**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-27 14:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kpgmh]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-776561741-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dd,2f,b8,a0,ed,08,93,98,68,aa,98,88,25,98,8a,a9,04,f3,19,18,5a,6d,91,
2f,a4,33,79,3f,0b,3b,7e,32,64,d8,78,82,ac,11,57,ad,ae,40,c2,cd,1b,6d,96,52,\
"??"=hex:0e,65,6b,66,be,8d,88,91,f8,ed,7e,ad,e7,93,74,57
[HKEY_USERS\S-1-5-21-776561741-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:f1,c5,45,e3,96,ce,70,1a,19,5b,29,ca,c2,83,4b,b8,15,6a,83,db,5f,
b0,36,32,21,a3,e6,13,b7,97,1e,4b,79,f4,84,44,8a,c4,6c,4a,cb,1d,06,d6,e5,b2,\
"rkeysecu"=hex:34,72,c9,c1,56,cb,ba,37,57,df,7e,31,d4,64,3d,47
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-12-27 14:41:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-27 14:41
Pre-Run: 153,819,316,224 bytes free
Post-Run: 156,370,591,744 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 19C7488F916CA0B7BBFE04BC72EDC125