ComboFix 08-12-01.03 - Chris 2008-12-03 11:45:52.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.691 [GMT 8:00]
Running from: e:\documents and settings\Chris\Desktop\ComboFix.exe
 * Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((   Files Created from 2008-11-03 to 2008-12-03  )))))))))))))))))))))))))))))))
.

2008-11-29 11:22 . 2008-11-29 11:22	<DIR>	d--------	e:\documents and settings\All Users\Application Data\Avg8
2008-11-29 10:50 . 2008-11-29 10:50	<DIR>	d--hs----	E:\FOUND.005
2008-11-29 09:39 . 2006-08-21 17:14	128,896	---------	e:\windows\system32\dllcache\fltmgr.sys
2008-11-29 09:39 . 2006-08-21 17:14	23,040	---------	e:\windows\system32\dllcache\fltmc.exe
2008-11-29 09:39 . 2006-08-21 20:21	16,896	---------	e:\windows\system32\dllcache\fltlib.dll
2008-11-29 09:36 . 2008-11-29 09:37	<DIR>	d--------	e:\program files\MSXML 4.0
2008-11-29 09:35 . 2004-03-12 02:18	217,088	--a------	e:\windows\system32\wmpns.dll
2008-11-21 13:22 . 2008-11-21 13:22	<DIR>	d--hs----	E:\FOUND.004
2008-11-20 19:31 . 2008-11-20 19:31	<DIR>	d--------	e:\documents and settings\Chris\Application Data\PCToolsFirewallPlus
2008-11-20 19:26 . 2008-11-20 19:26	<DIR>	d--------	e:\program files\PC Tools Firewall Plus
2008-11-18 20:00 . 2008-11-18 19:59	1,851,544	--a------	e:\program files\install_flash_player.exe
2008-11-18 19:45 . 2008-11-18 19:45	<DIR>	d--------	e:\program files\Spybot - Search & Destroy
2008-11-18 09:28 . 2008-09-05 00:42	1,106,944	---------	e:\windows\system32\dllcache\msxml3.dll
2008-11-16 00:16 . 2002-09-27 16:31	40,960	---------	e:\windows\system32\IsUser11b.dll
2008-11-12 10:25 . 2008-11-12 10:25	<DIR>	d--------	e:\program files\MSN Messenger
2008-11-09 16:50 . 2008-11-09 16:50	<DIR>	d--------	e:\program files\Malwarebytes' Anti-Malware
2008-11-09 16:50 . 2008-11-09 16:50	<DIR>	d--------	e:\documents and settings\Chris\Application Data\Malwarebytes
2008-11-09 16:50 . 2008-11-09 16:50	<DIR>	d--------	e:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 16:50 . 2008-10-22 16:10	38,496	--a------	e:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 16:50 . 2008-10-22 16:10	15,504	--a------	e:\windows\system32\drivers\mbam.sys
2008-11-09 15:21 . 2008-11-09 15:21	244	--ah-----	E:\sqmnoopt00.sqm
2008-11-09 15:21 . 2008-11-09 15:21	232	--ah-----	E:\sqmdata00.sqm

