Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

 
Closed TopicStart new topic
> Infected with mbs.dll autochk.dll protect.dll chkdisk.dll, viruses return after restart.. please help me remove them
elitetran07
post May 10 2009, 02:22 AM
Post #1


New Member
*

Group: Members
Posts: 2
Joined: 10-May 09
Member No.: 330,286

DDS (Ver_09-03-16.01) - NTFSx86
Run by Tsai at 2:14:02.65 on Sun 05/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.586 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Tsai.YOUR-HHPR73TOCE\Desktop\Security Task Manager\TaskMan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tsai.YOUR-HHPR73TOCE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [autochk] rundll32.exe c:\docume~1\tsai~1.you\protect.dll,_IWMPEvents@16
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [AsusACPIServer]
dRun: [autochk] rundll32.exe c:\windows\system32\config\system~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\tsai.your-hhpr73toce\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\tsai~1.you\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\gajulebi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tsai~1.you\applic~1\mozilla\firefox\profiles\847ewh8u.default\

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-9 226832]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-8-8 11264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-31 36864]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-9 38496]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-7-31 25088]

=============== Created Last 30 ================

2009-05-10 01:59 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-10 01:59 24,064 a--sh--- c:\documents and settings\tsai.your-hhpr73toce\protect.dll
2009-05-10 01:59 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-09 21:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-09 21:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 21:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-09 18:11 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-05-09 18:11 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-05-09 18:10 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-09 18:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-05-09 15:56 1 a------- c:\windows\system32\uniq.tll
2009-05-07 11:17 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-07 11:17 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-06 17:46 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\LimeWire
2009-05-06 17:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-06 17:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-06 17:37 <DIR> --d----- c:\program files\LimeWire
2009-05-06 14:03 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
2009-05-06 14:00 <DIR> --d----- c:\program files\GGPO
2009-05-06 13:10 <DIR> --d----- c:\program files\DivX
2009-05-06 13:09 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-06 12:58 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-06 11:56 <DIR> --d-h--- c:\windows\PIF
2009-05-06 11:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-06 11:29 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-06 11:25 81,984 a------- c:\windows\system32\bdod.bin
2009-05-06 08:10 850 a------- c:\windows\system32\ProductTweaks.xml
2009-05-06 08:10 385 a------- c:\windows\system32\user_gensett.xml
2009-05-06 00:54 387 a------- c:\windows\system32\BDUpdateV1.xml
2009-05-06 00:37 <DIR> --d----- c:\windows\system32\logs
2009-05-06 00:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-05-05 23:21 <DIR> --d----- c:\program files\common files\BitDefender
2009-05-05 22:48 27,784 a------- c:\windows\system32\drivers\point32.sys
2009-05-05 22:48 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2009-05-05 22:27 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-05 22:20 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-05 22:17 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-05 22:17 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-05-05 22:08 <DIR> --d----- c:\windows\Downloaded Installations
2009-05-05 22:08 <DIR> --d----- c:\program files\AIM
2009-05-05 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-05 21:00 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\SUPERAntiSpyware.com
2009-05-05 20:40 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-05 20:40 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-05 20:40 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-05 20:12 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\Malwarebytes
2009-05-05 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 19:19 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-05 19:19 208,744 a------- c:\windows\system32\muweb.dll
2009-05-05 19:02 <DIR> --ds---- c:\documents and settings\tsai.your-hhpr73toce\UserData
2009-05-05 18:58 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-05-05 18:57 <DIR> --d----- c:\documents and settings\Tsai.YOUR-HHPR73TOCE
2009-05-05 18:10 57,556 a------- c:\windows\guard.bmp
2009-05-05 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-04-15 18:33 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-15 15:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 15:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 15:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 15:24 684,032 a------- c:\windows\system32\DivX.dll

==================== Find3M ====================

2009-05-09 18:25 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-04-13 00:16 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 03:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 03:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-05-10 02:14 24,064 a--sh--- c:\windows\system32\autochk.dll

============= FINISH: 2:14:30.96 ===============
Attached File(s)
Attached File  Attach.zip ( 3.84k ) Number of downloads: 0
 
Go to the top of the page
 
+Quote Post
elitetran07
post May 10 2009, 12:43 PM
Post #2


New Member
*

Group: Members
Posts: 2
Joined: 10-May 09
Member No.: 330,286
nevermind.. i have opted to reformat instead... please close this thread.. thanks
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 02:10 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.