Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with mbs.dll autochk.dll protect.dll chkdisk.dll


  • This topic is locked This topic is locked
1 reply to this topic

#1 elitetran07

elitetran07

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 10 May 2009 - 02:22 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Tsai at 2:14:02.65 on Sun 05/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.586 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Tsai.YOUR-HHPR73TOCE\Desktop\Security Task Manager\TaskMan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tsai.YOUR-HHPR73TOCE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [autochk] rundll32.exe c:\docume~1\tsai~1.you\protect.dll,_IWMPEvents@16
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [AsusACPIServer]
dRun: [autochk] rundll32.exe c:\windows\system32\config\system~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\tsai.your-hhpr73toce\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\tsai~1.you\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\gajulebi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tsai~1.you\applic~1\mozilla\firefox\profiles\847ewh8u.default\

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-9 226832]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-8-8 11264]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-31 36864]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-9 38496]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-7-31 25088]

=============== Created Last 30 ================

2009-05-10 01:59 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-10 01:59 24,064 a--sh--- c:\documents and settings\tsai.your-hhpr73toce\protect.dll
2009-05-10 01:59 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-09 21:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-09 21:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 21:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-09 18:11 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-05-09 18:11 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-05-09 18:10 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-09 18:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-05-09 15:56 1 a------- c:\windows\system32\uniq.tll
2009-05-07 11:17 <DIR> --d----- c:\program files\MSXML 4.0
2009-05-07 11:17 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-06 17:46 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\LimeWire
2009-05-06 17:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-06 17:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-06 17:37 <DIR> --d----- c:\program files\LimeWire
2009-05-06 14:03 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
2009-05-06 14:00 <DIR> --d----- c:\program files\GGPO
2009-05-06 13:10 <DIR> --d----- c:\program files\DivX
2009-05-06 13:09 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-06 12:58 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-06 11:56 <DIR> --d-h--- c:\windows\PIF
2009-05-06 11:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-06 11:29 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-06 11:25 81,984 a------- c:\windows\system32\bdod.bin
2009-05-06 08:10 850 a------- c:\windows\system32\ProductTweaks.xml
2009-05-06 08:10 385 a------- c:\windows\system32\user_gensett.xml
2009-05-06 00:54 387 a------- c:\windows\system32\BDUpdateV1.xml
2009-05-06 00:37 <DIR> --d----- c:\windows\system32\logs
2009-05-06 00:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-05-05 23:21 <DIR> --d----- c:\program files\common files\BitDefender
2009-05-05 22:48 27,784 a------- c:\windows\system32\drivers\point32.sys
2009-05-05 22:48 <DIR> --d----- c:\program files\Microsoft IntelliPoint
2009-05-05 22:27 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-05-05 22:20 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-05 22:17 <DIR> --d----- c:\windows\system32\PreInstall
2009-05-05 22:17 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-05-05 22:08 <DIR> --d----- c:\windows\Downloaded Installations
2009-05-05 22:08 <DIR> --d----- c:\program files\AIM
2009-05-05 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-05 21:00 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\SUPERAntiSpyware.com
2009-05-05 20:40 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-05 20:40 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-05 20:40 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-05 20:12 <DIR> --d----- c:\docume~1\tsai~1.you\applic~1\Malwarebytes
2009-05-05 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-05 19:19 268,648 a------- c:\windows\system32\mucltui.dll
2009-05-05 19:19 208,744 a------- c:\windows\system32\muweb.dll
2009-05-05 19:02 <DIR> --ds---- c:\documents and settings\tsai.your-hhpr73toce\UserData
2009-05-05 18:58 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-05-05 18:57 <DIR> --d----- c:\documents and settings\Tsai.YOUR-HHPR73TOCE
2009-05-05 18:10 57,556 a------- c:\windows\guard.bmp
2009-05-05 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-04-15 18:33 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-15 15:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 15:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 15:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 15:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 15:24 684,032 a------- c:\windows\system32\DivX.dll

==================== Find3M ====================

2009-05-09 18:25 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-04-13 00:16 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 03:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 03:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-05-10 02:14 24,064 a--sh--- c:\windows\system32\autochk.dll

============= FINISH: 2:14:30.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 elitetran07

elitetran07
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 10 May 2009 - 12:43 PM

nevermind.. i have opted to reformat instead... please close this thread.. thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users