Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Anitvirus Monitor-keeps coming back


  • This topic is locked This topic is locked
2 replies to this topic

#1 FrustratedByMalware

FrustratedByMalware

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 13 March 2011 - 07:39 PM

Hi there,
I have the Antivirus Monitor virus/malware on my computer. I tried to clean it. First I ran rkill/iexplore. Then the Malwarebytes software. I checked for the files in the registry and the temp files and deleted what I could find. The virus blocks the internet until I uncheck the proxy boxes in the connections tab. (I downloaded all needed files on another computer and transferred via usb stick). After this did not work, I tried the superAntispyware program. It finds every time 4 viruses (forgot to write the names down, one has a "fake" in it), but that did not help either.

The viruses seem to go away and everything works fine, until a while later the Antivirus Monitor appears again.

I feel that I followed the instructions very closely. I had success with the programs to get rid of other viruses/malware, but this one, I just don't seem to get rid of.
I have some computer knowledge, but now I am stumped.
Thank you so much for your help.

I paste below the dds.txt file and attach the attach.txt and ark.txt files.
I really appreciate your help.

+++++++++++++++++++++++++++
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin at 17:02:50.75 on Sun 03/13/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.156 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
D:\Windows\system32\svchost.exe -k RPCSS
D:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
D:\Windows\system32\atiesrxx.exe
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\atieclxx.exe
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\Cobian Backup 10\cbVSCService.exe
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Windows\SSDriver\fi5110\SsWiaChecker.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe
D:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
D:\Windows\system32\SearchIndexer.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Program Files\Cobian Backup 10\Cobian.exe
D:\Program Files\Cobian Backup 10\cbInterface.exe
D:\Windows\system32\vssvc.exe
D:\Windows\System32\svchost.exe -k swprv
D:\Windows\system32\taskhost.exe
D:\Windows\system32\WUDFHost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Windows\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Users\Admin\Desktop\Defogger.exe
D:\Windows\system32\conhost.exe
D:\Users\Admin\Desktop\dds.scr
D:\Windows\system32\conhost.exe
D:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [updateMgr] "d:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcStd7_1_0 -reboot 1
mRun: [Acrobat Assistant 7.0] "d:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [RestartNeroSetup] "d:\users\adil\appdata\local\temp\nero web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" OS_UPDATED="1" STUB="1" UPGRADE="1"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] d:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Display] d:\program files\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [ScanSnap WIA Service Checker] d:\windows\ssdriver\fi5110\SsWiaChecker.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSC] "d:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [SPReview] "d:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: d:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - d:\windows\installer\{ac76ba86-1033-f400-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: d:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - d:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: d:\progra~2\micros~1\windows\startm~1\programs\startup\cardmi~1.lnk - d:\program files\pfu\scansnap\cardminder v3.1\CardLauncher.exe
StartupFolder: d:\progra~2\micros~1\windows\startm~1\programs\startup\conver~1.lnk - d:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
StartupFolder: d:\progra~2\micros~1\windows\startm~1\programs\startup\scansn~1.lnk - d:\program files\pfu\scansnap\driver\PfuSsMon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\users\admin\appdata\roaming\mozilla\firefox\profiles\n5daymgu.default\
FF - component: d:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: d:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - d:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKslcb13bfad;MpKslcb13bfad;d:\programdata\microsoft\microsoft antimalware\definition updates\{b4e3bbe2-bbb0-470f-a0b8-779e594b038d}\MpKslcb13bfad.sys [2011-3-13 28752]
