Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Protector.exe Constant Popup on McAfee..Please Help!


  • Please log in to reply

#1
chadnikk

chadnikk

    New Member

  • Member
  • Pip
  • 2 posts
Hello-

I am having a related issue to a member on this board. I have a popup from McAfee "requesting access to the internet" for Path: C:\WINDOWS\system32\protector.exe

Please let me know what I need to download in order to show you the log on my computer to defeat this problem. It would be greatly appreciated.


P.S. Last night, I had a popup stating that there was a virus. So I ran the scan and it found five viruses. One of the viruses was able to be deleted right away, two of them were able to be quarantined, and one was able to be cleaned. But the fifth one, IEPatch.exe was not able to be deleted, quarantined, or deleted. So I restarted, ran the virus scan again and it found five different ones but was able to delete all of them except for one in C:\WINDOWS. It was something like 9129768.exe I can't remember the exact number but when I restarted and ran the virus scan again, zero viruses showed up at the completion the scan. But this morning, when I started up the computer, the file "9129768.exe" (or whatever the exact number was) showed that it "encountered a problem and must close down". These viruses also disabled McAfee VirusScan and the Personal Firewall. The Personal Firewall was able to be re-enabled but the Virus Scan will not go on "enabled" as of now.



That is basically what is going on with the computer so if someone could assist me, it would be greatly appreciated. Thank you once again!

Here is the ComboFIX log:

Chad Nichols - 06-11-01 3:12:13.54 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Chad Nichols\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2006-10-01 to 2006-11-01 ))))))))))))))))))))))))))))))))))


2006-11-01 12:51 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2006-11-01 12:50 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2006-11-01 12:50 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2006-11-01 12:50 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2006-11-01 12:50 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2006-11-01 12:50 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2006-11-01 12:50 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2006-11-01 12:50 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2006-11-01 12:44 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-01 12:44 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-31 23:54 1,465 --a------ C:\mikpsstp.exe
2006-10-31 23:53 10,911 --a------ C:\aikhmehy.exe
2006-10-31 23:52 55,296 --a------ C:\WINDOWS\system32\msvcrl.dll
2006-10-31 23:51 62,464 --a------ C:\jdhp.exe
2006-10-31 23:51 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
2006-10-12 21:35 86,867 -ra------ C:\WINDOWS\system32\drivers\BCOREUSB.sys
2006-10-09 14:30 98,304 --a------ C:\WINDOWS\system32\viscomtran.dll
2006-10-09 14:30 90,112 --a------ C:\WINDOWS\system32\viscomframe.dll
2006-10-09 14:30 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2006-10-09 14:30 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2006-10-09 14:30 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2006-10-09 12:13 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2006-10-08 05:29 20,096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-10-03 14:58 30,080 --a------ C:\WINDOWS\system32\drivers\rndismpx.sys
2006-10-03 14:58 12,672 --a------ C:\WINDOWS\system32\drivers\usb8023x.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-11-01 13:18 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\Toshiba
2006-11-01 13:04 -------- d-------- C:\Program Files\Windows Media Player
2006-11-01 13:02 -------- d-------- C:\Program Files\Outlook Express
2006-11-01 13:02 -------- d-------- C:\Program Files\Internet Explorer
2006-11-01 13:02 -------- d-------- C:\Program Files\Common Files\System
2006-11-01 03:20 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\McAfee.com Personal Firewall
2006-10-31 12:15 -------- d-------- C:\Program Files\DigiSoft
2006-10-25 18:40 173 ---hs---- C:\Documents and Settings\Chad Nichols\Application Data\.zreglib
2006-10-24 19:52 1566 --a------ C:\Documents and Settings\Chad Nichols\Application Data\wklnhst.dat
2006-10-24 19:17 -------- d---s---- C:\Documents and Settings\Chad Nichols\Application Data\Microsoft
2006-10-23 12:37 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\Template
2006-10-19 17:26 -------- d-------- C:\Program Files\LimeWire
2006-10-19 17:21 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-18 19:09 -------- d-------- C:\Program Files\SlySoft
2006-10-18 19:00 -------- d-------- C:\Program Files\Elaborate Bytes
2006-10-18 17:05 -------- d-------- C:\Program Files\Common Files
2006-10-18 16:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-18 16:52 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-18 16:51 -------- d-------- C:\Program Files\America Online 9.0
2006-10-17 12:01 -------- d-------- C:\Program Files\Google
2006-10-16 00:54 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-12 21:44 -------- d-------- C:\Program Files\BlueTooth
2006-10-12 21:42 -------- d-------- C:\Program Files\Toshiba
2006-10-09 17:02 -------- d-------- C:\Program Files\Pocket DVD Wizard
2006-10-09 11:51 88 -rahs---- C:\WINDOWS\system32\D0FA3C7EC5.sys
2006-10-09 11:51 7308 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-06 13:39 56 -rahs---- C:\WINDOWS\system32\C57E3CFAD0.sys
2006-10-06 09:11 -------- dr-h----- C:\Documents and Settings\Chad Nichols\Application Data\yahoo!
2006-10-06 08:48 -------- d-------- C:\Program Files\Yahoo!
2006-10-03 14:59 2508 --a------ C:\Documents and Settings\Chad Nichols\Application Data\$_hpcst$.hpc
2006-10-03 14:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-01 12:57 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\AdobeUM
2006-10-01 12:55 -------- d-------- C:\Program Files\Adobe
2006-09-23 00:27 641021 --a------ C:\WINDOWS\unins000.exe
2006-09-23 00:09 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\Elaborate Bytes
2006-09-20 13:01 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-09-18 22:27 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\SlySoft
2006-09-17 11:15 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\Opera
2006-09-17 11:06 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\Adobe
2006-09-17 10:18 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-17 09:42 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-13 10:18 -------- d-------- C:\Program Files\AOD
2006-09-13 10:18 -------- d-------- C:\Program Files\AIM
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 12:48 -------- d-------- C:\Program Files\WildTangent
2006-09-11 12:44 -------- d-------- C:\Program Files\MUSICMATCH
2006-09-11 12:43 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\Musicmatch
2006-09-11 12:41 108544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2006-09-11 12:41 104960 --a------ C:\WINDOWS\system32\pxinsi64.exe
2006-09-10 21:08 -------- d-------- C:\Program Files\MSN Messenger
2006-09-10 19:56 -------- d-------- C:\Documents and Settings\Chad Nichols\Application Data\Real
2006-09-10 19:53 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-10 19:53 -------- d-------- C:\Program Files\Common Files\Real
2006-09-01 10:29 -------- d-------- C:\Program Files\McAfee.com
2006-08-10 00:10 49152 --a--c--- C:\WINDOWS\setpwrcg.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ShowLOMControl"=dword:00000001
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,01,00,00,00,00,00,00,00,06,00,00,8e,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (CHADNICHOLS-Chad Nichols).job

Completion time: 06-11-01 3:25:07.98
C:\ComboFix.txt ... 06-11-01 03:25

Edited by chadnikk, 01 November 2006 - 02:30 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP