As you are running Vista I must ask you to right click all programmes I ask you to use and select run as administrator

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

F3 - REG:win.ini: load=C:\Windows\system32\opnli.exe
O4 - HKLM..\Run: [MSServer] rundll32.exe C:\Windows\system32\geecc.dll,#1
O4 - HKCU..\Run: [Host Process] C:\Users\Dale\svchost.exe

[/b]Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

Combofix can take up to 2 minutes to start on Vista

ComboFix 08-01-07.5 - Dale 2008-01-08 12:26:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1276 [GMT -8:00]
Running from: C:\Users\Dale\Downloads\ComboFix.exe

• Created a new restore point
  .

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\hggdcab.dll
C:\Windows\System32\ilnpo.ini
C:\Windows\System32\ilnpo.ini2
C:\Windows\system32\lssexp.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 12:32 . 2007-12-28 09:26 38,912 --a------ C:\Windows\System32\awvtt.dll
2008-01-08 12:24 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-08 11:59 . 2008-01-08 11:59 d-------- C:\Users\Dale\AppData\Roaming\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58 d-------- C:\Users\All Users\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58 d-------- C:\ProgramData\Grisoft
2008-01-08 11:58 . 2007-05-30 04:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 10:08 . 2008-01-08 09:41 54,832 --a------ C:\Windows\System32\AOLParconLink.exe
2008-01-08 10:06 . 2008-01-08 10:09 d-------- C:\Program Files\Common Files\aolshare
2008-01-08 10:06 . 2008-01-08 10:11 d-------- C:\Program Files\AOL 9.0
2008-01-08 09:58 . 2008-01-08 09:58 344,576 --a------ C:\Windows\System32\opnli.dll
2008-01-08 09:55 . 2008-01-08 09:55 4 --a------ C:\Windows\msoffice.ini
2008-01-08 09:10 . 2008-01-08 09:10 d-------- C:\Program Files\Trend Micro
2008-01-08 08:33 . 2008-01-08 12:30 4,112 --a------ C:\Windows\System32\Config.MPF
2008-01-08 08:32 . 2008-01-08 08:32 d-------- C:\mcafee_mcpr
2008-01-08 08:32 . 2007-03-02 14:17 120,360 --a------ C:\Windows\System32\drivers\Mpfp.sys
2008-01-08 08:31 . 2008-01-08 08:32 d-------- C:\Program Files\McAfee.com
2008-01-08 08:31 . 2008-01-08 09:59 d-------- C:\Program Files\McAfee
2008-01-08 08:31 . 2008-01-08 08:32 d-------- C:\Program Files\Common Files\McAfee
2008-01-08 08:26 . 2008-01-08 08:33 d-------- C:\Users\All Users\McAfee
2008-01-08 08:26 . 2008-01-08 08:33 d-------- C:\ProgramData\McAfee
2008-01-04 07:46 . 2008-01-04 07:46 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-03 09:35 . 2008-01-03 09:35 d-------- C:\Users\All Users\Office Genuine Advantage
2008-01-03 09:35 . 2008-01-03 09:35 d-------- C:\ProgramData\Office Genuine Advantage
2008-01-03 08:56 . 2008-01-04 07:51 376 --a------ C:\Windows\ODBC.INI
2008-01-03 08:52 . 2008-01-04 07:46 d-------- C:\Windows\ShellNew
2008-01-02 09:34 . 2008-01-02 09:34 77 --a------ C:\Windows\System32\7631.bat
2008-01-02 09:33 . 2008-01-08 07:55 106,496 --a------ C:\Windows\System32\hkcmd .exe
2008-01-02 09:33 . 2008-01-08 07:55 98,304 --a------ C:\Windows\System32\igfxtray .exe
2008-01-02 09:33 . 2008-01-08 07:55 81,920 --a------ C:\Windows\System32\igfxpers .exe
2007-12-28 09:29 . 2007-12-28 09:29 d-------- C:\Users\Public\CyberLink
2007-12-28 09:21 . 2007-12-28 09:21 d-------- C:\Users\Dale\AppData\Roaming\CyberLink
2007-12-28 08:16 . 2007-12-28 08:16 77 --a------ C:\Windows\System32\7952.bat
2007-12-27 08:38 . 2007-12-27 08:38 77 --a------ C:\Windows\System32\9510.bat
2007-12-26 12:27 . 2007-12-26 12:27 d-------- C:\Users\All Users\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27 d-------- C:\ProgramData\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27 d-------- C:\Program Files\Diskeeper Corporation
2007-12-26 12:17 . 2007-12-26 12:18 d-------- C:\Users\Dale\Diskeeper
2007-12-26 08:11 . 2007-12-26 08:11 77 --a------ C:\Windows\System32\3730.bat
2007-12-24 08:22 . 2007-12-24 08:22 d-------- C:\Program Files\Coupons
