We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Error message with Hitman Pro35
Comments
-
Hi guys
New Combofix log:
ComboFix 11-05-02.04 - Angie 03/05/2011 20:15:05.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.255 [GMT 1:00]
Running from: c:\documents and settings\Angie\Desktop\qwerty.exe
Command switches used :: c:\documents and settings\Angie\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\system32\ESENTPRFK.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ESENTPRFK.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-01 06:50 . 2011-05-01 06:50
dc----w- c:\program files\NoVirusThanks
2011-04-30 07:48 . 2011-04-30 07:48 388096 -c--a-r- c:\documents and settings\Angie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-30 07:48 . 2011-04-30 07:48
dc----w- c:\program files\Trend Micro
2011-04-29 17:08 . 2011-04-29 17:08
dc----w- c:\program files\CCleaner
2011-04-28 22:55 . 2011-04-28 22:55
dc----w- c:\documents and settings\Angie\Application Data\Uniblue
2011-04-28 22:54 . 2011-04-28 23:14
dc-h--w- c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-04-28 22:54 . 2011-04-28 22:54
dc----w- c:\program files\Uniblue
2011-04-28 22:54 . 2011-04-28 22:54
dc----w- c:\documents and settings\Angie\Local Settings\Application Data\PackageAware
2011-04-25 18:14 . 2011-04-25 18:14 98392 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-25 18:04 . 2011-04-25 18:04
dc----w- c:\documents and settings\Angie\Local Settings\Application Data\Sunbelt Software
2011-04-25 18:02 . 2011-04-25 19:15
dc-h--w- c:\documents and settings\All Users\Application Data\{E8A61B3F-DF97-45EA-A2EE-88E262649179}
2011-04-25 18:00 . 2011-04-25 19:14
dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-24 16:45 . 2011-05-02 17:45
dc----w- c:\program files\Hitman Pro 3.5
2011-04-24 15:39 . 2011-05-02 18:37 16968 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-24 15:38 . 2011-04-28 21:45
dc----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-04-24 05:47 . 2011-04-24 10:40
dc----w- c:\documents and settings\Angie\DoctorWeb
2011-04-23 08:55 . 2011-04-23 08:55
dc----w- c:\documents and settings\Angie\Application Data\Malwarebytes
2011-04-23 08:54 . 2010-12-20 17:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-23 08:54 . 2011-04-23 08:54
dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-23 08:54 . 2010-12-20 17:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 08:54 . 2011-04-23 08:55
dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 15:43 . 2011-04-22 16:46
dc----w- c:\documents and settings\Angie\Local Settings\Application Data\AskToolbar
2011-04-22 15:24 . 2011-04-23 08:01
dc----w- c:\documents and settings\Angie\Application Data\Sammsoft
2011-04-22 15:23 . 2011-04-22 15:24
dc----w- c:\program files\Ask.com
2011-04-22 15:23 . 2011-04-22 15:23
dc----w- C:\Firefox
2011-04-22 15:23 . 2011-04-23 08:01
dc----w- c:\program files\ARO 2011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-30 06:00 . 2007-06-03 12:50 13568 -c--a-w- c:\windows\system32\drivers\USBCRFT.SYS
2011-03-07 05:33 . 2004-06-07 13:19 692736 -c----w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2002-08-29 05:00 420864 -c--a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2002-08-29 05:00 1857920 -c--a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-02-06 17:05 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2002-08-29 05:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2002-08-29 05:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-04 05:59 385024 -c--a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2002-08-29 05:00 455936 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-08-29 05:00 357888 -c--a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-17 08:13 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-08-29 05:00 290432 -c--a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2003-07-16 18:32 229888 -c--a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2002-08-29 05:00 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-08-29 05:00 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2002-08-29 05:00 978944 -c--a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2002-08-29 05:00 974848 -c--a-w- c:\windows\system32\mfc42u.dll
2003-08-27 13:19 . 2004-05-21 20:07 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11 2872120 -c--a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11 2872120 -c--a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11 2872120 -c--a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2003-6-25 29696]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{F128BA10-362E-11D3-81AB-00C04FB932BA}\4EBD23F5.exe [2003-6-15 29184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-07 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-02-19 05:50 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 16:44 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
2004-04-27 13:34 86016 -c--a-w- c:\windows\Dit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 20:59 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 04:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [05/02/2011 00:19 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\SYSTEM32\DRIVERS\MOBK.sys [05/02/2011 00:24 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 14:53 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 13:39 67656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [05/02/2011 00:19 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [05/02/2011 00:19 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [05/02/2011 00:19 88544]
S0 hktxllre;hktxllre;c:\windows\system32\drivers\svcc.sys --> c:\windows\system32\drivers\svcc.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S0 visv;visv;c:\windows\system32\drivers\mcwto.sys --> c:\windows\system32\drivers\mcwto.sys [?]
S3 BFAIFILT;BFAIFILT;c:\windows\SYSTEM32\DRIVERS\BFAIFILT.SYS [16/12/2006 15:51 3264]
S3 CardReaderFilter;Card Reader Filter;c:\windows\SYSTEM32\DRIVERS\USBCRFT.SYS [03/06/2007 13:50 13568]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\SYSTEM32\DRIVERS\ggflt.sys [23/10/2009 09:38 13224]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\SYSTEM32\DRIVERS\hitmanpro35.sys [24/04/2011 16:39 16968]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [05/02/2011 00:19 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [05/02/2011 00:19 84264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 18:51 12872]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 U2KG54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\SYSTEM32\DRIVERS\U2KG54.sys [16/12/2006 15:51 245376]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;c:\windows\SYSTEM32\DRIVERS\USB200M2.sys [02/12/2006 18:13 18048]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-05-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 18:17]
.
2003-03-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-03-13 09:04]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - [URL]file://c:\windows\Java\classes\dajava.cab[/URL]
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-CCE - c:\documents and settings\Angie\Desktop\cce_1.6.183539.73_x32\x32\CCE.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
LOCKED REGISTRY KEYS
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-03 20:31:38
ComboFix-quarantined-files.txt 2011-05-03 19:31
ComboFix2.txt 2011-05-02 09:43
.
Pre-Run: 34,637,938,688 bytes free
Post-Run: 34,680,909,824 bytes free
.
- - End Of File - - CA7A6ACC44002A9E2875B1094460C4160 -
now see what Hitmanpro does
0 -
Success, I think.... I ran HitmanPro through Cnet and this time it run through and came up with a result = 0 threats found. Seems like ESENTPRFK was the culprit? Thank you so much for helping out. Are there any other checks you think I should do? Daughter's laptop now seems to be dying if it is not already dead but I will ask for your help in another thread, if that's okay.0
-
Wikikenkey wrote: »Success, I think.... I ran HitmanPro through Cnet and this time it run through and came up with a result = 0 threats found. Seems like ESENTPRFK was the culprit? Thank you so much for helping out. Are there any other checks you think I should do? Daughter's laptop now seems to be dying if it is not already dead but I will ask for your help in another thread, if that's okay.
Yeah esentprfk was definitely dodgy. I would do some follow up scans with one of the following just for peace of mind:
Dr Web https://www.freedrweb.com/download+cureit/gr/?lng=en
Kapersky Virus Removal Tool (needs install but uninstalls itself after use) http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
or SuperAntiSpyware portable http://www.superantispyware.com/sasportable.php
If you start a new thread with your daughter's problems, I'm sure someone will take a look.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards