1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I want to remove an easylife app on my firefox browser

Discussion in 'Virus & Other Malware Removal' started by woodfox, Feb 15, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. woodfox

    woodfox Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    4
    I am trying to remove from my firefox browser a nasty esasylife app that got installed without my knowledge. I have run my McAfee antivirus but it hasn’t detected, I have run combofix and I don’t know what to do next, Any information provided would be greatly appreciated. Thanks, Here is the result from comboFix:


    ComboFix 13-02-13.02 - Red trees in winter 15/02/2013 5:17.4.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8086.5175 [GMT 0:00]
    Running from: c:\users\Red trees in winter\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-15 to 2013-02-15 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-15 05:21 . 2013-02-15 05:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-02-15 05:21 . 2013-02-15 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-15 02:27 . 2013-02-15 02:27 -------- d-----w- c:\program files (x86)\ESET
    2013-02-15 02:19 . 2013-02-15 02:19 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-02-15 02:19 . 2013-02-15 02:19 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-02-15 02:13 . 2013-02-15 02:13 -------- d-----w- c:\programdata\IObit
    2013-02-15 02:12 . 2013-02-15 02:12 -------- d-----w- c:\users\Red trees in winter\AppData\Roaming\IObit
    2013-02-15 02:12 . 2013-02-15 02:12 -------- d-----w- c:\program files (x86)\IObit
    2013-02-14 15:10 . 2013-02-14 15:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-02-14 15:10 . 2013-02-14 15:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-02-14 15:10 . 2013-02-14 15:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-02-14 15:10 . 2013-02-14 15:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-02-14 15:10 . 2013-02-14 15:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-02-14 15:10 . 2013-02-14 15:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-02-14 15:10 . 2013-02-14 15:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-02-14 15:10 . 2013-02-14 15:10 -------- d-----w- c:\program files (x86)\QuickTime
    2013-02-12 13:39 . 2013-02-12 13:39 -------- d-----w- c:\users\Red trees in winter\AppData\Roaming\Macrovision
    2013-02-12 13:39 . 2013-02-12 13:39 -------- d-----w- c:\users\Red trees in winter\AppData\Local\Sonic_Solutions
    2013-02-02 23:07 . 2013-02-02 23:07 -------- d-----w- c:\program files (x86)\MSECache
    2013-02-02 21:45 . 2013-02-02 21:45 -------- d-----w- c:\users\Red trees in winter\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    2013-02-01 17:45 . 2013-02-01 17:45 -------- d-----w- c:\programdata\Microsoft Help
    2013-02-01 17:45 . 2013-02-01 17:45 -------- d-----w- c:\users\Red trees in winter\AppData\Local\Microsoft Help
    2013-01-20 00:00 . 2013-01-20 00:00 -------- d-----w- c:\users\Red trees in winter\AppData\Roaming\BatteryCare
    2013-01-20 00:00 . 2013-01-20 00:00 -------- d-----w- c:\program files (x86)\BatteryCare
    2013-01-18 13:38 . 2013-01-18 13:38 -------- d-----w- c:\program files (x86)\Common Files\Java
    2013-01-18 13:38 . 2013-01-18 13:38 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-01-18 13:38 . 2013-01-18 13:38 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-01-18 13:38 . 2013-01-18 13:38 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-18 13:38 . 2013-01-18 13:38 -------- d-----w- c:\program files (x86)\Java
    2013-01-18 13:34 . 2013-01-18 13:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-01-18 13:34 . 2013-01-18 13:34 -------- d-----r- c:\program files (x86)\Skype
    2013-01-18 13:20 . 2013-01-18 13:20 -------- d-----w- c:\program files (x86)\Pwqsoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-27 19:54 . 2012-12-27 19:44 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-12-27 19:54 . 2012-12-27 19:44 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-12-27 19:54 . 2012-12-27 19:44 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2012-12-27 19:33 . 2012-12-27 19:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-27 19:33 . 2012-12-27 19:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-27 18:24 . 2012-12-27 18:24 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-12-27 18:24 . 2012-12-27 18:24 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-12-27 18:24 . 2012-12-27 18:24 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-12-27 18:24 . 2012-12-27 18:24 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-12-27 18:24 . 2012-12-27 18:24 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-12-27 18:24 . 2012-12-27 18:24 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-12-27 18:24 . 2012-12-27 18:24 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-12-27 18:24 . 2012-12-27 18:24 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-12-27 18:24 . 2012-12-27 18:24 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-12-27 18:24 . 2012-12-27 18:24 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-12-27 18:24 . 2012-12-27 18:24 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-12-27 18:24 . 2012-12-27 18:24 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-12-27 18:24 . 2012-12-27 18:24 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-12-27 18:24 . 2012-12-27 18:24 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-12-27 18:24 . 2012-12-27 18:24 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-12-27 18:24 . 2012-12-27 18:24 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-12-27 18:24 . 2012-12-27 18:24 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-12-27 18:24 . 2012-12-27 18:24 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-12-27 18:24 . 2012-12-27 18:24 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-12-27 18:24 . 2012-12-27 18:24 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-12-27 18:24 . 2012-12-27 18:24 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-12-27 18:24 . 2012-12-27 18:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-12-27 18:24 . 2012-12-27 18:24 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-12-27 18:24 . 2012-12-27 18:24 448512 ----a-w- c:\windows\system32\html.iec
