PDA

View Full Version : Removing MSA Security Center?


lararoxs
02-09-08, 21:50
MSA Security has just popped up and started throwing random threats at the screen, prompting me to uninstall and install new sofware and programmes.

My first thought, Fake.

Is it fake? If so can I remove it?

Thanks to any helpers!:)

EscondeR
03-09-08, 05:14
It's fake most likely.
Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report. Run it while online, for it to update signatures and show me less Microsoft native processes :)

lararoxs
03-09-08, 14:59
I sorted it out. I just remembered google is my friend!
I will post the report in a minute just to make sure though!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"McAfee HackerWatch Service"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
McAfee HackerWatch Service
Program path & name:
"c:\program files\common files\mcafee\hackerwatch\hwapi.exe"
Enabled: [V]


Program:
"McAfee Protection Manager"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mcmscsvc
Program path & name:
"c:\program files\mcafee\msc\mcmscsvc.exe"
Enabled: [V]


Program:
"Allows McAfee applications to communicate securely on the local network."
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
McNASvc
Program path & name:
"c:\program files\common files\mcafee\mna\mcnasvc.exe"
Enabled: [V]


Program:
"Scans specified locations on this computer for viruses and other threats. The service runs for scheduled scans and manual scans."
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
McODS
Program path & name:
"c:\program files\mcafee\virusscan\mcods.exe"
Enabled: [V]


Program:
"McAfee Proxy Service"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
McProxy
Program path & name:
"c:\program files\common files\mcafee\mcproxy\mcproxy.exe"
Enabled: [V]


Program:
"McAfee Redirector Service"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
McRedirector
Program path & name:
"c:\program files\common files\mcafee\redirsvc\redirsvc.exe"
Enabled: [V]


Program:
"Scans files for viruses and other threats when they are accessed by this computer."
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
McShield
Program path & name:
"c:\program files\mcafee\virusscan\mcshield.exe"
Enabled: [V]


Program:
"Monitors potentially unauthorized changes to this computer."
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
McSysmon
Program path & name:
"c:\program files\mcafee\virusscan\mcsysmon.exe"
Enabled: [V]


Program:
"MpfService"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MpfService
Program path & name:
"c:\program files\mcafee\mpf\mpfsrv.exe"
Enabled: [V]


Program:
"Provides identity protection and parental controls."
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MPS9
Program path & name:
"c:\program files\mcafee\mps\mps.exe"
Enabled: [V]


Program:
"This service filters e-mail messages on your computer"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MSK80Service
Program path & name:
"c:\program files\mcafee\msk\msksrver.exe"
Enabled: [V]


Program:
"RoxSniffer9 Module"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RoxWatch9
Program path & name:
"c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe"
Enabled: [V]


Program:
"Manages SigmaTel Audio Universal Jack configurations."
Publisher:
"(Not verified) SigmaTel Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
STacSV
Program path & name:
"c:\program files\sigmatel\c-major audio\wdm\stacsv.exe"
Enabled: [V]


Program:
"Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wltrysvc
Program path & name:
c:\windows\system32\wltrysvc.exe"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"Anti-Virus File System Filter Driver"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mfeavfk
Program path & name:
"c:\windows\system32\drivers\mfeavfk.sys"
Enabled: [V]


Program:
"Buffer Overflow Protection Driver"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mfebopk
Program path & name:
"c:\windows\system32\drivers\mfebopk.sys"
Enabled: [V]


Program:
"Host Intrusion Detection Link Driver"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mfehidk
Program path & name:
"c:\windows\system32\drivers\mfehidk.sys"
Enabled: [V]


Program:
"VSCore Code Analysis Driver"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mferkdk
Program path & name:
"c:\windows\system32\drivers\mferkdk.sys"
Enabled: [V]


Program:
"System Monitor Filter Driver"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mfesmfk
Program path & name:
"c:\windows\system32\drivers\mfesmfk.sys"
Enabled: [V]


Program:
"McAfee Personal Firewall Plus Driver"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
MPFP
Program path & name:
"c:\windows\system32\drivers\mpfp.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"Dell Wireless WLAN Card Logon Provider"
Publisher:
"(Not verified) Dell Inc."
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvi der\Order
Entry name:
BCMLogon
Program path & name:
"c:\windows\system32\bcmlogon.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"Sigmatel Audio system tray application"
Publisher:
"(Not verified) SigmaTel Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SigmatelSysTrayApp
Program path & name:
"c:\windows\sttray.exe"
Enabled: [V]


Program:
"Dell Wireless WLAN Card Wireless Network Tray Applet"
Publisher:
"(Not verified) Dell Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Broadcom Wireless Manager UI
Program path & name:
"c:\windows\system32\wltray.exe"
Enabled: [V]


Program:
"Macrovision FLEXnet Connect Scheduler"
Publisher:
"(Not verified) Macrovision Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ISUSScheduler
Program path & name:
"c:\program files\common files\installshield\updateservice\issch.exe"
Enabled: [V]


Program:
"RoxMMTrayApp Module"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
RoxWatchTray
Program path & name:
"c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe"
Enabled: [V]