2007-12-24 07:15 . 2007-12-24 07:15 77 --a------ C:\Windows\System32\8915.bat
2007-12-23 08:48 . 2008-01-08 09:38 54,634 --a------ C:\VETlog.dmp
2007-12-23 08:16 . 2007-12-23 08:16 77 --a------ C:\Windows\System32\5003.bat
2007-12-22 15:35 . 2007-12-22 15:35 77 --a------ C:\Windows\System32\2106.bat
2007-12-22 08:24 . 2007-12-22 08:24 77 --a------ C:\Windows\System32\2029.bat
2007-12-21 07:51 . 2007-12-21 07:51 d-------- C:\Program Files\Empire Interactive
2007-12-21 07:42 . 2007-12-21 07:42 77 --a------ C:\Windows\System32\8933.bat
2007-12-20 09:03 . 2007-12-20 09:03 254 --a------ C:\Windows\dellstat.ini
2007-12-20 07:52 . 2007-12-20 07:52 77 --a------ C:\Windows\System32\5032.bat
2007-12-19 11:14 . 2007-12-19 11:14 3,120 --a------ C:\Windows\553VKVT8.ocx
2007-12-19 08:24 . 2007-12-19 08:24 77 --a------ C:\Windows\System32\6879.bat
2007-12-18 07:41 . 2007-12-18 07:41 77 --a------ C:\Windows\System32\1771.bat
2007-12-17 07:22 . 2007-12-17 07:22 77 --a------ C:\Windows\System32\1228.bat
2007-12-16 09:31 . 2007-12-16 09:31 77 --a------ C:\Windows\System32\1546.bat
2007-12-15 21:45 . 2007-12-15 21:45 77 --a------ C:\Windows\System32\8210.bat
2007-12-15 13:36 . 2007-12-15 13:36 77 --a------ C:\Windows\System32\4661.bat
2007-12-14 08:11 . 2007-12-14 08:11 d-------- C:\Program Files\MSXML 4.0
2007-12-14 08:01 . 2007-12-14 08:01 77 --a------ C:\Windows\System32\8019.bat
2007-12-13 07:35 . 2007-12-13 07:35 77 --a------ C:\Windows\System32\7012.bat
2007-12-12 13:23 . 2007-12-12 13:23 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 13:23 . 2007-12-12 13:23 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-12 13:23 . 2007-12-12 13:23 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-12 13:23 . 2007-12-12 13:23 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-12 13:19 . 2007-12-12 13:19 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 13:19 . 2007-12-12 13:19 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 13:19 . 2007-12-12 13:19 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-12 13:11 . 2007-12-12 13:11 d-------- C:\Users\Dale\AppData\Roaming\InterVideo
2007-12-12 13:10 . 2007-12-12 13:10 77 --a------ C:\Windows\System32\2809.bat
2007-12-12 12:55 . 2007-12-12 12:56 d-------- C:\Program Files\QuickTime
2007-12-12 12:55 . 2007-12-12 12:55 d-------- C:\Program Files\Apple Software Update
2007-12-12 12:42 . 2007-12-12 12:55 d-------- C:\Users\All Users\Apple Computer
2007-12-12 12:42 . 2007-12-12 12:55 d-------- C:\ProgramData\Apple Computer
2007-12-12 12:41 . 2007-12-12 12:41 d-------- C:\Program Files\InterVideo Information Service
2007-12-12 12:41 . 2007-12-12 12:41 d-------- C:\Program Files\Common Files\Ulead
2007-12-12 12:41 . 2006-05-11 18:41 654 --------- C:\Windows\remove.iss
2007-12-12 12:38 . 2007-12-12 12:39 d-------- C:\Program Files\InterVideo
2007-12-12 12:32 . 2007-12-12 12:33 d–h----- C:\Windows\msdownld.tmp
2007-12-12 12:02 . 2007-12-12 12:16 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-12 11:58 . 2007-12-12 11:58 d-------- C:\Users\Dale\AppData\Roaming\vlc
2007-12-12 11:56 . 2007-12-12 11:56 d-------- C:\Program Files\VideoLAN
2007-12-12 07:59 . 2007-12-12 07:59 77 --a------ C:\Windows\System32\8417.bat
2007-12-11 12:55 . 2007-12-11 12:55 d-------- C:\Program Files\Easy File Sharing Web Server
2007-12-11 11:44 . 2007-12-11 11:44 d-------- C:\Users\Dale\AppData\Roaming.wyzo
2007-12-11 10:54 . 2007-12-11 10:54 3,120 --a------ C:\Windows\System32\PMVCIH2J.ocx
2007-12-11 10:52 . 2007-12-19 11:16 d-------- C:\Program Files\123CopyDVD 2008
2007-12-11 10:16 . 2007-12-11 10:16 3,120 --a------ C:\Windows\System32\FGD2FH5B.ocx
2007-12-11 10:16 . 2007-12-11 10:16 3,120 --a------ C:\Windows\DF8MLHS2.ocx
2007-12-11 10:14 . 2007-12-19 11:14 d-------- C:\Program Files\AviSynth 2.5
2007-12-11 08:27 . 2007-12-11 08:27 77 --a------ C:\Windows\System32\5763.bat
2007-12-10 08:57 . 2007-12-10 08:57 77 --a------ C:\Windows\System32\9422.bat

