Virus Causing Blue Screen of Death! Can't remove.

PenelopePitstop · 09-15-2009, 03:49 PM

Hi Guys

Wonder if you can help me please. I keep getting the blue screen of death. My browser won't always work either. I've run NOD32 and Malware and it finds virus traces, but can't seem to clear them. They keep coming back.

Below (&attached) is the log, as requested.

DDS (Ver_09-07-30.01) - NTFSx86
Run by SeanKate at 21:47:23.95 on 15/09/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://uk.yahoo.com/?fr=fp-yie8
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: WebFerret: {a58686ed-fc46-44c3-95c6-4a812ab776f1} - c:\program files\ferretsoft\webferret\FerretBand.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] "c:\program files\realtek\installshield\AzMixerSel.exe"
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VZRemoteCommander] "c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe"
mRun: [TVTunerLib] "c:\program files\common files\sony shared\tvtunerlib\TVTLInstTool.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VAIO Update 4] "c:\program files\sony\vaio update 4\VAIOUpdt.exe" /Stationary
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter3.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\dlink\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.truprint.co.uk/TruprintActivia.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: bersk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\seankate\applic~1\mozilla\firefox\profiles\8ht9e4pe.default\
FF - component: c:\program files\mozilla firefox\components\FFConnectorLauncher.dll
FF - component: c:\program files\mozilla firefox\components\FFSource.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-14 22:02 <DIR> --d----- C:\sh4ldr
2009-09-14 22:00 <DIR> --d----- c:\program files\Enigma Software Group
2009-09-14 21:58 62,904 a---h--- c:\windows\system32\mlfcache.dat
2009-09-13 22:29 <DIR> --d----- C:\812907fa56c5c5c4b053
2009-09-13 20:39 <DIR> --d----- C:\1e91a62b64b041804528613560c62b
2009-09-11 22:34 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-11 22:32 <DIR> --d----- c:\program files\Cyber-D's AutoDelete
2009-09-11 22:18 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-09-09 20:05 <DIR> --d----- c:\program files\VS Revo Group
2009-09-08 20:10 175,616 a--s---- c:\windows\system32\drivers\xwoarh.sys
2009-08-22 20:00 <DIR> --d----- C:\xampp

==================== Find3M ====================

2009-09-13 20:37 156,570 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2007-06-16 13:57 5,936 a------- c:\documents and settings\seankate\mqdmwhnt.sys
2007-06-16 13:57 79,328 a------- c:\documents and settings\seankate\mqdmserd.sys
2007-06-16 13:57 92,064 a------- c:\documents and settings\seankate\mqdmmdm.sys
2007-06-16 13:57 9,232 a------- c:\documents and settings\seankate\mqdmmdfl.sys
2007-06-16 13:57 4,048 a------- c:\documents and settings\seankate\mqdmcr.sys
2007-06-16 13:57 6,208 a------- c:\documents and settings\seankate\mqdmcmnt.sys
2007-06-16 13:57 66,656 a------- c:\documents and settings\seankate\mqdmbus.sys
2007-06-16 13:57 25,600 a------- c:\documents and settings\seankate\usbsermptxp.sys
2007-06-16 13:57 22,768 ac------ c:\documents and settings\seankate\usbsermpt.sys
2007-05-13 08:21 87,608 a------- c:\docume~1\seankate\applic~1\ezpinst.exe
2007-05-13 08:21 47,360 a------- c:\docume~1\seankate\applic~1\pcouffin.sys
2005-12-10 23:06 265 ac------ c:\docume~1\seankate\applic~1\DelAll.bat
2003-10-22 15:25 1,424,917 a------- c:\documents and settings\seankate\Santas Workshop Screensaver.exe
2008-06-25 20:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062520080626\index.dat

============= FINISH: 21:49:46.93 ===============

PenelopePitstop · 09-17-2009, 12:12 PM

Did I beat you guys with this one, as I didn't hear anything back?

Ried · 09-18-2009, 01:01 PM

That is not the case at all, PenelopePitstop. One of our Security Analysts will get to your logs as soon as possible.

From our pre-posting topic .... New Instructions - Read This Before Posting for Malware Removal Help

Quote:

2. Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. Also please note that there are many more people in need of assistance than there are trained staff members who may assist. Patience for this free assistance is required. If there is an immediate need, please take the machine to a local technician.

If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words "BUMP, please" to move it forward. Do NOT bump the thread unless 72 hours has passed. We try to work from oldest to newest posts so your wait will be longer if you bump it forward before the 72 hours is up. When looking threads to respond to, we look for threads with 0 reply, or 1 reply. If you bump, or add a post prior to the 72 hrs, your thread is highly likely to be overlooked by our queuing methods.

09-17-2009, 12:12 PM	#2 (permalink)
PenelopePitstop Registered User Join Date: Sep 2009 Posts: 3 OS: XP	Re: Virus Causing Blue Screen of Death! Can't remove. Did I beat you guys with this one, as I didn't hear anything back?