Unknown Virus/Trojan

.
((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
.

2009-06-06 03:48 . 2009-06-06 03:48 -------- d-sh--w- \$RECYCLE.BIN
2009-06-06 03:47 . 2009-06-06 03:48 -------- d-----w- c:\users\Michael\AppData\Local\temp
2009-06-06 03:47 . 2009-06-06 03:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-06 03:47 . 2009-06-06 03:47 -------- d-----w- C:\temp
2009-06-06 03:47 . 2009-06-06 03:47 -------- d-----w- \temp
2009-06-06 03:42 . 2009-06-06 03:48 -------- d-s---w- \combofixz
2009-06-06 03:01 . 2009-03-16 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\naveng.sys
2009-06-06 03:01 . 2009-03-16 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\navex15.sys
2009-06-06 03:01 . 2009-03-16 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\eeCtrl.sys
2009-06-06 03:01 . 2009-03-16 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\naveng32.dll
2009-06-06 03:01 . 2009-03-16 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\navex32a.dll
2009-06-06 03:01 . 2009-03-16 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\ERASER.sys
2009-06-06 03:01 . 2008-11-20 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\ecmsvr32.dll
2009-06-06 03:01 . 2009-03-16 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090605.003\cceraser.dll
2009-06-06 00:22 . 2009-06-06 03:43 -------- d-----w- \Qoobox
2009-06-06 00:20 . 2009-06-05 09:07 1342 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp581b.tmp\cur.scr
2009-06-05 23:54 . 2009-06-05 23:54 -------- d-----w- c:\program files\TokBox
2009-06-03 04:22 . 2009-06-03 04:24 -------- d-----w- \Avenger
2009-06-03 00:56 . 2009-06-03 00:56 -------- d-----w- c:\program files\Trend Micro
2009-05-16 03:05 . 2009-03-16 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\naveng.sys
2009-05-16 03:05 . 2009-03-16 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\navex15.sys
2009-05-16 03:05 . 2009-03-16 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\naveng32.dll
2009-05-16 03:05 . 2009-03-16 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\navex32a.dll
2009-05-16 03:05 . 2009-03-16 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\eeCtrl.sys
2009-05-16 03:05 . 2009-03-16 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\cceraser.dll
2009-05-16 03:05 . 2009-03-16 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\ERASER.sys
2009-05-16 03:05 . 2008-11-20 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090515.003\ecmsvr32.dll
2009-05-08 03:56 . 2009-03-19 23:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-08 03:56 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-08 03:56 . 2009-05-08 03:56 -------- d-----w- c:\program files\iPod
2009-05-08 03:56 . 2009-05-08 03:56 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-08 03:56 . 2009-05-08 03:56 -------- d-----w- c:\program files\iTunes
2009-05-08 03:55 . 2009-05-08 03:55 -------- d-----w- c:\program files\Bonjour
2009-05-08 03:54 . 2009-05-08 03:54 -------- d-----w- c:\program files\QuickTime
2009-05-08 03:45 . 2009-05-08 03:45 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 03:47 . 2007-04-12 11:58 2392719360 --sha-w- \pagefile.sys
2009-06-06 00:26 . 2008-02-23 07:23 -------- d-----w- c:\program files\Norton Security Scan
2009-06-06 00:26 . 2007-04-29 06:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-05 05:26 . 2007-12-15 02:48 -------- d-----w- c:\program files\Warcraft III
2009-06-05 03:39 . 2008-09-27 19:27 -------- d-----w- c:\program files\Garena
2009-05-27 03:25 . 2007-06-26 21:44 -------- d-----w- c:\program files\Steam
2009-05-22 05:19 . 2008-08-28 02:32 -------- d-----w- c:\users\Michael\AppData\Roaming\FrostWire
2009-05-08 03:56 . 2007-09-18 07:10 -------- d-----w- c:\program files\Common Files\Apple
2009-04-25 05:22 . 2009-04-24 01:08 -------- d-----w- c:\programdata\NOS
2009-04-25 05:22 . 2009-04-24 01:08 -------- d-----w- c:\program files\NOS
2009-04-24 01:16 . 2009-04-24 01:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-19 18:18 . 2007-09-14 22:26 -------- d-----w- c:\program files\Common Files\Steam
2009-04-12 21:49 . 2009-04-12 21:48 34 ----a-w- c:\users\Michael\jagex_runescape_preferences.dat
2009-04-07 22:01 . 2009-04-07 03:44 77055 ----a-w- c:\windows\War3Unin.dat
2009-04-07 03:47 . 2009-04-07 03:44 2829 ----a-w- c:\windows\War3Unin.pif
2009-04-07 03:47 . 2009-04-07 03:44 139264 ----a-w- c:\windows\War3Unin.exe
2009-03-26 22:23 . 2009-03-26 22:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 22:23 . 2009-03-26 22:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-16 08:00 . 2009-03-16 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-03-16 08:00 . 2009-03-16 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-03-16 08:00 . 2009-03-16 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-03-16 08:00 . 2009-03-16 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-03-16 08:00 . 2009-03-16 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-03-16 08:00 . 2009-03-16 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-03-16 08:00 . 2009-03-16 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-03-14 05:07 . 2009-03-14 05:07 15440 ----a-w- c:\windows\system32\drivers\hamachi.sys
2008-07-07 03:14 . 2008-07-07 03:14 8 --sha-r- c:\windows\System32\B80BE66F79.sys
2008-07-07 04:11 . 2008-07-07 03:14 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-04-12 19:56 . 2007-04-12 19:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-06_00.44.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-12 12:35 . 2009-06-06 03:34 55808 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-04-15 01:44 . 2009-06-06 03:34 14770 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3350525115-1583221867-2151667216-1000_UserData.bin