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:15 --------- d-----w C:\Program Files\Common Files\aol
2008-01-08 18:10 --------- d-----w C:\Users\Dale\AppData\Roaming\AOL
2008-01-08 18:10 --------- d-----w C:\ProgramData\AOL
2008-01-08 18:09 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-01-08 17:45 --------- d-----w C:\ProgramData\AOL Downloads
2008-01-08 16:31 98,304 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-08 16:31 81,920 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-08 16:31 106,496 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-07 18:22 --------- d—a-w C:\ProgramData\TEMP
2008-01-07 18:22 --------- d-----w C:\Program Files\Chainz 2 Relinked
2008-01-02 17:39 147,456 ----a-w C:\Users\Dale\vbzip10.dll
2008-01-02 17:39 --------- d-----w C:\Users\Dale\AppData\Roaming\LimeWire
2008-01-02 17:34 36,864 ----a-w C:\Users\Dale\services.exe
2007-12-28 17:20 --------- d-----w C:\ProgramData\CyberLink
2007-12-28 17:19 --------- d–h–w C:\Program Files\InstallShield Installation Information
2007-12-28 17:18 --------- d-----w C:\Program Files\CyberLink
2007-12-28 17:14 --------- d-----w C:\Program Files\LimeWire
2007-12-23 05:13 --------- d-----w C:\ProgramData\Viewpoint
2007-12-13 00:53 --------- d-----w C:\Program Files\Windows Mail
2007-12-12 21:24 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-12 21:24 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-12 21:24 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-12 21:24 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-12 21:24 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-12 21:24 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-12 21:24 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-12 21:24 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-12 21:24 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-12 21:24 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-12 21:24 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-12 21:24 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-12 21:24 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-12 21:24 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-12 21:24 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-12 21:21 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 21:21 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 21:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 21:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 21:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 21:21 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 21:21 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 20:17 --------- d-----w C:\Program Files\DivX
2007-12-11 19:44 --------- d-----w C:\Users\Dale\AppData\Roaming.wyzo
2007-12-08 00:36 --------- d-----w C:\ProgramData\JollyBear
2007-12-08 00:36 --------- d-----w C:\Program Files\DishGAMES
2007-12-06 22:42 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-06 22:42 --------- d-----w C:\Program Files\AVSMedia
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-30 00:50 4,096 ----a-w C:\Windows\System32\sysres.dll
2007-11-30 00:50 38,567 ----a-w C:\Windows\System32\pcpbios.exe
2007-11-29 22:30 43,528 ------w C:\Windows\system32\drivers\pxhelp20.sys
2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-20 23:21 --------- d-----w C:\Program Files\Nova Development
2007-11-20 23:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-20 22:18 --------- d-----w C:\Program Files\Street Challenge LLC
2007-11-20 16:57 --------- d-----w C:\Users\Dale\AppData\Roaming\Sonic
2007-11-20 16:56 --------- d-----w C:\Users\Dale\AppData\Roaming\Leadertech
2007-11-20 16:50 --------- d-----w C:\ProgramData\InstallShield
2007-11-20 16:48 --------- d-----w C:\ProgramData\Sonic
2007-11-20 16:47 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-11-20 16:47 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-20 16:44 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-20 16:40 --------- d-----w C:\Program Files\Roxio
2007-11-19 18:44 --------- d-----w C:\Program Files\Invoice by Click
2007-11-19 18:43 73,216 ----a-w C:\Windows\ST6UNST.EXE
2007-11-19 18:43 299,008 ------w C:\Windows\Setup1.exe
2007-11-16 17:48 --------- d-----w C:\Program Files\bfgclient
2007-11-16 17:01 --------- d-----w C:\Program Files\MSECache
2007-11-13 21:32 174 --sha-w C:\Program Files\desktop.ini
2007-11-13 21:29 --------- d-----w C:\Program Files\Windows Defender
2007-11-13 21:29 --------- d-----w C:\Program Files\Windows Calendar
2007-11-13 16:47 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-13 16:46 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-13 16:46 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-13 16:46 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-13 16:46 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-13 16:46 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-13 16:46 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-13 16:46 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-13 16:46 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-13 16:46 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-13 16:46 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-13 16:46 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-13 16:46 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-13 16:46 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-13 16:46 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-13 16:46 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-13 16:46 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-13 16:46 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-13 16:46 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-13 16:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-13 16:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-13 16:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-13 16:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-13 16:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-11-13 16:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
.

