Critical Error: Realtime Protection Is Disabled

cstromek

I received a "critical error" when accessing my local public library on line. I sent an error report to BitDefender. I checked the systray, I got a "CRITICAL" -- it was on PCP2 - scanning was turned off. But when I checked the advanced settings, scanning is checked to be "on". When I try to use the "Fix" link, or "Fix All Errors" button, nothing happens.

I do NOT see the bitDefender indication that it is scanning my incoming email. (Which I HAD to download inorder to log into this website). Nothing in Help -- helps.

Help!

Stromie

1715 EDT

Niels

Hello stromie,

Please download Deckard's System Scanner. You need to save it on your desktop. Close all other applications and windows. First right click on dss(.exe) and choose for run as administrator. Now double click on dss(.exe) Confirm the warnings. It can take a while. Please copy the content of main and extra textfiles. Extra will be minimized and paste it at your next post. Because it will be large spread them about a few posts.

Kind regards,

Niels

msmihai

Deckard's System Scanner v20071014.68

Run by Carol on 2008-08-09 12:58:51

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

71: 2008-08-09 16:59:03 UTC - RP738 - Deckard's System Scanner Restore Point

70: 2008-08-08 15:54:18 UTC - RP737 - System Checkpoint

69: 2008-08-06 02:51:17 UTC - RP736 - System Checkpoint

68: 2008-08-04 16:47:44 UTC - RP735 - System Checkpoint

67: 2008-08-02 23:23:46 UTC - RP734 - System Checkpoint

-- First Restore Point --

1: 2008-05-19 00:18:09 UTC - RP668 - Configured Microsoft Office Professional 2007

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Carol.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:10:03 PM, on 8/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAheadInCDInCDsrv.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOW###plorer.EXE

C:WINDOWSAGRSMMSG.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.EXE

C:Program FilesAheadInCDInCD.exe

C:Program FilesJavajre1.6.0_03binjusched.exe

C:Program FilesBitDefenderBitDefender 2008bdagent.exe

C:WINDOWSSOUNDMAN.EXE

C:PROGRA~1ScanSoftPAPERP~1PPWebCap.exe

C:WINDOWSsystem32ctfmon.exe

C:PROGRA~1ANYTIM~1worldtime.exe

C:Program FilesSpybot - Search & DestroyTeaTimer.exe

C:Program FilesAdobePhotoshop Elements 4.0PhotoshopElementsFileAgent.exe

C:Documents and SettingsAll UsersApplication DataU3U3LauncherLaunchU3.exe

c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32ups.exe

C:WINDOWSsystem32SearchIndexer.exe

C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe

C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe

C:Program FilesCanonCALCALMAIN.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesJavajre1.6.0_03binjucheck.exe

C:Program FilesBitDefenderBitDefender 2008vsserv.exe

C:Documents and SettingsCarolMy DocumentsMy DownloadsDownloaded Programsdss.exe

C:WINDOWSsystem32SearchProtocolHost.exe

C:PROGRA~1TRENDM~1HIJACK~1Carol.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.thebreastcancersite.com/clickTo....faces?siteId=2

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:Program FilesBitDefenderBitDefender 2008IEToolbar.dll

O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot

O4 - HKLM..Run: [EPSON Stylus Photo R320 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"

O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"

O4 - HKLM..Run: [inCD] C:Program FilesAheadInCDInCD.exe

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.6.0_03binjusched.exe

O4 - HKLM..Run: [bDAgent] "C:Program FilesBitDefenderBitDefender 2008bdagent.exe"

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime

O4 - HKCU..Run: [PPWebCap] C:PROGRA~1ScanSoftPAPERP~1PPWebCap.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [worldtime.exe] C:PROGRA~1ANYTIM~1worldtime.exe nosplash

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [EPSON Stylus Photo R320 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: LaunchU3.exe.lnk = ?

O8 - Extra context menu item: Create BigJig puzzle - C:Program FilesJigMakejm.htm

msmihai

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105380882904

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:Program FilesAdobePhotoshop Elements 4.0PhotoshopElementsFileAgent.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:Program FilesBitDefenderBitDefender 2008vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe

--

End of file - 7852 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 BDSelfPr - c:program filesbitdefenderbitdefender 2008bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:program filesadobephotoshop elements 4.0photoshopelementsfileagent.exe

R2 CCALib8 (Canon Camera Access Library 8) - c:program filescanoncalcalmain.exe <Not Verified; Canon Inc.; >

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-09 09:30:26 422 --ah----- C:WINDOWSTasksUser_Feed_Synchronization-{DA55AED8-C9D2-4EA8-B841-EF3A7C2F3BC5}.job

2008-08-02 17:41:08 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job

2007-10-31 13:09:22 240 --a------ C:WINDOWSTasksSpybot - Search & Destroy - Scheduled Task.job

