Critical Error: Realtime Protection Is Disabled

I received a "critical error" when accessing my local public library on line. I sent an error report to BitDefender. I checked the systray, I got a "CRITICAL" -- it was on PCP2 - scanning was turned off. But when I checked the advanced settings, scanning is checked to be "on". When I try to use the "Fix" link, or "Fix All Errors" button, nothing happens.


I do NOT see the bitDefender indication that it is scanning my incoming email. (Which I HAD to download inorder to log into this website). Nothing in Help -- helps.


Help!


Stromie


1715 EDT

Comments

  • Hello stromie,


    Please download Deckard's System Scanner. You need to save it on your desktop. Close all other applications and windows. First right click on dss(.exe) and choose for run as administrator. Now double click on dss(.exe) Confirm the warnings. It can take a while. Please copy the content of main and extra textfiles. Extra will be minimized and paste it at your next post. Because it will be large spread them about a few posts.


    Kind regards,


    Niels

  • Deckard's System Scanner v20071014.68


    Run by Carol on 2008-08-09 12:58:51


    Computer is in Normal Mode.


    --------------------------------------------------------------------------------


    -- System Restore --------------------------------------------------------------


    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --


    71: 2008-08-09 16:59:03 UTC - RP738 - Deckard's System Scanner Restore Point


    70: 2008-08-08 15:54:18 UTC - RP737 - System Checkpoint


    69: 2008-08-06 02:51:17 UTC - RP736 - System Checkpoint


    68: 2008-08-04 16:47:44 UTC - RP735 - System Checkpoint


    67: 2008-08-02 23:23:46 UTC - RP734 - System Checkpoint


    -- First Restore Point --


    1: 2008-05-19 00:18:09 UTC - RP668 - Configured Microsoft Office Professional 2007


    Backed up registry hives.


    Performed disk cleanup.


    -- HijackThis (run as Carol.exe) -----------------------------------------------


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 1:10:03 PM, on 8/9/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16674)


    Boot mode: Normal


    Running processes:


    C:WINDOWSSystem32smss.exe


    C:WINDOWSsystem32winlogon.exe


    C:WINDOWSsystem32services.exe


    C:WINDOWSsystem32lsass.exe


    C:WINDOWSsystem32svchost.exe


    C:WINDOWSSystem32svchost.exe


    C:Program FilesAheadInCDInCDsrv.exe


    C:WINDOWSsystem32spoolsv.exe


    C:WINDOW###plorer.EXE


    C:WINDOWSAGRSMMSG.exe


    C:Program FilesCommon FilesRealUpdate_OBrealsched.exe


    C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.EXE


    C:Program FilesAheadInCDInCD.exe


    C:Program FilesJavajre1.6.0_03binjusched.exe


    C:Program FilesBitDefenderBitDefender 2008bdagent.exe


    C:WINDOWSSOUNDMAN.EXE


    C:PROGRA~1ScanSoftPAPERP~1PPWebCap.exe


    C:WINDOWSsystem32ctfmon.exe


    C:PROGRA~1ANYTIM~1worldtime.exe


    C:Program FilesSpybot - Search & DestroyTeaTimer.exe


    C:Program FilesAdobePhotoshop Elements 4.0PhotoshopElementsFileAgent.exe


    C:Documents and SettingsAll UsersApplication DataU3U3LauncherLaunchU3.exe


    c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe


    C:WINDOWSsystem32svchost.exe


    C:WINDOWSSystem32ups.exe


    C:WINDOWSsystem32SearchIndexer.exe


    C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe


    C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe


    C:Program FilesCanonCALCALMAIN.exe


    C:WINDOWSSystem32svchost.exe


    C:Program FilesJavajre1.6.0_03binjucheck.exe


    C:Program FilesBitDefenderBitDefender 2008vsserv.exe


    C:Documents and SettingsCarolMy DocumentsMy DownloadsDownloaded Programsdss.exe


    C:WINDOWSsystem32SearchProtocolHost.exe


    C:PROGRA~1TRENDM~1HIJACK~1Carol.exe


    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.thebreastcancersite.com/clickTo....faces?siteId=2


