i had some issues lastnight with my eTrust Pest Patrol, some how the license key was erased from the program rendering it useless.

Logfile of HijackThis v1.99.1

Scan saved at 7:49:02 AM, on 2/15/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe

C:\Program Files\Config2500\Utility\Config2500.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Documents and Settings\youdamonkey\My Documents\hijackthis\New Folder\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKCU\..\Run: [speedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe

O4 - Startup: Config2500.lnk = C:\Program Files\Config2500\Utility\Config2500.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resource/downl...lscbase1524.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1101525534872

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131450999850

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: PXPGT - Unknown owner - C:\DOCUME~1\TOMPAG~1\LOCALS~1\Temp\PXPGT.exe (file missing)

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Log is clean. Did you happen to use any registry cleaners?

the registry cleaner i have is CCleaner, its the older version but i never had an issue like that before.

thanks for checking over my log!

I was just thinking that perhaps CCleaner cleaned the part of your registry that holds the regkey for eTrust Pest Patrol. :)

i checked but there wasnt anything from pest patrol.

kinda weird that something erased the license key.

Was anything updated recently that may have had an ill effect? Can you repair/reinstall the license?

Pest Patrol is up and running again but i had to dig around its subfolders looking for the license key. i did'nt want to bug the IT people about it..maybe becouse i don't want to explane why i have a new AV and firewall.

:) You rock MP!

can you explain this service to me? i googled it but found nothing on it.

O23 - Service: PXPGT - Unknown owner - C:\DOCUME~1\TOMPAG~1\LOCALS~1\Temp\PXPGT.exe (file missing)

Almost looks like it may have been from malware; which could be why your license got messed up for Pest Patrol. Also program installers use those directories, but installing a service? I doubt it.

thanks..

i looked it up at castlecops but there was nothing listed.

what else can i do to further investigate this?

Not much really, unless you can find that exact *.exe again there's really not much that can be done.

thanks again. at least i got whatever it was before real damage has been done.

I'm wondering if there's anything left in that directory. Sometimes HijackThis mismarks things as being missing when they're there (for services).

i deleted that service already but of course i made a backup.

i found that entry in the hjt startup list but it is listed as disabled.

i found PXPGT.exe i my services, is there a way i can trackit down like its path or something? can it be deleted from the services list? or am i on just a wild goose chase.

Generally when you look at the properties of the service it will tell you the location of the exe.

oh..i'm blind..i did'nt see the "path to excutables"

i did a search and nothing came up.

I wouldn't worry too much about it unless you get infected again. If it was malware, which it may very wel have been since no information turned up on the web.

I asked about if it might be there for you to zip the file and get it hosted for a tech to download and analyze. :D

what do you mean about sending my file to a tech to have it analyzed..by who and where, and how can this be done.

i'd like to know just for future reference.

Generally you can zip it and attach it here on the forums, and we can analyze it. :hello:

oh!! i did'nt know that kind of thing was possible. coolness.

MP have you noticed any real performance increases since ditching Norton?

i noticed a huge difference since Norton is off of my system the 2 biggest differences i noticed was my connection speed the internet has increased drasticly and also the amount of overall RAM being used by my system has decreased. before the Norton uninstall my system RAM usage was averaging 340mb now i'm barely over 200mb on average. i think uninstalling Norton as been The best tweak i have done so far.