Browser has been hijacked

[westripp]

I went ahead and deleted and reinstalled combo fix and windows recovery console. I innitially tried to install recovery console from my Windows disk, but since there have been multiple upgrades from the orig. SP2 disks, it told me that my loaded version was newer and I should cancel. I ended up having Combofix install Windows recovery console for me from the net. While I am not getting that infection alert in the combofix log file now, all the other issues recently mentioned, (Mcafee, IE brower for Yahoo mail, etc) have not changed. The new Combofix log file is listed below. Please tell me what can be done to address the current issues. Thanks.

Combofix log file:

ComboFix 08-12-14.01 - Wes Tripp 2008-12-14 12:59:44.4 - NTFSx86
Running from: c:\documents and settings\Wes Tripp.DADS-PC\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-12 18:22 . 2008-12-12 18:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-12 18:22 . 2008-12-12 18:22 <DIR> d-------- c:\documents and settings\Wes Tripp.DADS-PC\Application Data\Malwarebytes
2008-12-12 18:22 . 2008-12-12 18:22 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-12 18:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 18:22 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-12 17:16 . 2008-12-12 17:16 281 --a------ c:\windows\wininit.ini
2008-12-09 17:24 . 2008-12-12 19:45 461 --a------ c:\windows\system32\win32hlp.cnf
2008-12-07 13:35 . 2008-12-07 13:35 <DIR> d-------- c:\program files\Trend Micro
2008-12-07 11:52 . 2008-12-12 16:49 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-06 16:31 . 2008-12-12 17:26 <DIR> d-------- C:\Spybot - Search & Destroy
2008-12-06 16:29 . 2008-12-06 16:29 15,083,520 --a------ C:\spybotsd160.exe
2008-12-06 12:30 . 2008-12-06 12:31 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 18:49 . 2008-12-05 20:03 7 --a------ c:\windows\system32\answxt.bin
2008-12-04 17:58 . 2008-12-04 17:58 0 --a------ c:\windows\nsreg.dat
2008-11-24 19:12 . 2008-12-11 16:30 457 --a-s---- c:\windows\system32\407044704.dat
2008-11-23 18:26 . 2008-11-23 18:26 <DIR> dr-h----- c:\documents and settings\Admin\Application Data\yahoo!
2008-11-23 18:24 . 2008-11-23 18:24 <DIR> d-------- c:\documents and settings\Admin\Application Data\McAfee
2008-11-23 18:23 . 2008-11-23 18:23 <DIR> d-------- c:\documents and settings\Admin
2008-11-23 18:23 . 2008-12-09 17:18 1,324 --a------ c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 16:25 --------- d-----w c:\program files\HP
2008-12-06 16:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 16:17 --------- d-----w c:\program files\Google
2008-12-06 16:10 --------- d-----w c:\program files\eMusic Download Manager
2008-12-06 16:07 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software
2008-12-04 23:23 --------- d-----w c:\documents and settings\Wes Tripp.DADS-PC\Application Data\McAfee
2008-11-14 23:16 --------- d-----w c:\program files\Windows Desktop Search
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 21:11 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 01:39 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-07-13 22:59 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062320080630\index.dat
2008-07-13 22:59 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071320080714\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\spybot - search & destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NSLU2 Flash Map Utility"="c:\program files\NSLU2 Flash Map Utility\StorageLink.exe" [2004-04-30 245760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-03 106496]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 684032]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]
"VTPreset"="VTPreset.exe" [2004-02-24 c:\windows\system32\VTPreset.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" /background
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"McAfee Backup"=c:\program files\McAfee\MBK\McAfeeDataBackup.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - d:\autorun.exe autocad\R15.0\ACAD-1:409\MSI
\Shell\verb\command - winhlp32.exe readme.hlp
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

O16 -: DirectAnimation Java Classes

O16 -: Microsoft XML Parser for Java

c:\windows\Downloaded Program Files\WBEtoolsAX.dll - O16 -: Web-Based Email Tools
hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Wes Tripp.DADS-PC\Application Data\Mozilla\Firefox\Profiles\fnf8fpj7.default\
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 13:01:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-14 13:03:06
ComboFix-quarantined-files.txt 2008-12-14 18:02:45
ComboFix2.txt 2008-12-13 23:34:41

Pre-Run: 106,028,593,152 bytes free
Post-Run: 106,034,544,640 bytes free

145 --- E O F --- 2008-12-14 13:29:24

[westripp]

I went ahead and deleted and reinstalled combo fix and windows recovery console. I innitially tried to install recovery console from my Windows disk, but since there have been multiple upgrades from the orig. SP2 disks, it told me that my loaded version was newer and I should cancel. I ended up having Combofix install Windows recovery console for me from the net. While I am not getting that infection alert in the combofix log file now, all the other issues recently mentioned, (Mcafee, IE brower for Yahoo mail, etc) have not changed. The new Combofix log file is listed below. Please tell me what can be done to address the current issues. Thanks.