    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll


    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll


    O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)


    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)


    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll


    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program FilesEPSONEPSON Web-To-PageEPSON Web-To-Page.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:Program FilesBitDefenderBitDefender 2008IEToolbar.dll


    O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe


    O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot


    O4 - HKLM..Run: [EPSON Stylus Photo R320 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"


    O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"


    O4 - HKLM..Run: [inCD] C:Program FilesAheadInCDInCD.exe


    O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.6.0_03binjusched.exe


    O4 - HKLM..Run: [bDAgent] "C:Program FilesBitDefenderBitDefender 2008bdagent.exe"


    O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE


    O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime


    O4 - HKCU..Run: [PPWebCap] C:PROGRA~1ScanSoftPAPERP~1PPWebCap.exe


    O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe


    O4 - HKCU..Run: [worldtime.exe] C:PROGRA~1ANYTIM~1worldtime.exe nosplash


    O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe


    O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background


    O4 - HKCU..Run: [EPSON Stylus Photo R320 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"


    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe


    O4 - Global Startup: LaunchU3.exe.lnk = ?


    O8 - Extra context menu item: Create BigJig puzzle - C:Program FilesJigMakejm.htm

  • O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll


    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll


    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe


    O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll


    O15 - Trusted Zone: http://*.windowsupdate.com


    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1105380882904


    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab


    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -


    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -


    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab


    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:Program FilesAdobePhotoshop Elements 4.0PhotoshopElementsFileAgent.exe


    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe


    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program FilesAheadInCDInCDsrv.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:Program FilesBitDefenderBitDefender 2008vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe


    --


    End of file - 7852 bytes


    -- File Associations -----------------------------------------------------------


    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


    R3 BDSelfPr - c:program filesbitdefenderbitdefender 2008bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


    R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:program filesadobephotoshop elements 4.0photoshopelementsfileagent.exe


    R2 CCALib8 (Canon Camera Access Library 8) - c:program filescanoncalcalmain.exe <Not Verified; Canon Inc.; >


    -- Device Manager: Disabled ----------------------------------------------------


    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------


    2008-08-09 09:30:26 422 --ah----- C:WINDOWSTasksUser_Feed_Synchronization-{DA55AED8-C9D2-4EA8-B841-EF3A7C2F3BC5}.job


    2008-08-02 17:41:08 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job


    2007-10-31 13:09:22 240 --a------ C:WINDOWSTasksSpybot - Search & Destroy - Scheduled Task.job


    2007-01-02 13:27:21 106 --a------ C:WINDOWSTasksUPS System Shutdown Program.job


    -- Files created between 2008-07-09 and 2008-08-09 -----------------------------


    2008-08-09 13:09:29 0 d-------- C:Program FilesTrend Micro


    2008-08-02 18:18:09 0 d-------- C:Program FilesSafari


    2008-08-02 18:04:28 0 d-------- C:Program FilesQuickTime


    2008-08-02 18:04:25 0 d-------- C:Documents and SettingsAll UsersApplication DataApple Computer


    2008-07-30 21:29:29 0 d-------- C:Documents and SettingsCarolJack's MP3 files


    2008-07-25 23:53:04 0 d-------- C:WINDOWSsystem32CatRoot_bak


    2008-07-17 15:50:02 0 d-------- C:Program FilesApple Software Update


    2008-07-17 15:50:02 0 d-------- C:Documents and SettingsAll UsersApplication DataApple


    2008-07-16 22:06:32 0 d-------- C:Documents and SettingsCarolMy Unused Fonts


    2008-07-16 20:18:47 0 d-------- C:Program FilesFontPage


    2008-07-10 02:09:07 0 d-------- C:WINDOWSSQL9_KB948109_ENU


    -- Find3M Report ---------------------------------------------------------------


    2008-08-09 13:09:40 81984 --a------ C:WINDOWSsystem32bdod.bin


    2008-08-09 10:22:18 0 d-------- C:Program FilesBigJig


    2008-08-09 09:40:50 0 d-------- C:Program FilesMozilla Thunderbird


    2008-08-08 11:27:27 1327 --a------ C:WINDOWSEntPack.dat


    2008-08-04 17:09:29 0 d-------- C:Documents and SettingsCarolApplication DataU3


    2008-08-03 13:55:39 0 d-------- C:Documents and SettingsCarolApplication DataApple Computer