<pre>
----a-w            71,216 2008-01-08 15:55:58  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w            52,256 2008-01-08 17:58:58  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w           761,947 2008-01-08 15:55:57  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w           106,496 2008-01-08 15:55:57  C:\Windows\System32\hkcmd .exe
----a-w            81,920 2008-01-08 15:55:57  C:\Windows\System32\igfxpers .exe
----a-w            98,304 2008-01-08 15:55:57  C:\Windows\System32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 04:34 201728]
“AOL Fast Start”=“C:\Program Files\AOL 9.0\AOL.exe” [2007-04-17 22:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSServer”=“C:\Windows\system32\awvtt.dll” [2007-12-28 09:26 38912]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-11-13 08:46 1006264]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 05:00 79224]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2008-01-08 08:31 761948]
“IgfxTray”=“C:\Windows\system32\igfxtray.exe” [2008-01-08 08:31 98304]
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe” [2008-01-08 08:31 106496]
“Persistence”=“C:\Windows\system32\igfxpers.exe” [2008-01-08 08:31 81920]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2008-01-08 08:31 71216]
“HostManager”=“C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe” [2006-09-25 16:52 50736]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 01:25 6731312]

C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-11-13 08:46:57]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{3B556978-10EB-4F71-A61E-A736354D1269}”= C:\Windows\system32\awvtt.dll [2007-12-28 09:26 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
–a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\Users\Dale\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
–a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
–a------ 2006-03-20 17:34 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
–a------ 2006-03-20 17:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
–a------ 2007-06-08 06:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c8dcedce-8fe4-11dc-bc4f-00038a000015}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

Newly Created Service - AVGASCLN
.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-03 17:08:05 C:\Windows\Tasks\AppleSoftwareUpdate.job”

• C:\Program Files\Apple Software Update\SoftwareUpdate.exe
  “2008-01-08 17:58:49 C:\Windows\Tasks\McDefragTask.job”
• c:\PROGRA~1\mcafee\mqc\QcConsol.exe’
  “2008-01-08 17:58:49 C:\Windows\Tasks\McQcTask.job”
• c:\PROGRA~1\mcafee\mqc\QcConsol.exe
  .