R2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;d:\program files\cobian backup 10\cbVSCService.exe [2011-3-13 67584]
R2 SpyHunter 4 Service;SpyHunter 4 Service;d:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000]
R3 MpNWMon;Microsoft Malware Protection Network Driver;d:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 NisDrv;Microsoft Network Inspection System;d:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;d:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;d:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2011-2-22 15872]
S3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\TsUsbFlt.sys [2011-2-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
.
=============== Created Last 30 ================
.
2011-03-13 23:14:20 28752 ----a-w- d:\progra~2\microsoft\microsoft antimalware\definition updates\{b4e3bbe2-bbb0-470f-a0b8-779e594b038d}\MpKslcb13bfad.sys
2011-03-13 23:12:34 -------- d-----w- d:\users\admin\appdata\local\Safe mirror
2011-03-13 23:12:19 -------- d-----w- d:\program files\Cobian Backup 10
2011-03-13 22:50:28 388096 ----a-r- d:\users\admin\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-13 22:50:28 -------- d-----w- d:\program files\Trend Micro
2011-03-13 21:07:58 5943120 ----a-w- d:\progra~2\microsoft\microsoft antimalware\definition updates\{b4e3bbe2-bbb0-470f-a0b8-779e594b038d}\mpengine.dll
2011-03-13 04:23:48 -------- d-----w- d:\users\admin\appdata\roaming\SUPERAntiSpyware.com
2011-03-13 04:23:48 -------- d-----w- d:\progra~2\SUPERAntiSpyware.com
2011-03-09 09:57:16 642048 ----a-w- d:\windows\system32\CPFilters.dll
2011-03-09 09:57:16 534528 ----a-w- d:\windows\system32\EncDec.dll
2011-03-09 09:57:15 850944 ----a-w- d:\windows\system32\sbe.dll
2011-03-09 09:57:15 199680 ----a-w- d:\windows\system32\mpg2splt.ax
2011-03-09 09:57:14 805376 ----a-w- d:\windows\system32\FntCache.dll
2011-03-09 09:57:13 739840 ----a-w- d:\windows\system32\d2d1.dll
2011-03-09 09:57:13 1076736 ----a-w- d:\windows\system32\DWrite.dll
2011-03-07 13:10:51 -------- d-----w- d:\program files\CCleaner
2011-03-05 13:55:16 16856 ----a-w- d:\program files\mozilla firefox\plugin-container.exe
2011-03-05 13:55:15 719832 ----a-w- d:\program files\mozilla firefox\mozcpp19.dll
2011-02-25 09:52:17 439632 ------w- d:\progra~2\microsoft\microsoft antimalware\definition updates\{b8b556cb-8012-45e9-bdfa-e9e7dcba03f6}\gapaengine.dll
2011-02-25 01:32:38 110080 ----a-r- d:\users\admin\appdata\roaming\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconF7A21AF7.exe
2011-02-25 01:32:38 110080 ----a-r- d:\users\admin\appdata\roaming\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconD7F16134.exe
2011-02-25 01:32:38 -------- d-----w- d:\program files\Enigma Software Group
2011-02-25 01:32:27 -------- d-----w- d:\program files\common files\Wise Installation Wizard
2011-02-23 00:47:35 -------- d-----w- d:\windows\system32\SPReview
2011-02-23 00:46:31 -------- d-----w- d:\windows\system32\EventProviders
2011-02-23 00:41:59 864256 ----a-w- d:\program files\common files\system\ole db\oledb32.dll
2011-02-23 00:40:59 67584 ----a-w- d:\windows\system32\certprop.dll
2011-02-23 00:39:17 780288 ----a-w- d:\windows\system32\wbem\wbemcore.dll
2011-02-23 00:39:17 606208 ----a-w- d:\windows\system32\wbem\fastprox.dll
2011-02-23 00:39:17 363008 ----a-w- d:\windows\system32\wbemcomn.dll
2011-02-23 00:39:17 351232 ----a-w- d:\windows\system32\wmicmiplugin.dll
2011-02-23 00:38:46 697344 ----a-w- d:\windows\system32\SmiEngine.dll
2011-02-23 00:38:33 209920 ----a-w- d:\windows\system32\PkgMgr.exe
2011-02-23 00:38:33 189952 ----a-w- d:\windows\system32\wdscore.dll
2011-02-23 00:37:44 323072 ----a-w- d:\windows\system32\drvstore.dll
2011-02-23 00:37:43 257024 ----a-w- d:\windows\system32\dpx.dll
2011-02-23 00:17:09 870912 ----a-w- d:\windows\system32\XpsPrint.dll
2011-02-23 00:17:09 288256 ----a-w- d:\windows\system32\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-02-23 01:08:30 152576 ----a-w- d:\windows\system32\msclmd.dll
2011-01-07 07:45:57 34304 ----a-w- d:\windows\system32\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- d:\windows\system32\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- d:\windows\system32\atmfd.dll
2011-01-05 05:55:55 428032 ----a-w- d:\windows\system32\vbscript.dll
2011-01-05 03:51:01 2330624 ----a-w- d:\windows\system32\win32k.sys
2010-12-17 07:07:55 542208 ----a-w- d:\windows\system32\kerberos.dll
.
============= FINISH: 17:04:17.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:26 AM

Posted 17 March 2011 - 08:18 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:26 AM

Posted 22 March 2011 - 07:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users