default - Sun 10/22/2006 14:39:25.54 Service Pack 4
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\default\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *
O4 - HKCU\...\Run C:\WINNT\system32\eyyjsp.exe
O4 - HKLM\...\Run C:\WINNT\system32\eyyjsp.exe
F2 -REG:system.ini: Shell C:\WINNT\system32\uipnr.exe
* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *
C:\WINNT\system32\eyyjsp.exe
C:\WINNT\system32\kgykjxk.dll
C:\WINNT\system32\fdwrduy.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wglky.exe
C:\WINNT\dtgqj.dll
C:\WINNT\system32\kvnne.dat
C:\WINNT\system32\uipnr.exe
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-10-21 21:20 127488 eyyjsp.exe.qoo
06-10-21 20:11 127488 wglky.exe.qoo
06-10-22 13:34 51712 kgykjxk.dll.qoo
06-10-22 11:10 28672 uipnr.exe.qoo
06-10-21 20:11 52 eeqooo.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{3B773060-0774-1033-0421-040327030001}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINNT\MBOLS~1
C:\QooBox\Purity\WINNT\MBOLS~1\??mbols
C:\QooBox\Purity\WINNT\MBOLS~1\??mbols\dohinst-103.0000
((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))
2006-10-22 11:07 9,216 --a------ C:\WINNT\system32\drivers\pxscinst.dll
2006-10-22 11:07 7,296 --a------ C:\WINNT\system32\drivers\pxcom.sys
2006-10-22 11:07 6,656 --a------ C:\WINNT\system32\drivers\pxinst.dll
2006-10-22 11:07 264,832 --a------ C:\WINNT\system32\drivers\pxfsf.sys
2006-10-22 11:07 18,304 --a------ C:\WINNT\system32\drivers\pxtdi.sys
2006-10-22 11:07 13,568 --a------ C:\WINNT\system32\drivers\pxrd.sys
2006-10-22 11:07 101,376 --a------ C:\WINNT\system32\drivers\PxEmu.sys
2006-10-21 23:23 167,936 --a------ C:\WINNT\system32\SpoonUninstall.exe
2006-10-21 22:07 40,960 --a------ C:\Look2Me-Destroyer.exe
2006-10-21 20:37 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys
2006-10-21 20:13 2 --a------ C:\WINNT\system32\wnscptr.exe
2006-10-21 20:13 126,976 --a------ C:\WINNT\system32\bfnedqlh.dll
2006-10-21 20:12 918 --a------ C:\WINNT\system32\winpfg32.sys
2006-10-21 20:11 505 --a------ C:\WINNT\dtgqj.dll
2006-10-21 20:11 349,696 --a------ C:\921_135b.exe
2006-10-21 20:11 183,478 --a------ C:\WINNT\srvitiynjg.exe
2006-10-21 20:11 1,259 --a------ C:\WINNT\system32\hfj2dfc3.sys
2006-10-21 20:10 32,768 --a------ C:\DXC9.exe
2006-10-21 20:10 28,672 --a------ C:\WINNT\system32drei.exe
2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\lkyaekrrr.exe
2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\drei.exe
2006-10-21 20:10 24,576 --a------ C:\WINNT\system32vypqj.exe
2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\vypqj.exe
2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\pi2pl.exe
2006-10-21 20:10 200,704 --a------ C:\WINNT\system32\lqe2z.dll
2006-10-21 20:10 160,256 --a------ C:\WINNT\system32\aybry.dll
2006-10-21 20:10 10,479 --a------ C:\rorjxk.exe
2006-10-21 20:10 1,465 --a------ C:\ilchoy.exe
2006-10-21 20:10 0 --a------ C:\WINNT\system32uaw5wah6a.exe
2006-10-21 20:09 76,800 --a------ C:\nckige.exe
2006-10-21 20:09 75,776 --a------ C:\avoxqu.exe
2006-10-21 20:09 45,056 --a------ C:\w77uxb8v9.exe
2006-10-21 20:09 10,752 --a------ C:\WINNT\system32\MZU_DRV.sys
2006-10-14 19:34 45,056 --a------ C:\WINNT\system32\WNASPI32.DLL
2006-10-14 19:34 16,877 --a------ C:\WINNT\system32\drivers\ASPI32.SYS
2006-10-14 18:55 82,432 --a------ C:\WINNT\system32\drmstor.dll
2006-10-14 18:55 737,280 --a------ C:\WINNT\iun6002.exe
2006-10-14 18:55 301,712 --a------ C:\WINNT\system32\drmclien.dll
2006-10-12 17:42 243,472 --a------ C:\WINNT\scout.exe
2006-09-22 08:38 53,248 --a------ C:\WINNT\109uninst.exe
2006-09-22 08:36 53,248 --a------ C:\WINNT\uni_7eh.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-22 14:41 -------- d-------- C:\Program Files\Prevx1
