Solved: PestPatrol Corrupted, No Safe Mode - Please Review HJT Log?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

aok10461

Thread Starter
Joined
Jan 10, 2007
Messages
8
Good afternoon,

Could someone please review my HJT log? Computer's been acting screwy in the last couple of days and my CA Associates anti-spyware (PestPatrol) became corrupted...couldn't update itself and I got error messages when trying to update it...I received an XP popup that said "The instruction 0x7c9111de referenced memory at 0x00740073. The memory could not be read."

I reinstalled the software online (vs. using my product's CD) at CA's website and it seems OK at the moment. Booted up with Windows to do a scan but some bizarre filenames were coming up..bizarre to me, anyway (I'm at about an intermediate-level when it comes to home PC security.) Also, I can't boot into safe mode so I'm kinda suspicious.

Here is my log...any help/advice would be sincerely appreciated. Thanks, guys. :D

Logfile of HijackThis v1.99.1
Scan saved at 3:24:31 PM, on 1/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\abelhadigital.com\HostsMan\hm.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1158904576\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1158904576\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\AOL 9.0\waol.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1158904576\ee\SSCEvtHdlr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1158904576\ee\aolsoftware.exe
c:\program files\common files\aol\1158904576\ee\AOLOpenRide.exe
c:\program files\common files\aol\1158904576\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\1158904576\ee\aolsoftware.exe
C:\Anthony's Internet Downloads\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [HostsMan] C:\Program Files\abelhadigital.com\HostsMan\hm.exe -s
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158904576\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1158904576\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1158904576\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Nothing in your log indicates malware running- can you post exactly what alarmed you, post filenames and locations, anything you saved to show us?

Anything in the HJT log you want confirmation on?
 

aok10461

Thread Starter
Joined
Jan 10, 2007
Messages
8
Hi Byteman,

I had the QQRob I trojan a few weeks ago so I'm just having the technical equivalent of post-traumattic stress disorder, lol

When I reinstalled my CA/PestPatrol Antispyware the names went by pretty fast on the files it was scanning..saw a "di Vaggio" with an italian first name and a backslash with "Desktop" after it...plus the fact that CA got corrupted in the first place/that it couldn't update.

I tend to get a bit paranoid with computer security since my ex-wife used to get viruses on her hard drive like people gets colds and things like keyloggers creep me out since myself and my girlfriend do alot of financial stuff on this machine and, pretty much like anyone, I'm sorta privacy-conscious, yanno. I promise to bring up my over-protectiveness of this dumb machine in therapy this week though, lol. ;-)

What interested me on the HJT log:

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000..sounded fishy to me...

09: What's "Tri&xie"? Did a Google search and some advice I saw was for users to delete HJT lines with this in it.

09: The two instances of shdocvw.dll. I read some stuff about this DLL being able to be exploited...my Windows Updates are current though....

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

Think any of these should go?

Thanks again! (y)
 

aok10461

Thread Starter
Joined
Jan 10, 2007
Messages
8
PS...as a layman (on all things holy I DON'T work for California Associates/Pest Patrol, lol)...their antispyware is pretty good. It caught that QQRob I trojan I mentioned whereas Norton's (got rid of it) and my AOL antispyware didn't. Still not sure what caused the CA to get corrupted but when it works, it works pretty well. I'm wondering if maybe the CA and AOL somehow wound up butting heads in my boot-up/startup sector and the CA lost. :cool:

My other current security stuff is (since I belong to AOL and finances are tight I'm just enjoing the benefit of their member-freebies:

- AOL antivirus (Mcafee)
- AOL antispyware
- AOL firewall

- Hijack This (natch)

On occasion I'll run Crap Cleaner to flush out all the temp folders, cookies, etc. and to tweak the (usually error-laden) registry.

And, oh yes... I have a priest over twice a year to bless our C: drive. :D
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I was thinking you had concerns about possible malware.


TRi&xie? As it says in lots of those Google results....it's because you may not have installed the .NET Framework, we see those entries lots.

The Excel> You have Office, and Excel apparently, maybe you can go and check on Office Updates...

The two instances? Lots of windows .dll's are used by lots of programs, I don't see anything wrong with those.

Those entries are very common.


Do you have any Brother devices? Brother Popup Suspend service for Resource manager= this is apparently, turned off (-service)

Some items can fool you in Hijackthis logs....they say "file missing," but that may be because the device is not on, or connected at the time, from what I have heard, or they may be msconfig'd to not start up with Windows, which would be the driver or software default of course...we all know that if we let everything run at default, we would have 27 icons in the tray and no resources!

Services can also be set to Manual, so you may not see the associated service running or "missing" I guess.

Not that I know a lot about it, but very many startup things can be done without.


Here are some places you may be able to get a good idea of what is what

http://www.sysinfo.org/startuplist.php

http://www.pacs-portal.co.uk/startup_index.htm


http://dhtmldev.com/content/view/66/30/


http://www.georgedillon.com/freeware/startupcontrol.shtml
 

aok10461

Thread Starter
Joined
Jan 10, 2007
Messages
8
Thank you very much for taking the time to clear that up for me...sincerely appreciated!!! (I'll back it up with a donation.) (y)
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Thank you very much, as well, and you are welcome!

(y) I can mark this Solved, you may still reply here if there is anything to add!

When you stop by and make a new thread, you can mark it Solved yourself, just use the "Thread Tools"
button drop down arrow at the top of the page.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top