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 12:32:24
Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]
→ C:\Windows\system32\awvtt.dll

PROCESS: C:\Windows\Explorer.EXE [6.00.6000.16549]
→ C:\Windows\system32\awvtt.dll
.
Completion time: 2008-01-08 12:37:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 20:37:20
.
2008-01-07 22:31:35 — E O F —

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:29 PM, on 1/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\aol\1199815578\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL 9.0\waol.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partsplusportal.com/login-pp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [MSServer] rundll32.exe C:\Windows\system32\awvtt.dll,#1
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU..\Run: [AOL Fast Start] “C:\Program Files\AOL 9.0\AOL.EXE” -b
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

–
End of file - 6289 bytes

1. Please open Notepad
   [*] Click Start , then Run[*]Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
   [*]Combofix.txt [*]A new HijackThis log.

ComboFix 08-01-07.5 - Dale 2008-01-08 13:23:38.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1325 [GMT -8:00]
Running from: C:\Users\Dale\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 12:24 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-08 11:59 . 2008-01-08 11:59 d-------- C:\Users\Dale\AppData\Roaming\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58 d-------- C:\Users\All Users\Grisoft
2008-01-08 11:58 . 2008-01-08 11:58 d-------- C:\ProgramData\Grisoft
2008-01-08 11:58 . 2007-05-30 04:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-01-08 10:08 . 2008-01-08 09:41 54,832 --a------ C:\Windows\System32\AOLParconLink.exe
2008-01-08 10:06 . 2008-01-08 10:09 d-------- C:\Program Files\Common Files\aolshare
2008-01-08 10:06 . 2008-01-08 12:32 d-------- C:\Program Files\AOL 9.0
2008-01-08 09:55 . 2008-01-08 09:55 4 --a------ C:\Windows\msoffice.ini
2008-01-08 09:10 . 2008-01-08 09:10 d-------- C:\Program Files\Trend Micro
2008-01-08 08:33 . 2008-01-08 13:25 4,712 --a------ C:\Windows\System32\Config.MPF
2008-01-08 08:32 . 2008-01-08 08:32 d-------- C:\mcafee_mcpr
2008-01-08 08:32 . 2007-03-02 14:17 120,360 --a------ C:\Windows\System32\drivers\Mpfp.sys
2008-01-08 08:31 . 2008-01-08 08:32 d-------- C:\Program Files\McAfee.com
2008-01-08 08:31 . 2008-01-08 09:59 d-------- C:\Program Files\McAfee
2008-01-08 08:31 . 2008-01-08 08:32 d-------- C:\Program Files\Common Files\McAfee
2008-01-08 08:26 . 2008-01-08 08:33 d-------- C:\Users\All Users\McAfee
2008-01-08 08:26 . 2008-01-08 08:33 d-------- C:\ProgramData\McAfee
2008-01-04 07:46 . 2008-01-04 07:46 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-03 09:35 . 2008-01-03 09:35 d-------- C:\Users\All Users\Office Genuine Advantage
2008-01-03 09:35 . 2008-01-03 09:35 d-------- C:\ProgramData\Office Genuine Advantage
2008-01-03 08:56 . 2008-01-04 07:51 376 --a------ C:\Windows\ODBC.INI
2008-01-03 08:52 . 2008-01-04 07:46 d-------- C:\Windows\ShellNew
2008-01-02 09:33 . 2008-01-08 07:55 106,496 --a------ C:\Windows\System32\hkcmd.exe
2008-01-02 09:33 . 2008-01-08 07:55 98,304 --a------ C:\Windows\System32\igfxtray.exe