2006-10-22 14:39 -------- d-a------ C:\Program Files\Common Files
2006-10-22 13:46 -------- d-------- C:\Program Files\PSDream
2006-10-22 11:07 -------- d-------- C:\Documents and Settings\default\Application Data\Prevx
2006-10-21 21:27 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-21 21:14 -------- d-------- C:\Program Files\Common Files\uiwr
2006-10-21 21:04 -------- d-------- C:\Documents and Settings\default\Application Data\Lavasoft
2006-10-14 19:34 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
2006-10-14 19:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-14 18:55 -------- d-------- C:\Program Files\Windows Media Player
2006-10-09 18:02 -------- d---s---- C:\Documents and Settings\default\Application Data\Microsoft
2006-09-12 05:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE
2006-09-12 05:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE
2006-09-05 22:58 1110528 --a------ C:\WINNT\system32\msxml3.dll
2006-08-30 20:31 8413 --a------ C:\WINNT\system32\drivers\mcstrm.sys
2006-08-29 21:41 -------- d-------- C:\Documents and Settings\default\Application Data\River Past G2
2006-08-29 21:33 -------- d-------- C:\Documents and Settings\default\Application Data\Real
2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\Real
2006-08-28 05:03 529680 --a------ C:\WINNT\system32\comctl32.dll
2006-08-25 22:56 -------- d-------- C:\Program Files\Opera
2006-08-25 22:56 -------- d-------- C:\Documents and Settings\default\Application Data\Opera
2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft Office
2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\System
2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-22 12:48 136912 --------- C:\WINNT\system32\drivers\fltmgr.sys
2006-08-07 09:17 61440 --a------ C:\WINNT\system32\BattyRun2.dll
2006-08-04 09:37 73728 --a------ C:\WINNT\system32\dpl100.dll
2006-08-04 09:37 196608 --a------ C:\WINNT\system32\dtu100.dll
2006-07-26 20:05 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
2006-07-26 20:05 109568 --------- C:\WINNT\system32\pxinsi64.exe
2006-07-26 20:05 108544 --------- C:\WINNT\system32\pxcpyi64.exe
2006-07-24 23:08 840976 --a------ C:\WINNT\system32\mmcndmgr.dll
2006-07-06 22:50 271 ---h----- C:\Program Files\desktop.ini
2006-07-06 22:50 21952 ---h----- C:\Program Files\folder.htt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\winnt\\system32\\_mzu_stonedrv8.exe"
"Hand"="\"C:\\WINNT\\MBOLS~1\\spool32.exe\" -vt yazb"
"uiwr"="C:\\PROGRA~1\\COMMON~1\\uiwr\\uiwrm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"TI WLAN"="C:\\Program Files\\Wirelwss LAN Utility\\TIWLANCu.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"EnvyHFCPL"="C:\\Program Files\\Turtle Beach Catalina\\EnMixCPL.exe"
"Gnetmous"="C:\\Program Files\\COMPAQ\\Scroll Mouse\\gnetmous.exe"
"projselector"="\"C:\\Program Files\\Common Files\\Roxio Shared\\Project Selector\\projselector.exe\" -r"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
"SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\common\\swtrayv4.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PNAgent"="\"E:\\Program Files\\PhatNoise Media Manager\\PNAgent.exe\""
"ntdll.dll"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
"ms05691299766"="C:\\WINNT\\ms05691299766.exe"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About
:Home"
"SubscribedURL"="About
:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"DCOM Server 2236"="{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"
"mwvjYaBCBcRn"="{3B773061-91DD-9ACB-B7FC-719267519B02}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: Sun 2006-10-22 14:41:39.92
C:\ComboFix.txt ... 06-10-22 14:41