    2012-12-27 18:24 . 2012-12-27 18:24 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-12-27 18:24 . 2012-12-27 18:24 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-12-27 18:24 . 2012-12-27 18:24 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-12-27 18:24 . 2012-12-27 18:24 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-12-27 18:24 . 2012-12-27 18:24 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-12-27 18:24 . 2012-12-27 18:24 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-12-27 18:24 . 2012-12-27 18:24 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-27 18:24 . 2012-12-27 18:24 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-12-27 18:24 . 2012-12-27 18:24 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-12-27 18:24 . 2012-12-27 18:24 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-12-27 18:24 . 2012-12-27 18:24 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-12-27 18:24 . 2012-12-27 18:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-12-27 18:24 . 2012-12-27 18:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-12-27 18:24 . 2012-12-27 18:24 237056 ----a-w- c:\windows\system32\url.dll
    2012-12-27 18:24 . 2012-12-27 18:24 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-12-27 18:24 . 2012-12-27 18:24 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-12-27 18:24 . 2012-12-27 18:24 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-12-27 18:24 . 2012-12-27 18:24 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-12-27 18:24 . 2012-12-27 18:24 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-12-27 18:24 . 2012-12-27 18:24 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-12-27 18:24 . 2012-12-27 18:24 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-12-27 18:24 . 2012-12-27 18:24 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-12-27 18:24 . 2012-12-27 18:24 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-12-27 18:24 . 2012-12-27 18:24 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-12-27 18:24 . 2012-12-27 18:24 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-12-27 18:24 . 2012-12-27 18:24 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-12-27 18:24 . 2012-12-27 18:24 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-12-27 18:24 . 2012-12-27 18:24 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-12-27 18:24 . 2012-12-27 18:24 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-12-27 18:24 . 2012-12-27 18:24 149504 ----a-w- c:\windows\system32\occache.dll
    2012-12-27 18:24 . 2012-12-27 18:24 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-12-27 18:24 . 2012-12-27 18:24 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-12-27 18:24 . 2012-12-27 18:24 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-12-27 18:24 . 2012-12-27 18:24 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-12-27 18:24 . 2012-12-27 18:24 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-12-27 18:24 . 2012-12-27 18:24 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-12-27 18:24 . 2012-12-27 18:24 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-12-27 18:24 . 2012-12-27 18:24 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-12-27 18:24 . 2012-12-27 18:24 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-12-27 18:24 . 2012-12-27 18:24 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-12-27 18:24 . 2012-12-27 18:24 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-12-27 18:24 . 2012-12-27 18:24 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-12-27 18:24 . 2012-12-27 18:24 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-12-27 18:24 . 2012-12-27 18:24 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-12-27 18:24 . 2012-12-27 18:24 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-12-27 18:24 . 2012-12-27 18:24 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-12-27 18:24 . 2012-12-27 18:24 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-12-16 17:11 . 2012-12-27 18:22 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-27 18:22 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-27 18:22 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-27 18:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-11-28 15:58 . 2012-12-27 18:27 67413224 ----a-w- c:\windows\system32\MRT.exe
    2012-11-22 03:26 . 2012-12-27 18:17 3149824 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    .
    c:\users\Red trees in winter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-2-7 3208032]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2010-6-4 7667970]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    "BDRegion"=c:\program files (x86)\Cyberlink\Shared Files\brs.exe
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/12/27 19:57;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 15360]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-27 1255736]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-07 822624]
    S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472]
    S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
    S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-10 1394504]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
    S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 765288]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys [2008-07-26 14544]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 32369770
    *NewlyCreated* - 89120012
    *NewlyCreated* - WINRING0_1_2_0
    *Deregistered* - 32369770
    *Deregistered* - 89120012
    *Deregistered* - CLKMDRV10_9EC60124
    *Deregistered* - mfeavfk01
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://search.easylifeapp.com/?pid=708&r=2013/02/15&hid=3693474927&lg=EN&cc=IE
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Red trees in winter\AppData\Roaming\Mozilla\Firefox\Profiles\127iji5w.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=708&abc=ff1&r=2013/02/15&hid=3693474927&lg=EN&cc=IE&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=708&abc=ff1&r=2013/02/15&hid=3693474927&lg=EN&cc=IE&l=1&q=
    FF - ExtSQL: 2012-12-27 07:43; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-15 05:23:13
    ComboFix-quarantined-files.txt 2013-02-15 05:23
    ComboFix2.txt 2013-02-15 03:14
    ComboFix3.txt 2013-02-15 02:56
    .
    Pre-Run: 438,088,671,232 bytes free
    Post-Run: 438,025,920,512 bytes free
    .
    - - End Of File - - 2D8FCB571754E2AA7D2F693892652C61
     
