Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


desktop defender & other multiple viruses

  • This topic is locked This topic is locked
2 replies to this topic

#1 khyde


  • Members
  • 3 posts
  • Local time:06:09 PM

Posted 29 August 2010 - 04:49 PM

Started out with the desktop defender virus. Ran AVG virus scan and malware bytes. The malware bytes seemed to remove viruses. Finally installed another virus program Avira and it found more viruses. Once they were removed didn't find anymore. But when I open a web page, some times it will redirect me to a web page that appears to be spam. Still get pop up messages with a just in time debugger. Ran virus scans and malware bytes and usually don't find anything. This morning it did find a virus called RKIT. I ran 2 scans, 2nd one did not find anything, but computer still acts like something is on, mainly thru the redirecting of web pages. Followed instructions and hope I have everything, will post as asked. But when I tried to do the last step with the GMR.exe, I could get up to the scan but when it scanned I got a long error message. "A problem has been detected and windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: uflcrpoc.sys. page_fault_in_nonpaged_area" It goes on to say I need to restart computer. I did and retried scan and got same message. When I restart computer, computer comes up fine.

Here is my DDS log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Deb at 14:58:39.59 on Sun 08/29/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.484 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
C:Program FilesLavasoftAd-Awareaawservice.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesIntelModem Event MonitorIntelMEM.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesPIXELAImageMixer 3 SE Ver.4Transfer UtilityCameraMonitor.exe
C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
C:Program FilesPicabooPicabooPicabooMain.exe
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWindows LiveToolbarwltuser.exe
C:Documents and SettingsDebDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mdn.dakotaradiogroup.com/mdn/index.htm
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uWindow Title = Microsoft Internet Explorer provided by Venture Communications
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filesadobeacrobat 7.0activexAcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:program filesgoogleafeGoogleAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ap.exe] c:documents and settingsdebapplication datapcenterap.exe
mRun: [ehTray] c:windowsehomeehtray.exe
mRun: [SunJavaUpdateSched] c:program filesjavaj2re1.4.2_03binjusched.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:program filesati technologiesati control panelatiptaxx.exe"
mRun: [IntelMeM] c:program filesintelmodem event monitorIntelMEM.exe
mRun: [DVDLauncher] "c:program filescyberlinkpowerdvdDVDLauncher.exe"
mRun: [RealTray] c:program filesrealrealplayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [dla] c:windowssystem32dlatfswctrl.exe
mRun: [ISUSPM Startup] "c:program filescommon filesinstallshieldupdateserviceisuspm.exe" -startup
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [PinnacleDriverCheck] c:windowssystem32PSDrvCheck.exe -CheckReg
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [dscactivate] "c:program filesdell support centergs_agentcustomdsca.exe"
mRun: [DellSupportCenter] "c:program filesdell support centerbinsprtcmd.exe" /P DellSupportCenter
mRun: [ArcSoft Connection Service] c:program filescommon filesarcsoftconnection servicebinACDaemon.exe
mRun: [<NO NAME>]
mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /min
dRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
StartupFolder: c:docume~1debstartm~1programsstartuppicaboo.lnk - c:program filespicaboopicabooPicabooMain.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupadobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupadober~1.lnk - c:program filesadobeacrobat 7.0readerreader_sl.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupameric~1.lnk - c:program filesamerica online 9.0aoltray.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpphot~1.lnk - c:program fileshpdigital imagingbinhpqthb08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupimagem~1.lnk - c:program filespixelaimagemixer 3 se ver.4transfer utilityCameraMonitor.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupkodake~1.lnk - c:program fileskodakkodak easyshare softwarebinEasyShare.exe
IE: &Google Search - c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:program filesgoogleGoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:program filesgoogleGoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: Similar Pages - c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234113140296
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R?2 aawservice;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareaawservice.exe [2008-5-12 611664]
R1 avgio;avgio;c:program filesaviraantivir desktopavgio.sys [2010-8-15 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:program filesaviraantivir desktopsched.exe [2010-8-15 135336]
R2 AntiVirService;Avira AntiVir Guard;c:program filesaviraantivir desktopavguard.exe [2010-8-15 267432]
R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2010-8-15 60936]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-9-18 54752]
R2 mrtRate;mrtRate;c:windowssystem32driversMrtRate.sys [2006-2-26 34916]
S2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-08-29 19:55:45 0 ----a-w- c:documents and settingsdebdefogger_reenable
2010-08-29 19:13:23 664 ----a-w- c:windowssystem32d3d9caps.dat
2010-08-29 04:01:33 0 d-sh--w- C:found.000
2010-08-22 22:48:33 0 d-----w- C:temp
2010-08-16 23:59:17 7680 --sha-w- c:windowsThumbs.db
2010-08-15 23:57:15 0 d-----w- c:docume~1debapplic~1Avira
2010-08-15 23:44:41 60936 ----a-w- c:windowssystem32driversavgntflt.sys
2010-08-15 23:44:40 0 d-----w- c:program filesAvira
2010-08-15 23:44:40 0 d-----w- c:docume~1alluse~1applic~1Avira
2010-08-09 01:31:47 0 d-----w- c:windowspss
2010-08-08 17:45:05 0 d-----w- c:docume~1debapplic~1Malwarebytes
2010-08-08 17:44:21 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-08-08 17:44:20 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2010-08-08 17:44:19 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-08-08 17:44:19 0 d-----w- c:program filesMalwarebytes' Anti-Malware

==================== Find3M ====================

2010-08-29 19:58:54 565280 ----a-w- c:windowssystem32driverspuslgvk.sys
2010-08-22 21:23:24 5852 --sha-w- c:windowssystem32KGyGaAvL.sys
2010-06-14 14:31:20 744448 ------w- c:windowssystem32dllcachehelpsvc.exe
2006-02-25 05:44:15 251 ----a-w- c:program fileswt3d.ini

============= FINISH: 15:00:44.01 ===============

I may not be quick to respond as I will be gone a lot this week, but your help is greatly appreciated.


also I think I forgot to mention, after I did the first virus scan to remove the desktop defender, I started getting an annoying popup about just in time debugger. It is still there and you can't get rid of it. Not sure if it is part of virus or part of something being deleted but it is more annoying than the virus issues.

Also, not sure if worth mentioning but when I shut down tonight get a debugging script error (similar to the just in time debugger message except it was as shutting down) Sorry - I didn't get a chance to write down. Later tried to start up and just got black screen. Started up in safe mode and started to list devices then froze. Just shut down and left off for now.

Merged posts. ~ OB

Attached Files

Edited by khyde, 29 August 2010 - 10:29 PM.

BC AdBot (Login to Remove)


#2 khyde

  • Topic Starter

  • Members
  • 3 posts
  • Local time:06:09 PM

Posted 02 September 2010 - 06:42 PM

You can close this topic....decided to take somewhere to have cleaned and repaired. Thanks anyway

#3 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:09:09 AM

Posted 03 September 2010 - 12:17 AM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users