Bitdefender Freezing Taskbar?
Hi
Ever since I installed Bitdefender, my taskbar seems to inexplicably freeze at times. It's almost as if it is hogging my memory, and the pc just hangs until resources are made available. I've performed spybot and and adaware diagnostics, and done a virus check - to little avail. I'm thinking of uninstalling BD and asking for my money back.
At an rate, here's my log - any comments welcome and appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:46 AM, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Macromed\squid\sbin\squid.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Macromed\squid\libexec\unlinkd.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Evoluent\VMouse\EvoMouExec.exe
C:\Program Files\MouseTool\MouseTool.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slate.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: MouseTool.lnk = C:\Program Files\MouseTool\MouseTool.exe
O4 - Global Startup: Evoluent Mouse Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Internet - SQUID Web Proxy Cache - http://www.squid-cache.org/ - C:\WINDOWS\system32\Macromed\squid\sbin\squid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8286 bytes
Comments
-
The log looks ok !
Nevertheless, your PC may contain viruses, so I suggest you to run ComboFix that will investigate and eliminate all infections it may found (if it has them in its database).
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here.0 -
Thanks for the quick and helpful reply crysty
...and here's the combo log as requested
ComboFix 08-06-20.4 - Compaq_Owner 2008-06-28 22:55:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.640 [GMT 10:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Owner\Application Data\inst.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\mlkkj.tmp
\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-28 19:34 . 2008-06-28 19:34 <DIR> d-------- C:\Program Files\iolo
2008-06-28 19:34 . 2008-06-19 17:15 918,368 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-06-28 19:34 . 2008-06-16 19:21 29,696 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-06-28 19:34 . 2008-06-06 16:55 8,704 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-06-28 18:46 . 2008-06-28 18:46 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-28 18:46 . 2008-06-28 18:46 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-06-28 18:45 . 2008-06-28 19:42 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\iolo
2008-06-28 18:45 . 2008-06-28 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-06-28 18:45 . 2008-06-28 18:45 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-06-28 06:23 . 2008-06-28 06:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 05:50 . 2008-06-28 05:50 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2008-06-26 20:50 . 2008-06-26 20:50 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-26 20:50 . 2008-06-28 05:51 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-06-26 07:34 . 2008-06-28 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 07:07 . 2008-06-28 05:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-26 07:07 . 2008-06-28 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 23:19 . 2008-06-13 23:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 23:19 . 2008-06-13 23:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 18:49 . 2008-06-11 18:49 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-11 18:48 . 2008-06-28 05:50 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-11 06:21 . 2008-06-28 05:50 <DIR> d-------- C:\Program Files\PowerISO
2008-06-09 12:48 . 2008-03-22 06:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-09 12:48 . 2008-05-31 01:22 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-06-09 12:48 . 2008-03-22 06:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-06-09 12:07 . 2008-06-28 05:50 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-09 12:07 . 2008-01-10 22:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-09 12:07 . 2006-09-25 01:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-09 12:07 . 2004-01-26 02:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-09 12:07 . 2007-09-05 02:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-09 12:07 . 2008-01-10 22:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-09 12:07 . 2007-09-21 10:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-09 12:07 . 2008-03-29 03:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-09 12:07 . 2007-07-11 02:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-09 12:07 . 2007-10-04 01:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-09 11:57 . 2008-06-28 05:50 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Dr. DivX 2.0 OSS
2008-06-08 20:00 . 2008-06-08 20:00 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-08 08:52 . 2008-06-08 08:52 <DIR> d-------- C:\Program Files\Webroot
2008-06-08 08:51 . 2008-06-08 08:51 164 --a------ C:\install.dat
2008-06-07 12:57 . 2008-06-07 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-07 12:52 . 2008-06-07 12:55 24 ---hs---- C:\WINDOWS\S8E7137FE.tmp
2008-06-07 08:59 . 2008-06-07 08:59 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-06-03 14:35 . 2008-06-04 18:23 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\mIRC
2008-05-30 21:14 . 2008-05-30 21:14 <DIR> d-------- C:\Program Files\uTorrent
2008-05-30 21:14 . 2008-06-28 05:49 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-05-28 20:45 . 2008-05-28 20:45 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 12:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-28 05:59 1,795 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\SAS7_000.DAT
2008-06-27 19:50 --------- d-----w C:\Program Files\DivX
2008-06-27 19:49 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\dvdcss
2008-06-27 19:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 12:53 --------- d-----w C:\Program Files\Soulseek
2008-06-22 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-15 03:58 --------- d-----w C:\Program Files\emule
2008-06-07 22:42 --------- d-----w C:\Program Files\Winamp
2008-06-07 02:49 47,360 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
2008-06-07 02:49 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-21 17:00 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-21 17:00 --------- d-----w C:\Program Files\BitDefender
2008-05-21 17:00 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Bitdefender
2008-05-21 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-21 16:27 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-14 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 10:44 --------- d-----w C:\Program Files\Foxit Software
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 12:15 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-29 12:15 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-04-11 02:45 101,096 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-11-29 05:11 206 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
.