- 2007-04-15 01:35 . 2009-06-05 23:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-15 01:35 . 2009-06-06 03:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-15 01:35 . 2009-06-06 03:42 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-15 01:35 . 2009-06-05 23:56 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-15 01:35 . 2009-06-06 03:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-04-15 01:35 . 2009-06-05 23:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:05 . 2009-06-06 03:39 134934 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-12-12 273864]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_16\bin\jusched.exe" [2008-05-28 75256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TokBox.lnk - c:\program files\TokBox\TokBox.exe [2009-6-5 95744]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-12 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-12 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2D7434F-3124-4E4D-9FA1-3A7CBF579077}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{B8F783D6-A38C-4FA0-A0DD-ADA9FF3BB54B}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{120CA787-A512-44D9-979D-F0C3C2C49D61}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{E3A798B5-7427-41CE-866A-049DC2412B94}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"TCP Query User{0515D08A-7B2C-49C3-940C-26C12B390210}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{3A90F21B-2D8B-4EF1-A1F1-D52AAD9C242C}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"TCP Query User{36DB7E36-0E01-40A7-89C8-7BBD11B8A375}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{FAA3E0AF-2AE5-488E-B70A-E2F7DFF1E7AA}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"{4F3C97ED-B456-4B36-A8A9-120D0271F3D6}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C6FF993A-A000-41F6-837C-1506E2183C91}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{F2C9B5C6-ACD5-4E98-B15F-88D48EBAFD77}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{363E3118-F62E-4230-A15E-6BF61B076580}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{915F5D43-81E2-4ADA-8396-979B319DF602}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B57C4BE5-2652-44BE-86E3-5FA3CE0DC1C8}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{18818A99-7423-4D13-902F-01A69BFD0BA7}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{64FAB89A-CFDF-4CBC-9310-509AF2831E94}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{FA1C5933-DA7C-4F78-ADC0-8CC69611C674}c:\\program files\\swiftswitch\\swiftswitch.exe"= UDP:c:\program files\swiftswitch\swiftswitch.exe:World Switcher for RuneScape
"UDP Query User{604419F6-C91D-49B8-8B91-E96969B37CE2}c:\\program files\\swiftswitch\\swiftswitch.exe"= TCP:c:\program files\swiftswitch\swiftswitch.exe:World Switcher for RuneScape
"TCP Query User{C2119F67-BA08-432E-ABFF-881989311F9F}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{CA79C40E-64A2-4ADE-990C-4A4B26ACEB52}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"{222D201C-8826-472D-94AE-8B31CDE79E53}"= UDP:c:\program files\Steam\Steam.exe:Steam Client
"{FE22940A-FA55-432C-80B1-1DA923C2AC2B}"= TCP:c:\program files\Steam\Steam.exe:Steam Client
"{53B2688D-6870-4F0B-87C1-514579C8C1C1}"= UDP:c:\nexon\KartRider\NMService.exe:Nexon Messenger Core
"{7D2FB9FA-647E-4247-9163-35CE9A825FCA}"= TCP:c:\nexon\KartRider\NMService.exe:Nexon Messenger Core
"TCP Query User{081B639A-069D-41B8-AADB-9E6B0A486F3D}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{49DF69FE-EE69-474B-A4A3-B1EA72910B3C}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{C54D57B5-F1BC-4E6B-AD42-7D079DCAA732}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FBCBEBC9-4E8A-47A6-9625-325AF1C5A0E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{54243C78-1E5D-4412-B98B-FA52AC521ACF}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B8EBCA04-6010-4D8A-8C3D-A8BC76C88EB0}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{71FAC19E-F722-408B-859E-C2B386E62E78}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{1304E72F-D067-46B4-8AE8-F402CA277FBD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{B7D27902-3D26-4C3F-869E-D1FA3816983E}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D40FDC8D-6DC7-40FD-AF10-FC4E4D074BE4}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{8443CB31-F367-48FF-A017-226410DC1A7E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2A60F4E8-A184-4D8D-BBE9-8EF595DCE228}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{199AEB4C-5BFF-460C-9F33-9FAC4C066243}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{834CF976-7CA7-437F-8C8F-F0C6544C4BE9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2009 8:01 PM 101936]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 6:34 AM 122008]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [1/9/2007 3:32 PM 38200]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/3/2008 7:05 PM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd
.
Contents of the 'Scheduled Tasks' folder

2009-06-06 c:\windows\Tasks\Norton Security Scan for Michael.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: motive.com\pattcwprt.att
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fvy9j0cg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPJPI150_16.dll
FF - plugin: c:\program files\Java\jre1.5.0_16\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 20:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9140)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec AntiVirus\VPTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Logitech\QuickCam\LU\LULnchr.exe
c:\program files\Logitech\QuickCam\LU\LogitechUpdate.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Java\jre1.5.0_16\bin\jucheck.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-06 20:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-06 03:54
ComboFix2.txt 2009-06-06 00:45

Pre-Run: 166,936,190,976 bytes free
Post-Run: 166,897,790,976 bytes free

425 --- E O F --- 2009-06-05 03:13

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.37
Database version: 2235
Windows 6.0.6000

6/5/2009 9:06:00 PM
mbam-log-2009-06-05 (21-06-00).txt

Scan type: Quick Scan
Objects scanned: 82682
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

beautifully, thank you. i'll be sure to comeback and donate when i get my creditcard this summer =]

Need to uninstall a few things now.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.