    2008-08-02 18:27:01 0 d-------- C:Program FilesWindows Media Connect 2


    2008-07-26 09:22:43 0 d-------- C:Program FilesAstra Jigsaw Art Edition


    2008-07-10 02:09:52 0 d-------- C:Program FilesMicrosoft SQL Server


    2008-06-24 01:26:32 0 d-------- C:Program FilesMSECache


    2008-06-21 12:17:13 0 d-------- C:Program FilesMicrosoft.NET

  • -- Registry Dump ---------------------------------------------------------------


    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]


    "AGRSMMSG"="AGRSMMSG.exe" [03/04/2005 12:01 PM C:WINDOWSAGRSMMSG.exe]


    "TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [02/02/2006 04:59 PM]


    "EPSON Stylus Photo R320 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.exe" [04/26/2004 03:00 AM]


    "Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" []


    "atr.exe"="" []


    "InCD"="C:Program FilesAheadInCDInCD.exe" [07/25/2005 12:01 PM]


    "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_03binjusched.exe" [09/25/2007 01:11 AM]


    "BDAgent"="C:Program FilesBitDefenderBitDefender 2008bdagent.exe" [07/02/2008 11:24 AM]


    "SoundMan"="SOUNDMAN.EXE" [04/16/2007 04:28 PM C:WINDOWSSOUNDMAN.EXE]


    "QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [05/27/2008 10:50 AM]


    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]


    "PPWebCap"="C:PROGRA~1ScanSoftPAPERP~1PPWebCap.exe" [03/01/2000 10:37 AM]


    "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 08:00 AM]


    "worldtime.exe"="C:PROGRA~1ANYTIM~1worldtime.exe" [11/04/2005 10:07 AM]


    "SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [01/28/2008 11:43 AM]


    "MSMSGS"="C:Program FilesMessengermsmsgs.exe" [10/13/2004 12:24 PM]


    "EPSON Stylus Photo R320 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9FA.exe" [04/26/2004 03:00 AM]


    C:Documents and SettingsAll UsersStart MenuProgramsStartup


    Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe [4/23/2008 3:38:16 AM]


    LaunchU3.exe.lnk - C:WINDOWSInstaller{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}_294823.exe [5/17/2008 11:47:14 AM]


    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo


    ks]


    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:Program FilesWindows Desktop SearchMSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]


    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]


    "SpybotSnD"="C:Program FilesSpybot - Search & DestroySpybotSD.exe"


    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]


    bdx scan


    *Newly Created Service* - 2158D933


    *Newly Created Service* - 9480C09C


    -- Hosts -----------------------------------------------------------------------


    127.0.0.1 www.007guard.com


    127.0.0.1 007guard.com


    127.0.0.1 008i.com


    127.0.0.1 www.008k.com


    127.0.0.1 008k.com


    127.0.0.1 www.00hq.com


    127.0.0.1 00hq.com


    127.0.0.1 010402.com


    127.0.0.1 www.032439.com


    127.0.0.1 032439.com


    8744 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-08-09 13:12:41 ------------


    I managed to manually correct the problem -- I went in about "three layers" and found a way to toggle everything back to the way it was. Now, it is not showing the critical error, but when it starts up, the two little black boxes have "X"s on them for about 2-3 minutes. (am I vulnerable then?)


    Thanks,


    C Stromek (stromie)


    end of report

  • Hello stromie,


    I couldn't find anything suspicious. But I will have a better look tomorrow. Please uninstall BitDefender. Download this uninstall tool. First right click on the red BitDefender icon near the system tray press on exit. Wait a few seconds. Afterwards double click on the BitDefender uninstall tool. You will be asked to reboot your computer do so. Now install BitDefender again. But please disable Spybot Teatimer before starting the installation off BitDefender. That could be the cause here you can find how to do that.


    Kind regards,


    Niels