2008-01-02 09:33 . 2008-01-08 07:55 81,920 --a------ C:\Windows\System32\igfxpers.exe
2007-12-28 09:29 . 2007-12-28 09:29 d-------- C:\Users\Public\CyberLink
2007-12-28 09:21 . 2007-12-28 09:21 d-------- C:\Users\Dale\AppData\Roaming\CyberLink
2007-12-26 12:27 . 2007-12-26 12:27 d-------- C:\Users\All Users\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27 d-------- C:\ProgramData\Diskeeper Corporation
2007-12-26 12:27 . 2007-12-26 12:27 d-------- C:\Program Files\Diskeeper Corporation
2007-12-26 12:17 . 2007-12-26 12:18 d-------- C:\Users\Dale\Diskeeper
2007-12-24 08:22 . 2007-12-24 08:22 d-------- C:\Program Files\Coupons
2007-12-23 08:48 . 2008-01-08 13:17 50,912 --a------ C:\VETlog.dmp
2007-12-21 07:51 . 2007-12-21 07:51 d-------- C:\Program Files\Empire Interactive
2007-12-20 09:03 . 2007-12-20 09:03 254 --a------ C:\Windows\dellstat.ini
2007-12-14 08:11 . 2007-12-14 08:11 d-------- C:\Program Files\MSXML 4.0
2007-12-12 13:23 . 2007-12-12 13:23 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-12 13:23 . 2007-12-12 13:23 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-12 13:23 . 2007-12-12 13:23 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-12 13:23 . 2007-12-12 13:23 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-12 13:19 . 2007-12-12 13:19 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-12 13:19 . 2007-12-12 13:19 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-12 13:19 . 2007-12-12 13:19 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-12 13:11 . 2007-12-12 13:11 d-------- C:\Users\Dale\AppData\Roaming\InterVideo
2007-12-12 12:55 . 2007-12-12 12:56 d-------- C:\Program Files\QuickTime
2007-12-12 12:55 . 2007-12-12 12:55 d-------- C:\Program Files\Apple Software Update
2007-12-12 12:42 . 2007-12-12 12:55 d-------- C:\Users\All Users\Apple Computer
2007-12-12 12:42 . 2007-12-12 12:55 d-------- C:\ProgramData\Apple Computer
2007-12-12 12:41 . 2007-12-12 12:41 d-------- C:\Program Files\InterVideo Information Service
2007-12-12 12:41 . 2007-12-12 12:41 d-------- C:\Program Files\Common Files\Ulead
2007-12-12 12:41 . 2006-05-11 18:41 654 --------- C:\Windows\remove.iss
2007-12-12 12:38 . 2007-12-12 12:39 d-------- C:\Program Files\InterVideo
2007-12-12 12:32 . 2007-12-12 12:33 d–h----- C:\Windows\msdownld.tmp
2007-12-12 12:02 . 2007-12-12 12:16 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-12 11:58 . 2007-12-12 11:58 d-------- C:\Users\Dale\AppData\Roaming\vlc
2007-12-12 11:56 . 2007-12-12 11:56 d-------- C:\Program Files\VideoLAN
2007-12-12 07:59 . 2007-12-12 07:59 77 --a------ C:\Windows\System32\8417.bat
2007-12-11 12:55 . 2007-12-11 12:55 d-------- C:\Program Files\Easy File Sharing Web Server
2007-12-11 11:44 . 2007-12-11 11:44 d-------- C:\Users\Dale\AppData\Roaming.wyzo
2007-12-11 10:54 . 2007-12-11 10:54 3,120 --a------ C:\Windows\System32\PMVCIH2J.ocx
2007-12-11 10:52 . 2007-12-19 11:16 d-------- C:\Program Files\123CopyDVD 2008
2007-12-11 10:16 . 2007-12-11 10:16 3,120 --a------ C:\Windows\System32\FGD2FH5B.ocx
2007-12-11 10:16 . 2007-12-11 10:16 3,120 --a------ C:\Windows\DF8MLHS2.ocx
2007-12-11 10:14 . 2007-12-19 11:14 d-------- C:\Program Files\AviSynth 2.5