2007-01-02 13:27:21 106 --a------ C:WINDOWSTasksUPS System Shutdown Program.job

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 13:09:29 0 d-------- C:Program FilesTrend Micro

2008-08-02 18:18:09 0 d-------- C:Program FilesSafari

2008-08-02 18:04:28 0 d-------- C:Program FilesQuickTime

2008-08-02 18:04:25 0 d-------- C:Documents and SettingsAll UsersApplication DataApple Computer

2008-07-30 21:29:29 0 d-------- C:Documents and SettingsCarolJack's MP3 files

2008-07-25 23:53:04 0 d-------- C:WINDOWSsystem32CatRoot_bak

2008-07-17 15:50:02 0 d-------- C:Program FilesApple Software Update

2008-07-17 15:50:02 0 d-------- C:Documents and SettingsAll UsersApplication DataApple

2008-07-16 22:06:32 0 d-------- C:Documents and SettingsCarolMy Unused Fonts

2008-07-16 20:18:47 0 d-------- C:Program FilesFontPage

2008-07-10 02:09:07 0 d-------- C:WINDOWSSQL9_KB948109_ENU

-- Find3M Report ---------------------------------------------------------------

2008-08-09 13:09:40 81984 --a------ C:WINDOWSsystem32bdod.bin

2008-08-09 10:22:18 0 d-------- C:Program FilesBigJig

2008-08-09 09:40:50 0 d-------- C:Program FilesMozilla Thunderbird

2008-08-08 11:27:27 1327 --a------ C:WINDOWSEntPack.dat

2008-08-04 17:09:29 0 d-------- C:Documents and SettingsCarolApplication DataU3

2008-08-03 13:55:39 0 d-------- C:Documents and SettingsCarolApplication DataApple Computer

2008-08-02 18:27:01 0 d-------- C:Program FilesWindows Media Connect 2

2008-07-26 09:22:43 0 d-------- C:Program FilesAstra Jigsaw Art Edition

2008-07-10 02:09:52 0 d-------- C:Program FilesMicrosoft SQL Server

2008-06-24 01:26:32 0 d-------- C:Program FilesMSECache

2008-06-21 12:17:13 0 d-------- C:Program FilesMicrosoft.NET

msmihai

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:WINDOWSAGRSMMSG.exe]

"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [02/02/2006 04:59 PM]

"EPSON Stylus Photo R320 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.exe" [04/26/2004 03:00 AM]

"Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" []

"atr.exe"="" []

"InCD"="C:Program FilesAheadInCDInCD.exe" [07/25/2005 12:01 PM]

"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_03binjusched.exe" [09/25/2007 01:11 AM]

"BDAgent"="C:Program FilesBitDefenderBitDefender 2008bdagent.exe" [07/02/2008 11:24 AM]

"SoundMan"="SOUNDMAN.EXE" [04/16/2007 04:28 PM C:WINDOWSSOUNDMAN.EXE]

"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [05/27/2008 10:50 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"PPWebCap"="C:PROGRA~1ScanSoftPAPERP~1PPWebCap.exe" [03/01/2000 10:37 AM]

"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 08:00 AM]

"worldtime.exe"="C:PROGRA~1ANYTIM~1worldtime.exe" [11/04/2005 10:07 AM]

"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [01/28/2008 11:43 AM]

"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [10/13/2004 12:24 PM]

"EPSON Stylus Photo R320 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.exe" [04/26/2004 03:00 AM]

C:Documents and SettingsAll UsersStart MenuProgramsStartup

Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [4/23/2008 3:38:16 AM]

LaunchU3.exe.lnk - C:WINDOWSInstaller{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}_294823.exe [5/17/2008 11:47:14 AM]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo

ks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:Program FilesWindows Desktop SearchMSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]

"SpybotSnD"="C:Program FilesSpybot - Search & DestroySpybotSD.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]

bdx scan

*Newly Created Service* - 2158D933

*Newly Created Service* - 9480C09C

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

8744 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-09 13:12:41 ------------

I managed to manually correct the problem -- I went in about "three layers" and found a way to toggle everything back to the way it was. Now, it is not showing the critical error, but when it starts up, the two little black boxes have "X"s on them for about 2-3 minutes. (am I vulnerable then?)

Thanks,

C Stromek (stromie)

end of report

Niels

Hello stromie,

I couldn't find anything suspicious. But I will have a better look tomorrow. Please uninstall BitDefender. Download this uninstall tool. First right click on the red BitDefender icon near the system tray press on exit. Wait a few seconds. Afterwards double click on the BitDefender uninstall tool. You will be asked to reboot your computer do so. Now install BitDefender again. But please disable Spybot Teatimer before starting the installation off BitDefender. That could be the cause here you can find how to do that.

Kind regards,

Niels