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 05:23	---------	d-----w	e:\program files\Apple Software Update
2008-10-25 16:09	---------	d-----w	e:\documents and settings\Chris\Application Data\Comodo
2008-10-25 04:48	---------	d-----w	e:\program files\Common Files\Adobe AIR
2008-10-25 04:46	---------	d-----w	e:\documents and settings\Chris\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-25 04:40	---------	d-----w	e:\documents and settings\All Users\Application Data\NOS
2008-10-25 04:39	---------	d-----w	e:\program files\NOS
2008-10-25 04:38	410,976	----a-w	e:\windows\system32\deploytk.dll
2008-10-25 04:29	249,592	----a-w	e:\windows\system32\cssdll32.dll
2008-10-25 04:29	---------	d-----w	e:\program files\AskSearch
2008-10-25 04:25	25,831,688	----a-w	e:\program files\CIS_Setup_3.5.53896.424_XP_Vista_x32.exe
2008-10-25 04:25	---------	d-----w	e:\program files\JavaRa
2008-10-25 04:15	---------	d-----w	e:\program files\Google
2008-10-24 11:10	453,632	----a-w	e:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10	453,632	------w	e:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 10:52	---------	d-----w	e:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-16 06:13	202,776	----a-w	e:\windows\system32\wuweb.dll
2008-10-16 06:13	202,776	----a-w	e:\windows\system32\dllcache\wuweb.dll
2008-10-16 06:13	1,809,944	----a-w	e:\windows\system32\wuaueng.dll
2008-10-16 06:13	1,809,944	----a-w	e:\windows\system32\dllcache\wuaueng.dll
2008-10-16 06:12	561,688	----a-w	e:\windows\system32\wuapi.dll
2008-10-16 06:12	561,688	----a-w	e:\windows\system32\dllcache\wuapi.dll
2008-10-16 06:12	323,608	----a-w	e:\windows\system32\wucltui.dll
2008-10-16 06:12	323,608	----a-w	e:\windows\system32\dllcache\wucltui.dll
2008-10-16 06:09	92,696	----a-w	e:\windows\system32\dllcache\cdm.dll
2008-10-16 06:09	92,696	----a-w	e:\windows\system32\cdm.dll
2008-10-16 06:09	51,224	----a-w	e:\windows\system32\wuauclt.exe
2008-10-16 06:09	51,224	----a-w	e:\windows\system32\dllcache\wuauclt.exe
2008-10-16 06:09	43,544	----a-w	e:\windows\system32\wups2.dll
2008-10-16 06:08	34,328	----a-w	e:\windows\system32\wups.dll
2008-10-16 06:08	34,328	----a-w	e:\windows\system32\dllcache\wups.dll
2008-10-15 16:57	332,800	------w	e:\windows\system32\dllcache\netapi32.dll
2008-10-06 03:48	---------	d-----w	e:\documents and settings\Chris\Application Data\EBookSys
2008-09-30 08:43	1,286,152	----a-w	e:\windows\system32\msxml4.dll
2008-09-15 11:57	1,846,016	----a-w	e:\windows\system32\win32k.sys
2008-09-15 11:57	1,846,016	------w	e:\windows\system32\dllcache\win32k.sys
2008-09-05 15:30	241,704	------w	e:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 15:29	917,032	------w	e:\windows\system32\dllcache\WgaTray.exe
2008-09-04 16:42	1,106,944	----a-w	e:\windows\system32\msxml3.dll
2008-08-19 02:50	189,016	----a-w	e:\documents and settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 15:50	4	--sh--r	e:\documents and settings\All Users\Application Data\sysqcl1129139270.dat
2007-10-13 18:43	18,040,176	----a-w	e:\program files\Install_Messenger_nous.exe
2003-11-04 18:54	5,406,945	------w	e:\program files\Setupligh.exe
2005-06-26 22:32	616,448	--sha-r	e:\windows\system32\cygwin1.dll
2005-06-22 05:37	45,568	--sha-r	e:\windows\system32\cygz.dll
2005-07-14 19:31	27,648	--sha-w	e:\windows\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="e:\program files\Plaxo\3.17.0.16\PlaxoHelper_en.exe" [2008-11-19 369223]
"Eraser"="c:\misc installers\Protection tools\Eraser\Eraser.exe" [2007-12-23 916240]
"Sony Ericsson PC Suite"="e:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"msnmsgr"="e:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"PlaxoSysTray"="e:\program files\Plaxo\3.17.0.16\PlaxoSysTray.exe" [2008-11-19 20480]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-19 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="e:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ATIPTA"="e:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-01 335872]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="e:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="e:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Acrobat Assistant.lnk - e:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-11-19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-11-19 13:57 352256 e:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Misc installers\\Limewire\\LimeWire.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"e:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"e:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"e:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 SASDIFSV;SASDIFSV;\??\e:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\e:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R2 ssoftnt4;ssoftnt4;\??\e:\windows\system32\Drivers\ssoftnt4.sys [2008-02-18 100728]
R3 SASENUM;SASENUM;\??\e:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;e:\windows\system32\DRIVERS\netusbxp.sys [2007-10-14 72576]
S3 ggflt;SEMC USB Flash Driver Filter;e:\windows\system32\DRIVERS\ggflt.sys [2008-02-27 13352]
.
Contents of the 'Scheduled Tasks' folder

2008-10-26 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - e:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]g2wi5w8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.facebook.com/index.php?
FF -: plugin - e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - e:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - e:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - e:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 11:47:00
Windows 5.1.2600 Service Pack 2, v.3427 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)
e:\windows\system32\ODBC32.dll
e:\windows\system32\msctfime.ime
e:\program files\SUPERAntiSpyware\SASWINLO.DLL
e:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(464)
e:\windows\system32\dssenh.dll
.
Completion time: 2008-12-03 11:49:09
ComboFix-quarantined-files.txt  2008-12-03 03:47:34

Pre-Run: 3,976,937,472 bytes free
Post-Run: 4,109,287,424 bytes free

164	--- E O F ---	2008-11-29 01:49:56