This is not the original but I reran it today as instructed. Hope that doesn't matter.
ComboFix 08-05-01.3 - Glenn Heady 2008-05-09 7:26:37.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT -4:00]
Running from: C:\Documents and Settings\Glenn Heady\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Glenn Heady\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.
2008-04-29 06:01 . 2008-04-29 06:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-28 16:42 . 2008-04-28 16:42 <DIR> d-------- C:\Program Files\Samsung
2008-04-27 08:57 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-27 08:57 . 2004-08-04 03:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-27 08:57 . 2004-08-04 01:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-27 08:57 . 2004-08-04 01:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-04-27 08:57 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-27 08:57 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-23 10:03 . 2008-04-23 10:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-23 10:03 . 2008-04-27 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 11:22 --------- d-----w C:\Documents and Settings\Glenn Heady\Application Data\SiteAdvisor
2008-05-09 11:13 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-08 21:36 --------- d-----w C:\Program Files\QUICKENW
2008-05-06 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-06 18:54 --------- d-----w C:\Documents and Settings\Glenn Heady\Application Data\RipIt4Me
2008-04-28 20:45 --------- d-----w C:\Documents and Settings\Glenn Heady\Application Data\Samsung
2008-04-28 20:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 13:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-22 10:31 --------- d-----w C:\Program Files\McAfee
2008-04-19 10:36 --------- d-----w C:\Program Files\Google
2008-04-03 18:13 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-03 18:13 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-03 18:13 --------- d-----w C:\Program Files\Real
2008-04-03 18:13 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-03 18:13 --------- d-----w C:\Program Files\Common Files\Real
2008-03-28 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-03-25 13:52 --------- d-----w C:\Program Files\Netflix
2008-03-21 22:08 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 12:20 --------- d-----w C:\Program Files\QuickTime
2008-03-12 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-12 12:18 --------- d-----w C:\Program Files\Apple Software Update
2008-03-12 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-10 21:03 --------- d-----w C:\Program Files\Lavasoft
2008-03-10 21:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2003-12-13 16:36 24,576 -c--a-w C:\Program Files\Common Files\ldrsup.exe
1996-12-03 00:44 582,144 -c--a-w C:\Program Files\Common Files\dao350.dll
1996-12-02 18:27 73,184 -c--a-w C:\Program Files\Common Files\dao2535.tlb
.
((((((((((((((((((((((((((((( snapshot@2008-05-06_ 7.18.12.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-06 10:49:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-09 11:00:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 22:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-03-20 18:41:20 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-25 00:34 36864]
"CARPService"="carpserv.exe" [2003-06-11 11:54 4608 C:\WINDOWS\system32\carpserv.exe]
C:\Documents and Settings\Glenn Heady\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2004-08-30 18:49:18 7660656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 17:45]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 17:46]
S2 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe []
S3 MA8032C;MA8032C;C:\WINDOWS\system32\DRIVERS\MA8032C.sys [2004-11-11 02:04]
S3 MA8032M;MA8032M;C:\WINDOWS\system32\DRIVERS\MA8032M.sys [2004-11-11 01:55]
S3 MA8032U;MA8032U;C:\WINDOWS\system32\DRIVERS\MA8032U.sys [2005-07-27 06:47]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-12 21:11]
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\fide.sys [2004-01-12 18:23]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]
.
Contents of the 'Scheduled Tasks' folder
"2006-12-26 10:29:23 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2006-12-26 10:29:22 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-01-14 15:23:07 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job"
- C:\Program Files\Microsoft LifeCam\LifeExp.exe
"2008-01-15 00:18:48 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job"
- C:\WINDOWS\vVX1000.exe
.
**************************************************************************
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
please note that you need administrator rights to perform deep scan
disk not found C:\
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
disk not found C:\
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2008-05-09 7:30:29
ComboFix-quarantined-files.txt 2008-05-09 11:30:21
ComboFix2.txt 2008-05-08 21:24:59
ComboFix3.txt 2008-05-08 17:08:05
ComboFix4.txt 2008-05-06 11:37:23
ComboFix5.txt 2008-05-06 11:18:33
Pre-Run: 66,897,207,296 bytes free
Post-Run: 66,882,142,208 bytes free
183 --- E O F --- 2008-04-29 10:02:00
Really want to see if it delete the file.
Download and run - ATF Cleaner instructions here.
Run this online scan from ESET
You will need to use Internet explorer for this scan!
- First, accept the Terms of Use
- Click: Start
- When asked, allow the ActiveX control to install
- Click: Start
- Make sure the options:
Remove found threats, and Scan unwanted applications
are both checked!- Click: Scan
When the scan finishes, use Notepad to open the ESET report.
It will be located here C:\Program Files\EsetOnlineScanner\log.txt
MS-MVP Windows Security 2006,2007,2008 & 2009
ASAP member since 2004
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3090 (20080509)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=04e6ccf900f7a744bfea473cbd645126
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-05-10 11:51:47
# local_time=2008-05-10 07:51:47 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=337301
# found=0
# scan_time=7366
Reboot and rescan with HiJackThis and post a new log here.
Also please describe how your computer behaves at the moment.
MS-MVP Windows Security 2006,2007,2008 & 2009
ASAP member since 2004
I haven't had any Zedo popups in several days now. System seems to be functioning properly.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:39 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\EPSON\ESM2\eEBAgent.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\Glenn Heady\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessen...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0146F77E-47F9-48A6-8368-C5789EDA9E75} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {111C6C62-A7E0-447A-9284-584F982BDEF3} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {36299440-3104-4F77-9462-71CBB4FA13F9} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/tec...20Controls.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...80/mcfscan.cab
O23 - Service: a-squared Free Service (a2free) - Unknown owner - c:\program files\a-squared free\a2service.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8220 bytes
Be sure to keep SunJava, updated the newest version is 6.5
In Add/Remove programs click on these and press *remove* if listed:
J2SE Runtime Environment 5.0 - 97.99Mb
J2SE Runtime Environment 5.0 Update 2 - 143.00Mb
J2SE Runtime Environment 5.0 Update 4 - 144.00Mb
J2SE Runtime Environment 5.0 Update 5- 151.00Mb
Java 2 Runtime Environment, SE v1.4.2_04 - 130.00Mb
Or any other outdated J2SE
It is important to remove older versions as these are the ones with the holes in them.
You will be surprised when you go to add/remove to see all of the versions sitting there.
Download Newest >>>> http://www.java.com/en/download/index.jsp
Once installed you can test to see that it is in fact installed >>>>
Sun Java Test
----------------------------------------
Reset your restore points, please note that you will need to log into your computer with an account
which has full administrator access. You will know if the account has administrator access because
you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
MS-MVP Windows Security 2006,2007,2008 & 2009
ASAP member since 2004
Done. Thanks for all your help.