How can BitDefender (bdss) be a maleware?

[akin]

Hi,
I need advice. Hijackthis told me bit defender dll's are bad and to be removed. I post a (very) detailed history of my worries and scans, just in case you need more details to understand what is the problem. If not, the two hijackthis runs I made are:

http://hjt.networktechs.com/parse.php?log=320865

http://hjt.networktechs.com/parse.php?log=321219

I never neglected firewalls, anti-spies, anti-viruses, never ever visited any suspicious site, this really turns me mad.

I really, truly appreciate any help, particularly because, I know it is not an easy problem (read below).

*****Details****

Recently, I noticed my pc got slow (big suprise!). Also, when I was turning off the computer, every now and then, just before it turned of (the blueish screen which says "windows is shutting down") a message box appeared saying "smc.exe cannot access memory at xxx" where xxx is some numbers and letters (a memory adress, righth?). As I once run daemon tools on my computer, I worried that some rootkit based infection might have occured, or that bitdefender and sygate firewalls (smc.exe is sygate process) had a conflict.

I tried to make a diagnostic using software I have back then (AVG anti-virus free, BitDefender, Ad-aware, Spybot, sygate firewall). As usual (as my previous scans), BitDefender found nothing, Spybot found StatCounter (and something else I dont remember the name), Ad-aware found a tracking cookie from Toshiba (my laptop is a Toshiba). I run hijackthis and used the automatic parser of iamnotageek (at that time, i was not aware of the readmebeforeposting, so I just run it on normal windows). It found nothing interesting, i recognized all of the process.

I was not satisfied, I installed Kaspersky Internet Security. I never got it to run! I mean it installed, it started, etc. but I never finished any analysis the computer jammed. I uninstalled.

I installed spyeraser and avg anti-spyware. Spyeraser found several things, I deleted them (by the way, system restore was activated). As soon as I deleted them, the active guard of spyeraser generated a message saying that some things tried to add themselves to trusted sites, and that appinit_dll tried to add some unknown dll. I blocked and spyeraser gave an error message and shut down. I relaunched spyeraser, it told me about appinit_dll. I checked n the internet, and found out that this file was usually harmless. I allowed to see what would happen.

Well, nothing happend (that I noticed).

Avg spyware updated with difficulty, I run a scan. Found some things which I deleted (system restore was still on and windows not on safe mode; I know i know). Nothing changed except that the day after spyeraser could not load its active guard, which, when I tried to run, shut down.

Then I noticed something odd. Bit defender (bdss.exe) was consuming all the CPU power, around 80-99 per cent. It did not do that before. At first, I thought that some maleware has infected my pc and that bdss tried to locate it or something.

Then I run hijackthis (still with system restore activated and windows normal session). The automatic parser told me that many bitdefender dll's were "Bad, always to be removed" jsut like a dll called WPDShServiceObj.dll. You may find the log here:

http://hjt.networktechs.com/parse.php?log=320865

Then, after some search on the forum, I found out how to run hijackthis properly and I followed step by step. I run avg spyware, windows defender, microsoft maleware removal tool, atf cleaner, etc. within the order indicated, disabling system restore, and in safe mode when indicated as in ReadMeBeforePosting. I renamed hijacthis to hjkscan which is located in program files. here is the log:

http://hjt.networktechs.com/parse.php?log=321219

As you see, it just indicated WPDShServiceObj.dll as bad and to be removed. On some other forum I learned that this is used by windows media player 11 beta. The bdss dll's were no more signaled to be bad.

But bdss still starts suddenly to go wild every now and then (not any scheduled scans), spyeraser still find the same type of spyware (casinoroyal, etc. ) and after removing them indicated somthing tried to add itself to internet explorer then exits with error. Avg spyware, spybot, microsoft defender, avg anti-rootkit, microsoft maleware removal and bitdefender scans find nothing.
The only thing that I notice is that bitdefender dll's do not have an owner.

And I have no clue what to do. By the way, I never use internet explorer, but only the most recent version of firefox.
Should I uninstall bitdefender or media player 11 beta?

[jholland1964]

May I ask you to please post a log which HAS NOT been run through the parser? These are terribly hard to read and analyze. Plus remember, this analyzer is not the end all and be all...these are ONLY SUGGESTIONS that you check out these things.
I believe the reason the bitdefender was flagged is that the file is MISSING not because it is bad.
But please give us just a plain old text file NOT one that is from the analyzer. Just either attach a text file or copy/paste the log here.
Thanks!
Judy

[akin]

Thanks. And
Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 22:17:14, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hjtscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.datron.com.tr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[jholland1964]

You are running two anti-virus programs...Bit Defender and AVG Anti-Virus 7.0....This is an absolute NO-NO. You should never ever run two anti-virus programs at the same time on the same machine. This can actually lessen your protection rather than increase it because they will battle each other rather than do the job they are designed to do. You must totally uninstall one of them...your choice but one MUST go.
You are also running at least a portion of Norton/symantec anti-virus also...this shows in this entry;
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Evidently at some time you also used and removed Norton Security Center. Look first in Add/Remove for Norton/Symantec. Uninstall anything found.
Next do a file search on the computer for anything Norton. Remove all found. Then do another search for anything Symantec and remove all found.
You have got to remove all but one anti-virus program.
You also mention using Spyeraser...don't. I don't see it here in the log but it does NOT get very good reviews, UNINSTALL it. Stick with the others you mention.
You said you use Sygate Firewall...where is it? Your HJT log does not show any firewall running.
You also state that you NEVER use Internet Explorer, if this is the case then why are you using Ashampoo PopUp Blocker for Internet Explorer? This is totally unnecessary. Firefox has a pop-up blocker, there is no need for an outside one. Uninstall this also.
Your O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
is a perfectly legitimate file. Don't worry about it. It's found on many computers. It is not a problem. Windows Media Player 11 is also fine.
Your main problem is TOO many security programs running at the same time this is why the computer is slow. I see nothing in your log, except the extra anti-virus programs which would definitely cause you a problem.

[akin]

Thanks a lot. Thanks a lot. Thanks a lot lot.