Program:
"McAfee SpamKiller MskAgent Application"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
MskAgentexe
Program path & name:
"c:\program files\mcafee\msk\mskagent.exe"
Enabled: [V]


Program:
"CyberLink PowerCinema Resident Program"
Publisher:
"(Not verified) CyberLink Corp."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
PCMService
Program path & name:
"c:\program files\dell\mediadirect\pcmservice.exe"
Enabled: [V]


Program:
"SpeedTouch Statistics"
Publisher:
"(Not verified) THOMSON Telecom Belgium"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpeedTouch USB Diagnostics
Program path & name:
"c:\program files\thomson\speedtouch usb\dragdiag.exe"
Enabled: [V]


Program:
"McAfee Integrated Security Platform"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
mcagent_exe
Program path & name:
"c:\program files\mcafee.com\agent\mcagent.exe"
Enabled: [V]


Program:
" "
Publisher:
"(Not verified) "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
dscactivate
Program path & name:
"c:\program files\dell support center\gs_agent\custom\dsca.exe"
Enabled: [V]


Program:
"Malwarebytes' Anti-Malware"
Publisher:
"(Verified) Malwarebytes"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Malwarebytes Anti-Malware (reboot)
Program path & name:
"c:\program files\malwarebytes' anti-malware\mbam.exe"
Enabled: [V]


Program:
"insmimefilter Module"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-internet-signup
Program path & name:
c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
"Skype for COM API"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
skype4com
Program path & name:
"c:\program files\common files\skype\skype4com.dll"
Enabled: [V]


Program:
"Adobe Gamma Loader"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Adobe Gamma Loader.lnk
Program path & name:
"c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Not verified) Adobe Systems Incorporated"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Adobe Reader Speed Launch.lnk
Program path & name:
"c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"Digital Line Detection"
Publisher:
"(Verified) Avanquest"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Digital Line Detect.lnk
Program path & name:
"c:\program files\digital line detect\dlg.exe"
Enabled: [V]


Program:
"Microsoft Office 2000 component"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Microsoft Office.lnk
Program path & name:
"c:\program files\microsoft office\office\osa9.exe"
Enabled: [V]


Program:
"NetgearCUv2 MFC Application"
Publisher:
N/A
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
NETGEAR WG111v3 Smart Wizard.lnk
Program path & name:
c:\program files\netgear\wg111v3\wg111v3.exe"
Enabled: [V]


Program:
"InstallShield"
Publisher:
"(Not verified) Macrovision Corporation"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
QuickSet.lnk
Program path & name:
"c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\newshortcut2_53a01cc614b04512a2e710d 39bf83dc4.exe"
Enabled: [V]


Program:
"Dell Support"
Publisher:
"(Verified) Dell Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
DellSupport
Program path & name:
"c:\program files\dellsupport\dsagnt.exe"
Enabled: [V]


Program:
"Skype"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Skype
Program path & name:
"c:\program files\skype\phone\skype.exe"
Enabled: [V]


Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
swg
Program path & name:
"c:\program files\google\googletoolbarnotifier\1.2.1128.5462\g oogletoolbarnotifier.exe"
Enabled: [V]


Program:
"Google Installer"
Publisher:
"(Verified) Google Inc"
Entry path:
Task Scheduler
Entry name:
GoogleUpdateTaskUser.job
Program path & name:
"c:\users\rebecca\appdata\local\google\update\googl eupdate.exe"
Enabled: [V]


Program:
"QuickClean Console Application"
Publisher:
"(Verified) McAfee Inc."
Entry path:
Task Scheduler
Entry name:
McDefragTask.job
Program path & name:
"c:\program files\mcafee\mqc\qcconsol.exe"
Enabled: [V]


Program:
"QuickClean Console Application"
Publisher:
"(Verified) McAfee Inc."
Entry path:
Task Scheduler
Entry name:
McQcTask.job
Program path & name:
"c:\program files\mcafee\mqc\qcconsol.exe"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 7.0 for ActiveX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Skype add-on for IE"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Skype add-on (mastermind)
Program path & name:
"c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\ssv.dll"
Enabled: [V]


Program:
"VSCore Script Scanner"
Publisher:
"(Verified) McAfee Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
scriptproxy
Program path & name:
"c:\program files\mcafee\virusscan\scriptcl.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
"Microsoft Shell Extension Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
lnkfile
Program path & name:
"c:\program files\microsoft office\office\mlshext.dll"
Enabled: [V]


Program:
"Microsoft Outlook Shell Hook for Start/Find"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Microsoft Outlook Custom Icon Handler
Program path & name:
"c:\program files\microsoft office\office\olkfstub.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]


Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]



Its a laptop, and Mcafee came as default on the system.

EscondeR
03-09-08, 19:06
You need to remove this:

Program:
"InstallShield"
Publisher:
"(Not verified) Macrovision Corporation"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
QuickSet.lnk
Program path & name:
"c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\newshortcut2_53a01cc614b04512a2e710d 39bf83dc4.exe"
Enabled: [V]

But the main thing: The problems continue to appear untill you install a REAL firewal and antivirus instead of McAffee resourse-hog.