1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

BitDefender is turned off

Discussion in 'Virus & Other Malware Removal' started by Zara_Thustra, Jan 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Zara_Thustra

    Zara_Thustra Thread Starter

    Joined:
    Jan 25, 2006
    Messages:
    136
    I get told this by my windows security centre when I turn the machine on and it tells me the virus protection thingy is not enabled but when I open up bitdefender it seems fine

    Is it fine? Should I ignore my windows security centre?

    (make the answers easy please! Otherwise you could be here for days.............. hahahaha)
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    Please do the following:

    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Zara_Thustra

    Zara_Thustra Thread Starter

    Joined:
    Jan 25, 2006
    Messages:
    136
    o blimey ok I think I can follow this................

    Perhaps when sober .................

    Cookiegal ur a * - look for me tomorrow?

    xxxxxxxxxxxxxxxxxxx

    Z
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    No problem. You can do it. (y)
     
  5. Zara_Thustra

    Zara_Thustra Thread Starter

    Joined:
    Jan 25, 2006
    Messages:
    136
    Cheers Cookiegal - 2 bottles of champs in is NOT a good time to start reading instructions let alone download stufff!

    will deffo do tomorrow xxxxxxxxxxxxxxxxxxx

    wolfeymole said you were a lovely bunch and he was dead right :¬)
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    I agree, it's not wise to drink and download. :)
     
  7. Zara_Thustra

    Zara_Thustra Thread Starter

    Joined:
    Jan 25, 2006
    Messages:
    136
    Logfile of HijackThis v1.99.1
    Scan saved at 11:23:08, on 28/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Softwin\BitDefender8\bdmcon.exe
    C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
    C:\program files\softwin\bitdefender8\bdnagent.exe
    C:\Program Files\Softwin\BitDefender8\bdswitch.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender

    Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Softwin\BitDefender8\vsserv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\BigFix\BigFix.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.msn.co.uk
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.google.co.uk/
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670}

    - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}

    - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut]

    HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program

    Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media

    Reader\shwiconem.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BDMCon] C:\Program

    Files\Softwin\BitDefender8\\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] C:\Program

    Files\Softwin\BitDefender8\\bdoesrv.exe
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program

    Files\Softwin\BitDefender8\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program

    Files\Softwin\BitDefender8\\bdswitch.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program

    Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

    /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
    O8 - Extra context menu item: &Google Search - res://c:\program

    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program

    files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://c:\program

    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program

    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English -

    res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

    Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

    Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Yahoo! Services -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

    Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

    C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

    - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw

    eb_site.cab?1120216131875
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m

    uweb_site.cab?1120216256484
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

    Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

    (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

    http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5)

    - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown

    Class) -

    http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll

    sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -

    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe"

    /service (file missing)
    O23 - Service: C-DillaCdaC11BA - Macrovision -

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program

    Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

    C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SmartLinkService (SLService) - -

    C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner -

    C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner -

    C:\Program Files\Common Files\Softwin\BitDefender

    Communicator\xcommsvr.exe" /service (file missing)
     
  8. Zara_Thustra

    Zara_Thustra Thread Starter

    Joined:
    Jan 25, 2006
    Messages:
    136
    I love the bit in the instructions where it says "show it to someone knowledgeable!"

    :¬)
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
    I recommend that you uninstall LimeWire as downloading copyright material is illegal and is the source of many infections.


    Rescan with HijackThis, close all browser windows, put a check mark beside this entry and then click "fix checked".

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)


    Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.

    Click here for info on how to boot to safe mode if you don't already know how.


    Restart your computer into safe mode now.


    Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop


    Do a Panda Active Scan. Be sure to save the log it creates.


    Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.
     
  10. Zara_Thustra

    Zara_Thustra Thread Starter

    Joined:
    Jan 25, 2006
    Messages:
    136
    wow cookiegal! thanks ever so - will get right on it (probs tomorrow as hubs will certainly kick off about the limewire thingy)

    xxxxxxxxxxxxxxxx
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,031
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - BitDefender turned
  1. toosunNeo
    Replies:
    9
    Views:
    911
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437669

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice