BleepingComputer.com: Infected with mbs.dll autochk.dll protect.dll chkdisk.dll

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Infected with mbs.dll autochk.dll protect.dll chkdisk.dll viruses return after restart.. please help me remove them

#1 User is offline   elitetran07 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 10-May 09

Posted 10 May 2009 - 02:22 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Tsai at 2:14:02.65 on Sun 05/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.586 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Tsai.YOUR-HHPR73TOCE\Desktop\Security Task Manager\TaskMan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tsai.YOUR-HHPR73TOCE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [autochk] rundll32.exe c:\docume~1\tsai~1.you\protect.dll,_IWMPEvents@16
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [AsusACPIServer]
dRun: [autochk] rundll32.exe c:\windows\system32\config\system~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\tsai.your-hhpr73toce\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\tsai~1.you\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\gajulebi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tsai~1.you\applic~1\mozilla\firefox\profiles\847ewh8u.default\

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-9 226832]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-8-8 11264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-31 36864]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-9 38496]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-7-31 25088]

=============== Created Last 30 ================

2009-05-10 01:59 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-10 01:59 24,064 a--sh--- c:\documents and settings\tsai.your-hhpr73toce\protect.dll
2009-05-10 01:59 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-09 21:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-09 21:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 21:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-09 18:11 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-05-09 18:11 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-05-09 18:10 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-09 18:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-05-09 15:56 1 a------- c:\windows\system32\uniq.tll
2009-05-07 11:17 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-07 11:17 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-06 17:46 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\LimeWire
2009-05-06 17:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-06 17:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-06 17:37 <DIR> --d----- c:\program files\LimeWire
2009-05-06 14:03 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
2009-05-06 14:00 <DIR> --d----- c:\program files\GGPO
2009-05-06 13:10 <DIR> --d----- c:\program files\DivX
2009-05-06 13:09 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-06 12:58 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-06 11:56 <DIR> --d-h--- c:\windows\PIF
2009-05-06 11:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-06 11:29 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-06 11:25 81,984 a------- c:\windows\system32\bdod.bin
2009-05-06 08:10 850 a------- c:\windows\system32\ProductTweaks.xml
2009-05-06 08:10 385 a------- c:\windows\system32\user_gensett.xml
2009-05-06 00:54 387 a------- c:\windows\system32\BDUpdateV1.xml
2009-05-06 00:37 <DIR> --d----- c:\windows\system32\logs
2009-05-06 00:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-05-05 23:21 <DIR> --d----- c:\program files\common files\BitDefender
2009-05-05 22:48 27,784 a------- c:\windows\system32\drivers\point32.sys
2009-05-05 22:48 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2009-05-05 22:27 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-05 22:20 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-05 22:17 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-05 22:17 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-05-05 22:08 <DIR> --d----- c:\windows\Downloaded Installations
2009-05-05 22:08 <DIR> --d----- c:\program files\AIM
2009-05-05 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-05 21:00 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\SUPERAntiSpyware.com
2009-05-05 20:40 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-05 20:40 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-05 20:40 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-05 20:12 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\Malwarebytes
2009-05-05 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 19:19 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-05 19:19 208,744 a------- c:\windows\system32\muweb.dll
2009-05-05 19:02 <DIR> --ds---- c:\documents and settings\tsai.your-hhpr73toce\UserData
2009-05-05 18:58 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-05-05 18:57 <DIR> --d----- c:\documents and settings\Tsai.YOUR-HHPR73TOCE
2009-05-05 18:10 57,556 a------- c:\windows\guard.bmp
2009-05-05 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-04-15 18:33 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-15 15:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 15:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 15:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 15:24 684,032 a------- c:\windows\system32\DivX.dll

==================== Find3M ====================

2009-05-09 18:25 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-04-13 00:16 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 03:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 03:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-05-10 02:14 24,064 a--sh--- c:\windows\system32\autochk.dll

============= FINISH: 2:14:30.96 ===============

Attached File(s)


#2 User is offline   elitetran07 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 10-May 09

Posted 10 May 2009 - 12:43 PM

nevermind.. i have opted to reformat instead... please close this thread.. thanks

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users