Monkey Proof Posted February 15, 2006 Posted February 15, 2006 i had some issues lastnight with my eTrust Pest Patrol, some how the license key was erased from the program rendering it useless. Logfile of HijackThis v1.99.1 Scan saved at 7:49:02 AM, on 2/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe C:\Program Files\Config2500\Utility\Config2500.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\Documents and Settings\youdamonkey\My Documents\hijackthis\New Folder\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKCU\..\Run: [speedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe O4 - Startup: Config2500.lnk = C:\Program Files\Config2500\Utility\Config2500.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase1524.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101525534872 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131450999850 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: PXPGT - Unknown owner - C:\DOCUME~1\TOMPAG~1\LOCALS~1\Temp\PXPGT.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Administrator Tarun Posted February 15, 2006 Administrator Posted February 15, 2006 Log is clean. Did you happen to use any registry cleaners?
Monkey Proof Posted February 15, 2006 Author Posted February 15, 2006 the registry cleaner i have is CCleaner, its the older version but i never had an issue like that before. thanks for checking over my log!
Administrator Tarun Posted February 15, 2006 Administrator Posted February 15, 2006 I was just thinking that perhaps CCleaner cleaned the part of your registry that holds the regkey for eTrust Pest Patrol. :)
Monkey Proof Posted February 15, 2006 Author Posted February 15, 2006 i checked but there wasnt anything from pest patrol. kinda weird that something erased the license key.
Administrator Tarun Posted February 15, 2006 Administrator Posted February 15, 2006 Was anything updated recently that may have had an ill effect? Can you repair/reinstall the license?
Monkey Proof Posted February 15, 2006 Author Posted February 15, 2006 Pest Patrol is up and running again but i had to dig around its subfolders looking for the license key. i did'nt want to bug the IT people about it..maybe becouse i don't want to explane why i have a new AV and firewall.
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 can you explain this service to me? i googled it but found nothing on it. O23 - Service: PXPGT - Unknown owner - C:\DOCUME~1\TOMPAG~1\LOCALS~1\Temp\PXPGT.exe (file missing)
Administrator Tarun Posted February 16, 2006 Administrator Posted February 16, 2006 Almost looks like it may have been from malware; which could be why your license got messed up for Pest Patrol. Also program installers use those directories, but installing a service? I doubt it.
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 thanks.. i looked it up at castlecops but there was nothing listed. what else can i do to further investigate this?
Administrator Tarun Posted February 16, 2006 Administrator Posted February 16, 2006 Not much really, unless you can find that exact *.exe again there's really not much that can be done.
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 thanks again. at least i got whatever it was before real damage has been done.
Administrator Tarun Posted February 16, 2006 Administrator Posted February 16, 2006 I'm wondering if there's anything left in that directory. Sometimes HijackThis mismarks things as being missing when they're there (for services).
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 i deleted that service already but of course i made a backup.
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 i found that entry in the hjt startup list but it is listed as disabled.
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 i found PXPGT.exe i my services, is there a way i can trackit down like its path or something? can it be deleted from the services list? or am i on just a wild goose chase.
Administrator Tarun Posted February 16, 2006 Administrator Posted February 16, 2006 Generally when you look at the properties of the service it will tell you the location of the exe.
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 oh..i'm blind..i did'nt see the "path to excutables" i did a search and nothing came up.
Administrator Tarun Posted February 16, 2006 Administrator Posted February 16, 2006 I wouldn't worry too much about it unless you get infected again. If it was malware, which it may very wel have been since no information turned up on the web. I asked about if it might be there for you to zip the file and get it hosted for a tech to download and analyze. :D
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 what do you mean about sending my file to a tech to have it analyzed..by who and where, and how can this be done. i'd like to know just for future reference.
Administrator Tarun Posted February 16, 2006 Administrator Posted February 16, 2006 Generally you can zip it and attach it here on the forums, and we can analyze it. :hello:
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 oh!! i did'nt know that kind of thing was possible. coolness.
Capman Posted February 16, 2006 Posted February 16, 2006 MP have you noticed any real performance increases since ditching Norton?
Monkey Proof Posted February 16, 2006 Author Posted February 16, 2006 i noticed a huge difference since Norton is off of my system the 2 biggest differences i noticed was my connection speed the internet has increased drasticly and also the amount of overall RAM being used by my system has decreased. before the Norton uninstall my system RAM usage was averaging 340mb now i'm barely over 200mb on average. i think uninstalling Norton as been The best tweak i have done so far.
Recommended Posts