[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-04-18 204800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 maa950u;maa950u;c:\windows\system32\Drivers\maa950u.sys [2008-09-20 49237]
S3 SavRoam;SAVRoam;"c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe" [2006-03-17 115952]
*Newly Created Service* - IPOD_SERVICE
.
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.myspace.com/uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\josh.CUMBUCKET\Application Data\Mozilla\Firefox\Profiles\c8iptq5j.default\
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL -
hxxp://www10.yoog.com/search.php?q=FF - user.js: keyword.enabled - true
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage -
www.yahoo.comFF - prefs.js: keyword.URL -
hxxp://www10.yoog.com/search.php?q=FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-13 13:55:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(572)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-13 13:56:24
ComboFix-quarantined-files.txt 2008-12-13 21:56:18
ComboFix2.txt 2008-12-11 00:34:10
Pre-Run: 100,170,113,024 bytes free
Post-Run: 100,244,324,352 bytes free
403 --- E O F --- 2008-12-11 11:04:00