  2. woodfox

    woodfox Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    4
    I need to remove the following from my computer:

    mStart Page = hxxp://search.easylifeapp.com/?pid=708&r=2013/02/15&hid=3693474927&lg=EN&cc=IE

    Any advise provided would be greatly appreciated, thanks
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I have merged both of your topics together
    Do NOT start new topics for the same subject, it just confuses the issue & makes it much harder to help you

    After posting the logs I asked for in my previous post & only after posting the logs then do this

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.

    I also need to see these files which are the earlier runs of Combofix , so we can see what it fixed then

    go to c:\qoobox & look for ComboFix2.txt and ComboFix3.txt

    attach them here in your next reply
     
  5. woodfox

    woodfox Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    4
    Hi,

    Sorry I have been busy...

    I will explain in short what I have done, I had reinstall a clean windows installation (Windows 7) the last day on the machine. Then I run combofix to see if I still have the problem, for what I have see the "mStart Page = hxxp://search.easylifeapp.com/?pid=708&r=2013/02/15&hid=3693474927&lg=EN&cc=IE" it doesn't appear any longer on the logs. So I don't know if by reinstall the operating system the issue got fix or rid off.

    What I have noticed is on the combofix log under "ORPHANS REMOVED" the following "Wow6432Node-HKLM-Run-<NO NAME> - (no file) seen to popping up before and after the clean installation, so I don’t know if this is a file that it needs to be in the computer or not. Also the message at the end of the file (no file) it seem to suggest that it doesn’t exist or ???

    I have follow your instructions and I have attached within this reply the logs you require.

    Thanks
     

    Attached Files:

  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    you reinstalled windows, so you cannot have any problems
     
  7. woodfox

    woodfox Thread Starter

    Joined:
    Feb 15, 2013
    Messages:
    4
    Thank you for your time.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089600

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice