Kutter
2009-08-12, 18:07
Hi recently I've been unable to access any antivirus/antispyware sites.
I've been looking at the forums and ran my own combofix report.
ComboFix 09-08-10.06 - Kishen 12/08/2009 22:17.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.310 [GMT 8:00]
Running from: e:\documents and settings\Kishen\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.
2009-08-12 13:12 . 2009-08-12 13:12 -------- d-----w- e:\documents and settings\Kishen\Application Data\AVG8
2009-07-19 12:39 . 2009-07-19 13:48 -------- d-----w- E:\etax2009
2009-07-15 07:32 . 2009-07-15 07:32 -------- d-----w- e:\documents and settings\Kishen\Local Settings\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 18:02 . 2009-02-05 09:01 -------- d-----w- e:\documents and settings\Kishen\Application Data\uTorrent
2009-07-31 02:03 . 2009-07-31 02:03 4096 ----a-w- e:\windows\system32\01.tmp
2009-07-19 04:34 . 2009-06-28 02:33 -------- d-----w- e:\documents and settings\Kavitha\Application Data\uTorrent
2009-07-04 11:40 . 2009-02-08 02:05 -------- d-----w- e:\documents and settings\Kutty\Application Data\Skype
2009-07-04 08:08 . 2009-02-08 02:06 -------- d-----w- e:\documents and settings\Kutty\Application Data\skypePM
2009-07-02 13:43 . 2009-07-02 13:43 -------- d-----w- e:\program files\Common Files\Skype
2009-07-02 13:43 . 2009-07-02 13:43 -------- d-----r- e:\program files\Skype
2009-07-02 13:43 . 2009-02-08 02:05 -------- d-----w- e:\documents and settings\All Users\Application Data\Skype
2009-06-09 01:29 . 2009-02-12 23:39 410984 -c--a-w- e:\windows\system32\deploytk.dll
2009-06-09 01:28 . 2009-05-27 00:34 152576 -c--a-w- e:\documents and settings\Kutty\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-02 05:42 . 2009-05-05 09:26 38208 -c--a-w- e:\documents and settings\Kutty\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe (http://www.macromedia.com%5Cbin%5Cairappinstaller%5Cairappinstaller.exe)
2009-05-25 05:00 . 2009-05-25 04:54 29656 -c--a-w- e:\windows\hpoins03.dat
2009-03-21 14:06 . 2004-08-04 12:00 158467 --sha-r- e:\windows\system32\qkrynxkc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CM-SmWizard"="e:\windows\System\SmWizard.exe" [2003-08-29 1454080]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\WINDOWS\\system32\\sessmgr.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4618:TCP"= 4618:TCP:lrnju
S2 yqehk;Image Helper;e:\windows\system32\svchost.exe -k netsvcs [4/08/2004 8:00 PM 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;e:\program files\NOS\bin\getPlus_HelperSvc.exe [7/02/2009 8:40 PM 33752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yqehk
.
Contents of the 'Scheduled Tasks' folder
2009-08-12 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Kishen\Application Data\Mozilla\Firefox\Profiles\42tb6yng.default\
---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 22:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yqehk]
"ServiceDll"="e:\windows\system32\qkrynxkc.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2396)
e:\progra~1\WINDOW~2\wmpband.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-12 22:21
ComboFix-quarantined-files.txt 2009-08-12 14:21
ComboFix2.txt 2009-08-12 14:09
Pre-Run: 1,696,088,064 bytes free
Post-Run: 1,686,687,744 bytes free
138 --- E O F --- 2009-05-12 02:48
any help will be greatly appreciated.
-----------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )
I've been looking at the forums and ran my own combofix report.
ComboFix 09-08-10.06 - Kishen 12/08/2009 22:17.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.310 [GMT 8:00]
Running from: e:\documents and settings\Kishen\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.
2009-08-12 13:12 . 2009-08-12 13:12 -------- d-----w- e:\documents and settings\Kishen\Application Data\AVG8
2009-07-19 12:39 . 2009-07-19 13:48 -------- d-----w- E:\etax2009
2009-07-15 07:32 . 2009-07-15 07:32 -------- d-----w- e:\documents and settings\Kishen\Local Settings\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 18:02 . 2009-02-05 09:01 -------- d-----w- e:\documents and settings\Kishen\Application Data\uTorrent
2009-07-31 02:03 . 2009-07-31 02:03 4096 ----a-w- e:\windows\system32\01.tmp
2009-07-19 04:34 . 2009-06-28 02:33 -------- d-----w- e:\documents and settings\Kavitha\Application Data\uTorrent
2009-07-04 11:40 . 2009-02-08 02:05 -------- d-----w- e:\documents and settings\Kutty\Application Data\Skype
2009-07-04 08:08 . 2009-02-08 02:06 -------- d-----w- e:\documents and settings\Kutty\Application Data\skypePM
2009-07-02 13:43 . 2009-07-02 13:43 -------- d-----w- e:\program files\Common Files\Skype
2009-07-02 13:43 . 2009-07-02 13:43 -------- d-----r- e:\program files\Skype
2009-07-02 13:43 . 2009-02-08 02:05 -------- d-----w- e:\documents and settings\All Users\Application Data\Skype
2009-06-09 01:29 . 2009-02-12 23:39 410984 -c--a-w- e:\windows\system32\deploytk.dll
2009-06-09 01:28 . 2009-05-27 00:34 152576 -c--a-w- e:\documents and settings\Kutty\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-02 05:42 . 2009-05-05 09:26 38208 -c--a-w- e:\documents and settings\Kutty\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe (http://www.macromedia.com%5Cbin%5Cairappinstaller%5Cairappinstaller.exe)
2009-05-25 05:00 . 2009-05-25 04:54 29656 -c--a-w- e:\windows\hpoins03.dat
2009-03-21 14:06 . 2004-08-04 12:00 158467 --sha-r- e:\windows\system32\qkrynxkc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CM-SmWizard"="e:\windows\System\SmWizard.exe" [2003-08-29 1454080]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\WINDOWS\\system32\\sessmgr.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4618:TCP"= 4618:TCP:lrnju
S2 yqehk;Image Helper;e:\windows\system32\svchost.exe -k netsvcs [4/08/2004 8:00 PM 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;e:\program files\NOS\bin\getPlus_HelperSvc.exe [7/02/2009 8:40 PM 33752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
yqehk
.
Contents of the 'Scheduled Tasks' folder
2009-08-12 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - e:\documents and settings\Kishen\Application Data\Mozilla\Firefox\Profiles\42tb6yng.default\
---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 22:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yqehk]
"ServiceDll"="e:\windows\system32\qkrynxkc.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2396)
e:\progra~1\WINDOW~2\wmpband.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-12 22:21
ComboFix-quarantined-files.txt 2009-08-12 14:21
ComboFix2.txt 2009-08-12 14:09
Pre-Run: 1,696,088,064 bytes free
Post-Run: 1,686,687,744 bytes free
138 --- E O F --- 2009-05-12 02:48
any help will be greatly appreciated.
-----------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )