Boot in Safe Mode.
Switch System restore OFF, see how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
FireDaemon.EXE
rpcapd.exe
Next, click Start/Run and type
services.msc and click OK. Look for the service:
FireDaemon.EXE
rpcapd.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\
FireDaemon.EXE
O23 - Service: FireDaemon Service: host (host) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\
WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: FireDaemon Service: scvhost (scvhost) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
...................................................................................................
Now click on the
Fix Checked button in HJT.
When done, from between the dotted lines, delete the highlighted
bold files.
When a \
directory-name\ is
bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.