Error message with Hitman Pro35

RussJK

Wikikenkey wrote: »

Do you know how I can get round the moderator's message "as you are a new member of the site, you are not allowed to include links in your posts"?
Thank you.

I'd never considered that for HJT logs, but you are right they have links in them don't they. The only fix is to post more

I suppose you could take away the http:// part of them.

Later I might suggest you consider removing McAfee (I use Appremover.com to remove McAfee) and replace it with Avast or Avira free, as McAfee isn't the best program. No antivirus is perfect of course. It's a decision you'll have to make for yourself though.

Wikikenkey

Thanks RussJK

Funnily enough ESENTPRFK.dll was the file that HitmanPro always stopped at and just hung. I have also noticed other files in my C drive with similar names: ESSENTUTL, ESSENTPRF (two of these), esent.dll - Should I Virustotal these as well?

This is Virustotal Report for ESENTPRFK.dll that you asked me to do - http://www.virustotal.com/file-scan/report.html?id=9934c108906cdc5f321df3d5b66be505dee2be0d620f4b2374d440591016aadc-1303579111

I will now do the second part of your request and get back to you.

Thanks so much for your help.

RussJK

Wikikenkey wrote: »

Thanks RussJK

Funnily enough ESENTPRFK.dll was the file that HitmanPro always stopped at and just hung. I have also noticed other files in my C drive with similar names: ESSENTUTL, ESSENTPRF (two of these), esent.dll - Should I Virustotal these as well?

This is Virustotal Report for ESENTPRFK.dll that you asked me to do - http://www.virustotal.com/file-scan/report.html?id=9934c108906cdc5f321df3d5b66be505dee2be0d620f4b2374d440591016aadc-1303579111

I will now do the second part of your request and get back to you.

Thanks so much for your help.

Thanks for the link - um, do you or someone you live with play first person shooters? It looks like what is running is a hack for an online FPS.

RussJK

Definitely virustotal anything you think is suspicious btw. Esentutl can be a valid program or malware, depending on its location.

Wikikenkey

Hi RussJK

No, no-one plays first person shooters.

I carried out all your instructions in the second part of your request. This is the Malwarebytes log. Nothing found.

Malwarebytes' Anti-Malware 1.50.1.1100
Database version: 6475
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
30/04/2011 19:19:38
mbam-log-2011-04-30 (19-19-38).txt
Scan type: Quick scan
Objects scanned: 161477
Time elapsed: 15 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Computer is much faster, though.

Hitmanpro unsuccessful. I got the same error message as in my very first message. Hitman stopped at 99% Classifying - waiting for Scan Cloud with the file ESENTPRFK.dll.

Happily, Internet Explorer does not seem to be redirecting me to odd sites. I just tried with about six searches.
Not sure if this explains anything but my home page now reads www.yahoo.com and not http://uk.yahoo.com/?p=us which it was reading before.

I also tried Virustotalling all the ESENT files I had mentioned to you before and they all came up 0%/40 odd. They were all under C/Windows/System32. Sorry not too computer literate but I am amazed I was able to follow your instructions. Have learned a lot today. I will definately think of ditching McAfee. Does Avast come with a firewall?

Thanks

Wikikenkey

Sorry, would you like me to run any more scans? I am not sure why Hitman Pro terminates before completion.

RussJK

Wikikenkey wrote: »

Hi RussJK

No, no-one plays first person shooters.

I also tried Virustotalling all the ESENT files I had mentioned to you before and they all came up 0%/40 odd. They were all under C/Windows/System32. Sorry not too computer literate but I am amazed I was able to follow your instructions. Have learned a lot today. I will definately think of ditching McAfee. Does Avast come with a firewall?

Thanks

Glad you are making progress and you are doing well, but there's definitely something on your system that shouldn't be.

When you sent ESENTPRFK.dll to virus total, did you notice how it showed as '1hit weapon all.dll'? That was why I asked about the first person shooter hack, as this is a typical name for a hack designed to do one shot kills for shooting games.

Do you mind showing me the reports for the other esent files? I want to know what names they're called in virustotal.

Also do you mind doing a log from Hijack Hunter?
http://www.novirusthanks.org/product/hijack-hunter/

It'd be easier to email me the result if you want, as it's considerably longer and it also displays recently downloaded files.

Lastly, it'd be useful to know when your problems started? I realise I never asked, and I never asked what symptoms prompted you to begin your investigation. I'd jumped on this thread originally to see why HitmanPro wasn't working.

RussJK

Wikikenkey wrote: »

I will definately think of ditching McAfee. Does Avast come with a firewall?

No, but it has a 'network shield' which I've seen block internet worms, in addition to a web filter. The standard Windows firewall is adequate.

Wikikenkey

RussK

Thanks for looking at this for me.

I first noticed this problem about two weeks ago. Just doing normal browsing from Yahoo search results - noticed that a click on search results was taking me to other sites like Bing. My daughter is the only one who plays games - on gamefudge.com and not on this computer but on her laptop. We have a wifi connection to all three computers. Funnily enough, on the same day, hubbies laptop seemed to have a virus as well - which I managed to clear using Malwarebytes. He uses Ebay quite a bit. On his laptop IE wouldn't open directly on clicking the icon - it wanted you to to choose a program to open it. Not sure if these two episodes are related in some way.

Ok, these are the reports for the other esent files: I have just noticed that Virustotal on running reads for all the files - "Hash found! Opening browser"

ESENT97.DLL - http://www.virustotal.com/file-scan/report.html?id=48c6d30a0e38f4a95083bcd3cba10d835da505c1ac36189dad87915936db7013-1297637801
esent.dll - http://www.virustotal.com/file-scan/report.html?id=c5d682fa9b86810c6e3d741e507eda024c4554beb5b6a1686f70e109ee9cd746-1304169691
ESENTPRF(1) - http://www.virustotal.com/file-scan/report.html?id=3e02e8403ed94486be6b38a041d9cac810e8a220baa30d6c155be39bf510ba76-1297131475
ESENTPRF(2) looks like a text file - http://www.virustotal.com/file-scan/report.html?id=117ac628668ed39c383a6cec33a2691bb38b5c569271e8108cad87e51a2c16c5-1264510466
es.dll - http://www.virustotal.com/file-scan/report.html?id=58af949eaebf4ff3e3314dfb66ce4198bf65f0836b68cd27a6ed319742ccccd2-1303804877
ESENTPRF.DLL - http://www.virustotal.com/file-scan/report.html?id=9934c108906cdc5f321df3d5b66be505dee2be0d620f4b2374d440591016aadc-1303579111
ESENTUTL - http://www.virustotal.com/file-scan/report.html?id=aafed271d9c57276c5c73e2c7c3f4064d0296faef91dfb57b6d69aec2d5baf97-1297638299

Hope this is okay. I will run Hijack Hunter and send you the log file.

Thanks once again for all your help.

aliEnRIK

Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)