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:15 --------- d-----w C:\Program Files\Common Files\aol
2008-01-08 18:10 --------- d-----w C:\Users\Dale\AppData\Roaming\AOL
2008-01-08 18:10 --------- d-----w C:\ProgramData\AOL
2008-01-08 18:09 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-01-08 17:45 --------- d-----w C:\ProgramData\AOL Downloads
2008-01-07 18:22 --------- d—a-w C:\ProgramData\TEMP
2008-01-07 18:22 --------- d-----w C:\Program Files\Chainz 2 Relinked
2008-01-02 17:39 147,456 ----a-w C:\Users\Dale\vbzip10.dll
2008-01-02 17:39 --------- d-----w C:\Users\Dale\AppData\Roaming\LimeWire
2008-01-02 17:34 36,864 ----a-w C:\Users\Dale\services.exe
2007-12-28 17:20 --------- d-----w C:\ProgramData\CyberLink
2007-12-28 17:19 --------- d–h–w C:\Program Files\InstallShield Installation Information
2007-12-28 17:18 --------- d-----w C:\Program Files\CyberLink
2007-12-28 17:14 --------- d-----w C:\Program Files\LimeWire
2007-12-23 05:13 --------- d-----w C:\ProgramData\Viewpoint
2007-12-13 00:53 --------- d-----w C:\Program Files\Windows Mail
2007-12-12 21:24 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-12 21:24 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-12 21:24 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-12 21:24 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-12 21:24 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-12 21:24 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-12 21:24 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-12 21:24 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-12-12 21:24 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-12 21:24 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-12 21:24 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-12-12 21:24 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-12 21:24 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-12 21:24 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-12-12 21:24 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-12-12 21:21 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-12 21:21 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-12 21:21 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-12 21:21 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-12 21:21 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-12 21:21 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-12 21:21 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-12 20:17 --------- d-----w C:\Program Files\DivX
2007-12-11 19:44 --------- d-----w C:\Users\Dale\AppData\Roaming.wyzo
2007-12-08 00:36 --------- d-----w C:\ProgramData\JollyBear
2007-12-08 00:36 --------- d-----w C:\Program Files\DishGAMES
2007-12-06 22:42 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-06 22:42 --------- d-----w C:\Program Files\AVSMedia
2007-12-04 14:53 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2007-12-04 14:52 45,648 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2007-12-04 14:51 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-30 00:50 4,096 ----a-w C:\Windows\System32\sysres.dll
2007-11-30 00:50 38,567 ----a-w C:\Windows\System32\pcpbios.exe
2007-11-29 22:30 43,528 ------w C:\Windows\system32\drivers\pxhelp20.sys
2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-20 23:21 --------- d-----w C:\Program Files\Nova Development
2007-11-20 23:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-20 22:18 --------- d-----w C:\Program Files\Street Challenge LLC
2007-11-20 16:57 --------- d-----w C:\Users\Dale\AppData\Roaming\Sonic
2007-11-20 16:56 --------- d-----w C:\Users\Dale\AppData\Roaming\Leadertech
2007-11-20 16:50 --------- d-----w C:\ProgramData\InstallShield
2007-11-20 16:48 --------- d-----w C:\ProgramData\Sonic
2007-11-20 16:47 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-11-20 16:47 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-20 16:44 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-20 16:40 --------- d-----w C:\Program Files\Roxio
2007-11-19 18:44 --------- d-----w C:\Program Files\Invoice by Click
2007-11-19 18:43 73,216 ----a-w C:\Windows\ST6UNST.EXE
2007-11-19 18:43 299,008 ------w C:\Windows\Setup1.exe
2007-11-16 17:48 --------- d-----w C:\Program Files\bfgclient
2007-11-16 17:01 --------- d-----w C:\Program Files\MSECache
2007-11-13 21:32 174 --sha-w C:\Program Files\desktop.ini
2007-11-13 21:29 --------- d-----w C:\Program Files\Windows Defender
2007-11-13 21:29 --------- d-----w C:\Program Files\Windows Calendar
2007-11-13 16:47 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-13 16:46 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-13 16:46 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-13 16:46 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-13 16:46 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-13 16:46 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-13 16:46 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-13 16:46 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-13 16:46 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-13 16:46 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-13 16:46 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-13 16:46 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-13 16:46 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-13 16:46 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-13 16:46 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-13 16:46 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-13 16:46 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-13 16:46 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-13 16:46 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-13 16:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-13 16:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-13 16:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-13 16:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-13 16:44 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-11-13 16:44 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-11-13 16:44 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2007-11-13 16:44 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-11-13 16:44 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-08_12.36.21.78 )))))))))))))))))))))))))))))))))))))))))
.

