TrojanDownloader.OpenStream.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\C21Agent\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-5fa7001a-17ae3996.class Java/TrojanDownloader.OpenStream.NAC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Good Morning. The MBAM log is provided below.

Symptom(s) remain unchanged.


Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 3

11/3/2009 7:19:41 AM
mbam-log-2009-11-03 (07-19-41).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 237000
Time elapsed: 1 hour(s), 38 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your Desktop.

DDS provided below. How do I Zip and attach "attach"?

Thank you.

DDS (Ver_09-10-26.01) - NTFSx86
Run by C21Agent at 11:15:17.71 on Tue 11/03/2009
Internet Explorer: 8.0.6001.18702
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============


===Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 5.1.2600 Service Pack 3

11/3/2009 7:19:41 AM
mbam-log-2009-11-03 (07-19-41).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 237000
Time elapsed: 1 hour(s), 38 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
=========== Pseudo HJT Report ===============

uStart Page = gmail.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - f:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - f:\program files\canon\easy-webprint\Toolband.dll
TB: Alexa: {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - c:\windows\system32\SHDOCVW.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\c21agent\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [etSSBkgdupdate] c:\program files\common files\scansoft shared\ssbkgdupdate\etSSBkgdupdate.exe
mRun: [ett Shared\SSBkgdUpdate\etSSBkgdupdate] c:\program files\common files\scansoft shared\ssbkgdupdate\etSSBkgdupdate.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
uPolicies-system: NoDispSettingsPage = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 1 (0x1)
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
Trusted Zone: MLXchange.com\mfr
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://mfr.mlxchange.com/Control/FileCruiser.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://mfr.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://mapguide.stpete.org/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247103034765
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://mfr.mlxchange.com/Control/MLXClientUtils.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://mfr.mlxchange.com/Control/LiteGrid.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://pro.mlxtempo.com/5.0.05.46/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - hxxp://207.207.60.50/SiteRoots/main/Install/CentraDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://mfr.mlxchange.com/Control/AspCustomCtrls.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
IFEO: taskmgr.exe - D6E7CE

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-11-02 20:58:44 0 d-----w- c:\program files\ESET
2009-11-02 17:13:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 17:13:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 17:13:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 13:27:43 0 d-----w- C:\Commy1304C
2009-11-02 13:21:43 0 d-sha-r- C:\cmdcons
2009-11-02 13:19:51 77312 ----a-w- c:\windows\MBR.exe
2009-11-02 13:19:51 236544 ----a-w- c:\windows\PEV.exe
2009-11-02 13:19:51 161792 ----a-w- c:\windows\SWREG.exe
2009-11-02 13:19:50 98816 ----a-w- c:\windows\sed.exe
2009-11-02 13:19:30 0 d-----w- C:\Commy
2009-11-02 02:06:07 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-01 22:43:47 0 d-----w- c:\docume~1\c21agent\applic~1\Malwarebytes
2009-11-01 22:43:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 22:03:31 0 d-----w- c:\program files\Enigma Software Group
2009-11-01 21:22:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-01 16:51:48 0 d-----w- c:\program files\MSECache
2009-10-30 21:54:09 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-30 21:47:11 0 d-----w- c:\program files\common files\HP
2009-10-30 21:43:10 188843 ----a-w- c:\windows\hpwins22.dat
2009-10-30 21:43:09 2979 ------w- c:\windows\hpwmdl22.dat
2009-10-25 02:10:52 0 d-----w- c:\windows\system32\LogFiles
2009-10-15 00:41:47 0 ----a-w- c:\windows\hpqEmlSz.INI
2009-10-09 13:09:39 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2009-10-09 03:36:59 0 d-----w- c:\windows\hpojp8500a909
2009-10-09 03:18:30 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-09 03:18:23 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-09 03:17:57 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-09 03:02:21 188678 ------w- c:\windows\hpwins22.dat.temp
2009-10-09 03:02:20 2979 ------w- c:\windows\hpwmdl22.dat.temp
2009-10-09 02:54:59 12551 ----a-w- c:\windows\system32\Config.MPF
2009-10-09 02:50:28 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-09 02:50:28 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-09 02:50:27 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-09 02:50:20 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-09 02:49:20 0 d-----w- c:\program files\common files\McAfee
2009-10-09 02:49:16 0 d-----w- c:\program files\McAfee.com
2009-10-09 02:19:45 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-08 01:12:43 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-10-08 01:07:26 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-08 01:07:26 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-08 01:07:26 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-10-08 01:07:25 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-10-08 01:07:25 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-10-08 01:07:19 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-10-08 01:07:19 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2009-10-08 00:40:02 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-08 00:33:16 0 d-----w- c:\program files\HP

==================== Find3M ====================

2009-09-27 15:01:45 86016 ----a-w- c:\windows\system32\netsh.exe
2009-09-27 15:01:45 86016 ----a-w- c:\windows\system32\dllcache\netsh.exe
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-27 19:45:14 60744 ----a-w- c:\documents and settings\c21agent\g2mdlhlpx.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-08-25 13:14:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 11:16:37.37 ===============

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Security checkup notes below....

Thank you for your help. Very much appreciated!



Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Windows Defender Signatures
HijackThis 2.0.2
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.7
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please let me know how your computer is running. Are you still receiving messages about the codec failure?

Hi,

I have uninstalled and installed Java and reader as directed.

Warning continues. Red circle with white X loads in system tray and provide bubble with warning msg. Then after a good 5 or so minutes the resolution on my monitor changes.

I'm remain poised and ready to execute your next direction.

Sincerely,

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Thank you DM Jay,

I was unable to get the last download to work. Began it soon after your last post and it stayed in getting system info mode for about an hour which seemed a bit long to me. Then I reloaded it and gave it all night in case it was a long scan. This morning, all was as I left it with no progress.

I have located a reliable service company through an IT person I know and I am going to take my system over to them.

Thank you for your willingness to help me! I am ending this thread with good feelings and a greater appreciation of what you folks do day in and day out.

Thank you again.

OK. Thanks for letting us know.

Your welcome. Have a great day.