------- Sigcheck -------
2005-05-26 05:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-14 03:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 22:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-31 02:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 22:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-11-29 21:03 359808 77c0c5e7d6cfe2052b8cf28b8722f528 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-03-04 23:51 359808 6af91ce5baa449eb9a72f17da063720c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-03-24 20:43 359808 8d8949936913b041c6a0e184fbf1030b C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-29 22:15 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-29 22:15 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-01-11 14:13 3330048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 02:21 50176 C:\WINDOWS\ALCXMNTR.EXE]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-10 02:46 360448]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
MouseTool.lnk - C:\Program Files\MouseTool\MouseTool.exe [2006-02-02 07:18:24 405504]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Evoluent Mouse Manager.lnk - C:\WINDOWS\Installer\{A8323EF0-1E8A-4385-93ED-F97963793042}\_3E7D7F8C756EC1A9420DE2.exe [2008-05-09 00:07:49 1150]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWinKeys"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe"
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"Active Desktop Calendar"=C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PS2"=C:\WINDOWS\system32\ps2.exe
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
"KBD"=C:\HP\KBD\KBD.EXE
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"AGRSMMSG"=AGRSMMSG.exe
"SoundMan"=SOUNDMAN.EXE
"Alcmtr"=ALCMTR.EXE
"AlcWzrd"=ALCWZRD.EXE
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10188:TCP"= 10188:TCP:*:Disabled:BitComet 10188 TCP
"10188:UDP"= 10188:UDP:*:Disabled:BitComet 10188 UDP
"10993:TCP"= 10993:TCP:*:Disabled:BitComet 10993 TCP
"10993:UDP"= 10993:UDP:*:Disabled:BitComet 10993 UDP
R2 Internet;Internet;C:\WINDOWS\system32\Macromed\squid\sbin\squid.exe [2005-10-29 09:19]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-06-19 16:59]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 22:00]
R3 evomouflt;Evoluent Mouse Filter Service;C:\WINDOWS\system32\DRIVERS\evomouflt.sys [2007-12-26 14:03]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 genmcmn;Evoluent Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys []
S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-30 05:29]
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-11 18:49]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-06-27 14:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 12:49:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 22:57:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Internet]
"ImagePath"="C:\WINDOWS\system32\Macromed\squid\sbin\squid.exe --ntservice:Internet"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-06-28 22:58:16
ComboFix-quarantined-files.txt 2008-06-28 12:58:05
Pre-Run: 121,937,965,056 bytes free
Post-Run: 122,056,372,224 bytes free
231 --- E O F --- 2008-06-19 23:48:300 -
Good !
Combo deleted some things !
Run a deep system scan with Bitdefender and SUPERAntiSpyware !0 -
Good !
Combo deleted some things !
Run a deep system scan with Bitdefender and SUPERAntiSpyware !
Thanks, I've done both - clean as a whistle and still works like crap.
0
