Monkey Proof Posted February 15, 2006 Share Posted February 15, 2006 i had some issues lastnight with my eTrust Pest Patrol, some how the license key was erased from the program rendering it useless. Logfile of HijackThis v1.99.1 Scan saved at 7:49:02 AM, on 2/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe C:\Program Files\Config2500\Utility\Config2500.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\Documents and Settings\youdamonkey\My Documents\hijackthis\New Folder\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKCU\..\Run: [speedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe O4 - Startup: Config2500.lnk = C:\Program Files\Config2500\Utility\Config2500.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase1524.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101525534872 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131450999850 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PXPGT - Unknown owner - C:\DOCUME~1\TOMPAG~1\LOCALS~1\Temp\PXPGT.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 15, 2006 Administrator Share Posted February 15, 2006 Log is clean. Did you happen to use any registry cleaners? Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 15, 2006 Author Share Posted February 15, 2006 the registry cleaner i have is CCleaner, its the older version but i never had an issue like that before. thanks for checking over my log! Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 15, 2006 Administrator Share Posted February 15, 2006 I was just thinking that perhaps CCleaner cleaned the part of your registry that holds the regkey for eTrust Pest Patrol. :) Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 15, 2006 Author Share Posted February 15, 2006 i checked but there wasnt anything from pest patrol. kinda weird that something erased the license key. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 15, 2006 Administrator Share Posted February 15, 2006 Was anything updated recently that may have had an ill effect? Can you repair/reinstall the license? Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 15, 2006 Author Share Posted February 15, 2006 Pest Patrol is up and running again but i had to dig around its subfolders looking for the license key. i did'nt want to bug the IT people about it..maybe becouse i don't want to explane why i have a new AV and firewall. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 15, 2006 Administrator Share Posted February 15, 2006 :) You rock MP! Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 can you explain this service to me? i googled it but found nothing on it. O23 - Service: PXPGT - Unknown owner - C:\DOCUME~1\TOMPAG~1\LOCALS~1\Temp\PXPGT.exe (file missing) Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 16, 2006 Administrator Share Posted February 16, 2006 Almost looks like it may have been from malware; which could be why your license got messed up for Pest Patrol. Also program installers use those directories, but installing a service? I doubt it. Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 thanks.. i looked it up at castlecops but there was nothing listed. what else can i do to further investigate this? Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 16, 2006 Administrator Share Posted February 16, 2006 Not much really, unless you can find that exact *.exe again there's really not much that can be done. Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 thanks again. at least i got whatever it was before real damage has been done. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 16, 2006 Administrator Share Posted February 16, 2006 I'm wondering if there's anything left in that directory. Sometimes HijackThis mismarks things as being missing when they're there (for services). Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 i deleted that service already but of course i made a backup. Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 i found that entry in the hjt startup list but it is listed as disabled. Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 i found PXPGT.exe i my services, is there a way i can trackit down like its path or something? can it be deleted from the services list? or am i on just a wild goose chase. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 16, 2006 Administrator Share Posted February 16, 2006 Generally when you look at the properties of the service it will tell you the location of the exe. Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 oh..i'm blind..i did'nt see the "path to excutables" i did a search and nothing came up. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 16, 2006 Administrator Share Posted February 16, 2006 I wouldn't worry too much about it unless you get infected again. If it was malware, which it may very wel have been since no information turned up on the web. I asked about if it might be there for you to zip the file and get it hosted for a tech to download and analyze. :D Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 what do you mean about sending my file to a tech to have it analyzed..by who and where, and how can this be done. i'd like to know just for future reference. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted February 16, 2006 Administrator Share Posted February 16, 2006 Generally you can zip it and attach it here on the forums, and we can analyze it. :hello: Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 oh!! i did'nt know that kind of thing was possible. coolness. Link to comment Share on other sites More sharing options...
Capman Posted February 16, 2006 Share Posted February 16, 2006 MP have you noticed any real performance increases since ditching Norton? Link to comment Share on other sites More sharing options...
Monkey Proof Posted February 16, 2006 Author Share Posted February 16, 2006 i noticed a huge difference since Norton is off of my system the 2 biggest differences i noticed was my connection speed the internet has increased drasticly and also the amount of overall RAM being used by my system has decreased. before the Norton uninstall my system RAM usage was averaging 340mb now i'm barely over 200mb on average. i think uninstalling Norton as been The best tweak i have done so far. Link to comment Share on other sites More sharing options...
Recommended Posts