What's the best software?

[Casie]

Ok I recently had a prob with my computer having no video. I brought it to the place I have to look at it. They solved the problem. (Hard drive had came unplugged) But in the process they told me that I have a virus on my computer. I have ran spybot and trend housecall. I currently have Defender Pro as my anti-virus. I have found nothing. I was hoping someone could tell me the best (hopefully free) program to see what is going on. I haven't had any probs with my computer and I am generally pretty cautious. Plz Help!

 

[Punk]

Post a Hijackthis log:

How to post a hijackthis log:

• Download Hijackthis
• Put it in a folder, not on your desktop, not in a temp folder
• Double click on Hijackthis.exe
• Do a system scan and save a log
• Simply copy and paste your log in a new thread

we'll take a look on your log as soon as we see it.

 

[Casie]

I am getting a msg that tells me it is not a valid application.

 

[Casie]

Ok well I just saved it on my desktop sorry! But here is what I got.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:24 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Casie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178319879140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1180824265234
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 4864 bytes

 

[Punk]

Please put your Hijackthis.exe file in a folder and give me a fresh log. Not on the desktop.

Thank you
webbenji

 

[Casie]

Maybe I am a complete idiot but when I try to run it from anything but my desktop I get an error msg saying invalid application. I am saving it in a new folder in my documents.

 

[Punk]

Can you rename the file anything.exe for example and then run it in the folder?

 

[Michael]

On a side note, I've had Myspace IM come up as a virus under Avast! as well as AVG.. the anti-virus you're repairman uses could have had the same issue.

If that's the case, it's harmless... unless you have a problem with useless programs that aren't productive and constantly crash

 

[Casie]

No I am getting the same error msg. More than likely it is myspace or something like that. I ran Kaspersky and it's not finding anything either.

 

[Punk]

Ok let's runa anti-virus:

Go here to run an online scannner from Kaspersky.

• Click on "Kaspersky Online Scanner"
• A new smaller window will pop up. Press on "Accept". After reading the contents.
• Now Kaspersky will update the anti-virus database. Let it run.
• Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
• Then click on "My Computer", and the scan will start.
• Once finished, save the log as "KAV.txt" to the desktop.

Post the log in here so i can take a look at it.

 

[Casie]

Scan Statistics:
Total number of scanned objects: 71407
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:24:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Backup\BackupMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0300 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.i0301 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Quarantine\QMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0001 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0100 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0101 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\RptMng.rept Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{FC70E2DD-107C-4F93-BC76-9D1EE43B6087}.i0200 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{FC70E2DD-107C-4F93-BC76-9D1EE43B6087}.i0201 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{FC70E2DD-107C-4F93-BC76-9D1EE43B6087}.reph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{FC70E2DD-107C-4F93-BC76-9D1EE43B6087}.repi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus\5.0\Reports\{FC70E2DD-107C-4F93-BC76-9D1EE43B6087}.rept Object is locked skipped
C:\Documents and Settings\Casie\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\history.dat Object is locked skipped
C:\Documents and Settings\Casie\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\key3.db Object is locked skipped
C:\Documents and Settings\Casie\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Casie\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Casie\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\[email protected] Object is locked skipped
C:\Documents and Settings\Casie\Application Data\MySpace\IM\Logs\MySpaceIM-20070913-211806.log Object is locked skipped
C:\Documents and Settings\Casie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Application Data\Mozilla\Firefox\Profiles\tr2jqy8d.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\History\History.IE5\MSHist012007091420070915\index.dat Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Temp\~DFADE8.tmp Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Casie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Casie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Casie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{31618287-36F0-4B3C-A267-44236085D711}\RP70\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3088B3F3-A710-4A55-96B9-CF5A1E1644AF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

[Punk]

I guess that says it all:

Total number of scanned objects: 71407
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0

You don't seem to be infected at all, even the HJT log was clean.

 

[Casie]

Cool thanks! I guess those ripoffs at the computer place were trying to screw me. I had been going through everything trying to find anything that would pull up a virus. Thanks again for your time!

 

[Punk]

No problem, glad to have helped you

Yeah maybe they were trying to get a few bucks more from you...

 

[INTELCRAZY]

Cool thanks! I guess those ripoffs at the computer place were trying to screw me. I had been going through everything trying to find anything that would pull up a virus. Thanks again for your time!

Haha...That's not all that computer places try to mess you over with... They will steal your downloaded videos. I had saw where someone on this forum sent his computer to a repair place with a 'keylogger' installed. Ctrl+C and Ctrl+V were pressed quite a bit. Copy & Paste...

 

[hermeslyre]

Haha...That's not all that computer places try to mess you over with... They will steal your downloaded videos. I had saw where someone on this forum sent his computer to a repair place with a 'keylogger' installed. Ctrl+C and Ctrl+V were pressed quite a bit. Copy & Paste...

WTH? They steal your videos? Damn porn addicts, they need to find their own and stay the **** away from mine. Oh, wait I don't go to repair shops.. Whew i'm safe.

FALSE ALARM

haha, seriously though repair shops can be bogus. I've seen a channel __ news story on local ones. All they did was unplug the IDE cable from the HDD and asked them to fix it. About half either got it wrong and blamed the PSU (etc) or they lied. I remember one Middle Eastern guy claimed that one half of the motherboard was dead and that it needed to be replaced. What a bunch of con artist morons.

 

[Casie]

My dad built me this computer. It's a pretty damn good computer. I have all the stats I just don't know how to exactly type them out. Anyways....He lives in NC and I am in FL so when I have a problem I have brought it to these guys and they run a diagnostic and that's it. Well this time they had my computer for 4 days. The only thing I wanted them to do is tell me if something was unplugged or fried. (I had no video) Well I finally talk to them and they start telling me I have spyware and adware (DUH!) and that I was behind on my updates for windows. I'm not a freaking idiot. I have everything setup. So I checked for myself and I had nothing. I mean don't we pick up adware and spyware as soon as we check most sites? I run search and destroy regularly. But once again thanks for your time. I couldn't rest till I knew for sure.