Combofix log file:

ComboFix 08-12-14.01 - Wes Tripp 2008-12-14 12:59:44.4 - NTFSx86
Running from: c:\documents and settings\Wes Tripp.DADS-PC\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-12 18:22 . 2008-12-12 18:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-12 18:22 . 2008-12-12 18:22 <DIR> d-------- c:\documents and settings\Wes Tripp.DADS-PC\Application Data\Malwarebytes
2008-12-12 18:22 . 2008-12-12 18:22 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-12 18:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 18:22 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-12 17:16 . 2008-12-12 17:16 281 --a------ c:\windows\wininit.ini
2008-12-09 17:24 . 2008-12-12 19:45 461 --a------ c:\windows\system32\win32hlp.cnf
2008-12-07 13:35 . 2008-12-07 13:35 <DIR> d-------- c:\program files\Trend Micro
2008-12-07 11:52 . 2008-12-12 16:49 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-12-06 16:31 . 2008-12-12 17:26 <DIR> d-------- C:\Spybot - Search & Destroy
2008-12-06 16:29 . 2008-12-06 16:29 15,083,520 --a------ C:\spybotsd160.exe
2008-12-06 12:30 . 2008-12-06 12:31 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-05 18:49 . 2008-12-05 20:03 7 --a------ c:\windows\system32\answxt.bin
2008-12-04 17:58 . 2008-12-04 17:58 0 --a------ c:\windows\nsreg.dat
2008-11-24 19:12 . 2008-12-11 16:30 457 --a-s---- c:\windows\system32\407044704.dat
2008-11-23 18:26 . 2008-11-23 18:26 <DIR> dr-h----- c:\documents and settings\Admin\Application Data\yahoo!
2008-11-23 18:24 . 2008-11-23 18:24 <DIR> d-------- c:\documents and settings\Admin\Application Data\McAfee
2008-11-23 18:23 . 2008-11-23 18:23 <DIR> d-------- c:\documents and settings\Admin
2008-11-23 18:23 . 2008-12-09 17:18 1,324 --a------ c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 16:25 --------- d-----w c:\program files\HP
2008-12-06 16:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 16:17 --------- d-----w c:\program files\Google
2008-12-06 16:10 --------- d-----w c:\program files\eMusic Download Manager
2008-12-06 16:07 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\BVRP Software
2008-12-04 23:23 --------- d-----w c:\documents and settings\Wes Tripp.DADS-PC\Application Data\McAfee
2008-11-14 23:16 --------- d-----w c:\program files\Windows Desktop Search
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-21 21:11 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 01:39 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-07-13 22:59 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062320080630\index.dat
2008-07-13 22:59 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071320080714\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"SpybotSD TeaTimer"="c:\spybot - search & destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NSLU2 Flash Map Utility"="c:\program files\NSLU2 Flash Map Utility\StorageLink.exe" [2004-04-30 245760]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-03 106496]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-08-01 684032]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]
"VTPreset"="VTPreset.exe" [2004-02-24 c:\windows\system32\VTPreset.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" /background
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"McAfee Backup"=c:\program files\McAfee\MBK\McAfeeDataBackup.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - d:\autorun.exe autocad\R15.0\ACAD-1:409\MSI
\Shell\verb\command - winhlp32.exe readme.hlp
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

O16 -: DirectAnimation Java Classes

O16 -: Microsoft XML Parser for Java

c:\windows\Downloaded Program Files\WBEtoolsAX.dll - O16 -: Web-Based Email Tools
hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Wes Tripp.DADS-PC\Application Data\Mozilla\Firefox\Profiles\fnf8fpj7.default\
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 13:01:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-14 13:03:06
ComboFix-quarantined-files.txt 2008-12-14 18:02:45
ComboFix2.txt 2008-12-13 23:34:41

Pre-Run: 106,028,593,152 bytes free
Post-Run: 106,034,544,640 bytes free

145 --- E O F --- 2008-12-14 13:29:24

[shelf life]

malware can reset security settings and mess with AV. for now try a reboot and see if the mcafee problem is any better.

[westripp]

I am still having issues, only worse. Mcafee tech support advised me that it could be Java. I reloaded Java.... no fix. They then analyzed PC and said it could be conflict between mcafee and malwarebytes and spybot. I unloaded malwarebytes and spybot, along with Mcafee, as they directed, and now I can't reach mcafee site to reload and mail screen in IE still messed up. Seems like my problem went from bad to better to worse. Don't know what do to now.

[shelf life]

hi,



your java was outdated, you should also remove older versions of java that might be listed in add/remove programs panel.

MBAM, Spybot conflict with Mcafee? never heard of anything like that before.

have you been able to get to the Mcafee site? do you have a paid subscription with them? I can give links to 3 or 4 free antivirus apps that can replace Mcafee.

[westripp]

Hi,

even before your post, I removed and updated JAVA to newest version 6.0 (11). still had same issue... To be specific, I could reach the Mcafee download site, but the installer window would go blank when opened, making vitually useless. I went back to Mcafee and they then told me my version of JAVA was too NEW! and not supported by Mcafee. They sent me a link for MS download site for Microsoft windows script version 5.7. It didn't say it was JAVA, but I guessed it must be the MS version of it. So I tried to download it, but becuase I had SP3, it would not download. So I removed SP3 and then downloaded 5.7, but the problem stayed the same. Now I try to go back to the Mcafee on line chat, and now I cant open the on line chat window! I went to the Java site, and did the JAVA check, and it did not recognize that I had JAVA on the PC!. I then went and reinstalled the newest JAVA, and still have the same issues downloading Mcafee and how my IE explorer displays my Yahoo mail screen. I am sure these are just symptoms of a bigger issue, but these are just the places I see the problem at this time.

So here I am, no Virus protection, Can't download Mcafee, Yahoo mail looks like crap on IE (Firefox is OK) and I don't have SP3 anymore! And on top of all this, my wireless connection keeps tripping offline!

I think at this point, since my Offline activity (ms word and other apps) don't seem effected, I am going to back up my files to a another drive and take the next week reformating my drive and reloading all my software. While the problems seem minor and workable, they don't get any better and seem to constantly develop new issues. Before too long, my offline files might not be accessible. Something has got to give.....

Wes.

[shelf life]

hi westripp,


well i guess some good news is that you dont have malware and you backup files. I think most people do not do backups.
Sometimes a re-format is the easiest and quickest thing to do. I actually reformat Windows at least once a year. everything i want to keep can fit on a 2gb usb drive. dont forget to get all the windows updates, now that may take some time! good luck and happy safe surfing.