• 2008-01-08 20:31:49 67,584 --s-a-w C:\Windows\bootstat.dat

• 2008-01-08 21:15:57 67,584 --s-a-w C:\Windows\bootstat.dat

• 2008-01-08 20:32:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

• 2008-01-08 21:18:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

• 2008-01-08 20:32:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

• 2008-01-08 21:25:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
• 2008-01-08 21:25:22 262,144 —ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

• 2008-01-08 19:59:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

• 2008-01-08 21:19:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

• 2008-01-08 19:59:09 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

• 2008-01-08 21:19:33 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

• 2008-01-08 19:59:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

• 2008-01-08 21:19:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

• 2008-01-08 18:05:55 104,024 ----a-w C:\Windows\System32\perfc009.dat

• 2008-01-08 21:22:01 104,024 ----a-w C:\Windows\System32\perfc009.dat

• 2008-01-08 18:05:55 618,648 ----a-w C:\Windows\System32\perfh009.dat

• 2008-01-08 21:22:01 618,648 ----a-w C:\Windows\System32\perfh009.dat

• 2008-01-08 18:01:31 6,104 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2327955247-1941978558-2415635277-1000_UserData.bin

• 2008-01-08 21:19:18 6,622 ----a-w C:\Windows\System32\WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2327955247-1941978558-2415635277-1000_UserData.bin

• 2008-01-08 18:01:31 49,076 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

• 2008-01-08 21:19:17 49,760 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
  .
  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  Note empty entries & legit default entries are not shown
  REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 04:34 201728]
“AOL Fast Start”=“C:\Program Files\AOL 9.0\AOL.exe” [2007-04-17 22:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-11-13 08:46 1006264]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 05:00 79224]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2008-01-08 07:55 761947]
“IgfxTray”=“C:\Windows\system32\igfxtray.exe” [2008-01-08 07:55 98304]
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe” [2008-01-08 07:55 106496]
“Persistence”=“C:\Windows\system32\igfxpers.exe” [2008-01-08 07:55 81920]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2008-01-08 07:55 71216]
“HostManager”=“C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe” [2006-09-25 16:52 50736]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 01:25 6731312]

C:\Users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-11-13 08:46:57]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
–a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
–a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
–a------ 2006-03-20 17:34 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
–a------ 2006-03-20 17:34 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
–a------ 2007-06-08 06:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 06:52]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 23:30]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 10:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c8dcedce-8fe4-11dc-bc4f-00038a000015}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-03 17:08:05 C:\Windows\Tasks\AppleSoftwareUpdate.job”

• C:\Program Files\Apple Software Update\SoftwareUpdate.exe
  “2008-01-08 17:58:49 C:\Windows\Tasks\McDefragTask.job”
• c:\PROGRA~1\mcafee\mqc\QcConsol.exe’
  “2008-01-08 17:58:49 C:\Windows\Tasks\McQcTask.job”
• c:\PROGRA~1\mcafee\mqc\QcConsol.exe
  .

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 13:25:36
Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-01-08 13:26:52
ComboFix-quarantined-files.txt 2008-01-08 21:26:46
ComboFix2.txt 2008-01-08 21:19:18
ComboFix3.txt 2008-01-08 20:37:30
.
2008-01-07 22:31:35 — E O F —

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:03 PM, on 1/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\aol\1199815578\ee\aolsoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL 9.0\waol.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partsplusportal.com/login-pp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1199815578\ee\AOLSoftware.exe
O4 - HKLM..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU..\Run: [AOL Fast Start] “C:\Program Files\AOL 9.0\AOL.EXE” -b
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: Windows Calendar.lnk = D:\Program Files\Windows Calendar\WinCal.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

–
End of file - 6212 bytes

Your logs look clean now. How is it running ?