You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/
Thank you for your understanding.
My Computer Everytime Instal "scan" Its A Virus?
Everytime a setup open in my screen
The name of setup is "scan"
Please see this images!
Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 20:29:22, on 10-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:ProgramasFicheiros comunsBitDefenderBitDefender Update Servicelivesrv.exe
C:ProgramasBitDefenderBitDefender 2009vsserv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:ProgramasLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgramasAPCAPC PowerChute Personal Editionmainserv.exe
C:ProgramasComodoFirewallcmdagent.exe
C:WINDOWSsystem32HPZipm12.exe
C:ProgramasSpyware DoctorpctsAuxs.exe
C:ProgramasSpyware DoctorpctsSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:WINDOW###plorer.EXE
C:ProgramasMicrosoft IntelliType Protype32.exe
C:ProgramasATI TechnologiesATI.ACECore-StaticMOM.exe
C:WINDOWSsystem32msiexec.exe
C:WINDOWSRTHDCPL.EXE
C:ProgramasBitDefenderBitDefender 2009bdagent.exe
C:ProgramasMicrosoft OfficeOffice12GrooveMonitor.exe
C:ProgramasSpyware DoctorpctsTray.exe
C:ProgramasComodoFirewallcfp.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramasMSN MessengerMsnMsgr.Exe
C:ProgramasMessengermsmsgs.exe
C:ProgramasATI TechnologiesATI.ACECore-Staticccc.exe
C:ProgramasAPCAPC PowerChute Personal Editionapcsystray.exe
C:ProgramasBitDefenderBitDefender 2009seccenter.exe
C:WINDOWSsystem32notepad.exe
C:Documents and SettingsDiOgOAmbiente de trabalhoHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:ProgramasFicheiros comunsAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:ProgramasSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~3Office12GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramasFicheiros comunsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:ProgramasBitDefenderBitDefender 2009IEToolbar.dll
O4 - HKLM..Run: [startCCC] "C:ProgramasATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [type32] "C:ProgramasMicrosoft IntelliType Protype32.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [skyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [bDAgent] "C:ProgramasBitDefenderBitDefender 2009bdagent.exe"
O4 - HKLM..Run: [bitDefender Antiphishing Helper] "C:ProgramasBitDefenderBitDefender 2009IEShow.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:ProgramasMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [iSTray] "C:ProgramasSpyware DoctorpctsTray.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramasAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [COMODO Firewall Pro] "C:ProgramasComodoFirewallcfp.exe" -h
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgramasMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [MSMSGS] "C:ProgramasMessengermsmsgs.exe" /background
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:ProgramasSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramasMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramasMessengermsmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~3Office12GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:ProgramasFicheiros comunsMicrosoft SharedHelphxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1FICHEI~1SkypeSKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1FICHEI~1MICROS~1OFFICE12MSOXMLMF.DLL
O20 - AppInit_DLLs: C:WINDOWSsystem32guard32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:ProgramasLavasoftAd-Awareaawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:ProgramasAPCAPC PowerChute Personal Editionmainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:ProgramasFicheiros comunsBitDefenderBitDefender Arrakis ServerbinArrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:ProgramasComodoFirewallcmdagent.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:ProgramasFicheiros comunsBitDefenderBitDefender Update Servicelivesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:ProgramasSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:ProgramasSpyware DoctorpctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:ProgramasBitDefenderBitDefender 2009vsserv.exe" /service (file missing)
This setup open when i open internet explorer sites.
Comments
-
This setup open when i open internet explorer sites.
Hy Diogo.
I think that you have a virus:
C:\WINDOWS\system32\notepad.exe
The file of the Note Pad is in C:\Windows.
Can you add this file to BitDefender´s quarantine or upload it to Virus Total?
I think that you have a lot of Security software(Spyware Doctor,Ad-aware,Comodo Firewall,BitDefender...)
This software can cause incompatibilities.
Try to upload
C:\WINDOWS\system32\notepad.exe to virus total:
www.virustotal.com
Post the log,and add this file to quarantine.
Gooodbye!0 -
@ Di0g0
Post a new log using Hijackthis 2.0.2
@ matabufalez
WRONG !
0 -
@ Di0g0
Post a new log using Hijackthis 2.0.2
@ matabufalez
WRONG !
Sorry!
Sorry!
I´m sorry,I have checked if Notepad.exe was in C:\Windows\ and I search information on Google for System32\Notepad,and I found this:First thing to do is change the file type for the text documents. -Menu tools, Folder options, file types. -Edit the txt file type and make sure it reads c:\windows\notepad.exe
Then fix your short cuts and delete the notepad.exe found at c:\windows\system32
I´m sorry
0 -
I desinstaled the comodo and the problem it disappeared.
Its stranger.....
LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:05, on 10-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Spyware Doctor\pctsAuxs.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programas\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\BitDefender\BitDefender 2009\bdagent.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\MSN Messenger\MsnMsgr.Exe
C:\Programas\Spyware Doctor\pctsSvc.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\Programas\BitDefender\BitDefender 2009\seccenter.exe
C:\Programas\Valve\Steam\Steam.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [startCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [bDAgent] "C:\Programas\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iSTray] "C:\Programas\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programas\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 6991 bytes0 -
The problem presists!!! I installed malware bytes anti malware and the setup of "scan" open 6x.
"scan" its a corrupt file of windows'????0 -
the files that were missing was the scan.msi! I looked through the net and found a solution for the problem, it says that when it asks for the cd we should insert the cd for the hp printer. I was able to resolve the problem with the hp cd. What i find strange is that i already have the printer instaleed on the pc. I don't understand how a hp printer cd can resolve a windows problem. Can someone explain this?
0 -
Problem resolved
0
