ComboFix 10-09-12.01 - VETERAN 09/12/2010  19:06:36.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.595 [GMT -4:00]
Running from: c:\documents and settings\VETERAN\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\VETERAN\Recent\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-12 to 2010-09-12  )))))))))))))))))))))))))))))))
.

2010-09-02 15:04 . 2010-09-02 15:04	--------	d-----w-	c:\program files\ERUNT
2010-08-31 17:01 . 2010-09-02 14:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-31 16:59 . 2006-05-24 17:36	110592	----a-w-	c:\documents and settings\VETERAN\Application Data\U3\temp\cleanup.exe
2010-08-31 16:58 . 2010-09-12 22:35	--------	d-----w-	c:\documents and settings\VETERAN\Application Data\U3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 15:06 . 2010-09-02 15:06	--------	d-----w-	c:\documents and settings\VETERAN\Application Data\Malwarebytes
2010-09-02 15:06 . 2010-09-02 15:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-02 15:06 . 2010-09-02 15:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 14:54 . 2006-11-08 20:31	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-24 19:39 . 2008-09-19 20:53	--------	d-----w-	c:\program files\Full Tilt Poker
2010-08-22 23:40 . 2009-08-05 22:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Norton
2010-08-21 20:55 . 2009-08-04 01:21	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-06-30 12:31 . 2004-08-11 22:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-11 22:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-11 22:00	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 22:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 22:00	80384	----a-w-	c:\windows\system32\iccvid.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06	764296	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 20:14	238968	----a-w-	c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-22 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-22 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-22 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"UpdateMgr.exe"="c:\program files\EarthLink 5.0\updatemgr.exe" [2002-01-04 61440]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-10-02 26112]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [12/28/2008 4:03 PM 7296]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 6:25 PM 65536]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/7/2010 1:47 PM 1201640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/4/2010 7:59 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 23:59]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 23:59]

2010-09-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]

2010-09-12 c:\windows\Tasks\User_Feed_Synchronization-{EDC264B8-7932-48CD-AF02-4CDEBD5F2469}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

2010-09-03 c:\windows\Tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-07 20:19]

2010-09-03 c:\windows\Tasks\wrSpySweeper_L598B8299E0CC46E28CEC5398D61F2518.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-01-07 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: adultfriendfinder.com\profile
Trusted Zone: adultfriendfinder.com\secure
Trusted Zone: yahoo.com\us.mg4.mail
Trusted Zone: yahoo.com\www
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 19:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6000)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\mrtMngr.EXE
.
**************************************************************************
.
Completion time: 2010-09-12  19:19:26 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-12 23:19

Pre-Run: 56,254,320,640 bytes free
Post-Run: 56,220,409,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 19DC68A0790BC29A0118FA76CADF2E03