1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: PestPatrol Corrupted, No Safe Mode - Please Review HJT Log?

Discussion in 'Virus & Other Malware Removal' started by aok10461, Jan 22, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. aok10461

    aok10461 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    8
    Good afternoon,

    Could someone please review my HJT log? Computer's been acting screwy in the last couple of days and my CA Associates anti-spyware (PestPatrol) became corrupted...couldn't update itself and I got error messages when trying to update it...I received an XP popup that said "The instruction 0x7c9111de referenced memory at 0x00740073. The memory could not be read."

    I reinstalled the software online (vs. using my product's CD) at CA's website and it seems OK at the moment. Booted up with Windows to do a scan but some bizarre filenames were coming up..bizarre to me, anyway (I'm at about an intermediate-level when it comes to home PC security.) Also, I can't boot into safe mode so I'm kinda suspicious.

    Here is my log...any help/advice would be sincerely appreciated. Thanks, guys. :D

    Logfile of HijackThis v1.99.1
    Scan saved at 3:24:31 PM, on 1/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\abelhadigital.com\HostsMan\hm.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\AOL\1158904576\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1158904576\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
    C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\AOL\1158904576\ee\SSCEvtHdlr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\1158904576\ee\aolsoftware.exe
    c:\program files\common files\aol\1158904576\ee\AOLOpenRide.exe
    c:\program files\common files\aol\1158904576\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\1158904576\ee\aolsoftware.exe
    C:\Anthony's Internet Downloads\hijackthis\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O4 - HKLM\..\Run: [HostsMan] C:\Program Files\abelhadigital.com\HostsMan\hm.exe -s
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158904576\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1158904576\ee\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
    O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
    O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1158904576\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Nothing in your log indicates malware running- can you post exactly what alarmed you, post filenames and locations, anything you saved to show us?

    Anything in the HJT log you want confirmation on?
     
  3. aok10461

    aok10461 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    8
    Hi Byteman,

    I had the QQRob I trojan a few weeks ago so I'm just having the technical equivalent of post-traumattic stress disorder, lol

    When I reinstalled my CA/PestPatrol Antispyware the names went by pretty fast on the files it was scanning..saw a "di Vaggio" with an italian first name and a backslash with "Desktop" after it...plus the fact that CA got corrupted in the first place/that it couldn't update.

    I tend to get a bit paranoid with computer security since my ex-wife used to get viruses on her hard drive like people gets colds and things like keyloggers creep me out since myself and my girlfriend do alot of financial stuff on this machine and, pretty much like anyone, I'm sorta privacy-conscious, yanno. I promise to bring up my over-protectiveness of this dumb machine in therapy this week though, lol. ;-)

    What interested me on the HJT log:

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000..sounded fishy to me...

    09: What's "Tri&xie"? Did a Google search and some advice I saw was for users to delete HJT lines with this in it.

    09: The two instances of shdocvw.dll. I read some stuff about this DLL being able to be exploited...my Windows Updates are current though....

    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

    Think any of these should go?

    Thanks again! (y)
     
  4. aok10461

    aok10461 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    8
    PS...as a layman (on all things holy I DON'T work for California Associates/Pest Patrol, lol)...their antispyware is pretty good. It caught that QQRob I trojan I mentioned whereas Norton's (got rid of it) and my AOL antispyware didn't. Still not sure what caused the CA to get corrupted but when it works, it works pretty well. I'm wondering if maybe the CA and AOL somehow wound up butting heads in my boot-up/startup sector and the CA lost. :cool:

    My other current security stuff is (since I belong to AOL and finances are tight I'm just enjoing the benefit of their member-freebies:

    - AOL antivirus (Mcafee)
    - AOL antispyware
    - AOL firewall

    - Hijack This (natch)

    On occasion I'll run Crap Cleaner to flush out all the temp folders, cookies, etc. and to tweak the (usually error-laden) registry.

    And, oh yes... I have a priest over twice a year to bless our C: drive. :D
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I was thinking you had concerns about possible malware.


    TRi&xie? As it says in lots of those Google results....it's because you may not have installed the .NET Framework, we see those entries lots.

    The Excel> You have Office, and Excel apparently, maybe you can go and check on Office Updates...

    The two instances? Lots of windows .dll's are used by lots of programs, I don't see anything wrong with those.

    Those entries are very common.


    Do you have any Brother devices? Brother Popup Suspend service for Resource manager= this is apparently, turned off (-service)

    Some items can fool you in Hijackthis logs....they say "file missing," but that may be because the device is not on, or connected at the time, from what I have heard, or they may be msconfig'd to not start up with Windows, which would be the driver or software default of course...we all know that if we let everything run at default, we would have 27 icons in the tray and no resources!

    Services can also be set to Manual, so you may not see the associated service running or "missing" I guess.

    Not that I know a lot about it, but very many startup things can be done without.


    Here are some places you may be able to get a good idea of what is what

    http://www.sysinfo.org/startuplist.php

    http://www.pacs-portal.co.uk/startup_index.htm


    http://dhtmldev.com/content/view/66/30/


    http://www.georgedillon.com/freeware/startupcontrol.shtml
     
  6. aok10461

    aok10461 Thread Starter

    Joined:
    Jan 10, 2007
    Messages:
    8
    Thank you very much for taking the time to clear that up for me...sincerely appreciated!!! (I'll back it up with a donation.) (y)
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Thank you very much, as well, and you are welcome!

    (y) I can mark this Solved, you may still reply here if there is anything to add!

    When you stop by and make a new thread, you can mark it Solved yourself, just use the "Thread Tools"
    button drop down arrow at the top of the page.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537473

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice