Hi,

It started with the ib.adnxs.com adware, and now I have Easylife. I have generally been seeing out of place/more frequent advertisements while browsing.




DDS:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Frank at 2:37:08 on 2013-05-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8040.6406 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\jmesoft\Service.exe
C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\ProgramData\Premium\MagniPic\MagniPic.exe
C:\ProgramData\BetterSoft\EasylifeGadget Updater\EasylifeGadget Updater.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\UMonit.exe
C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Windows\jmesoft\JME_LOAD.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/19&hid=2732658822&lg=EN&cc=US
uSearch Bar = Preserve
mStart Page = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/19&hid=2732658822&lg=EN&cc=US
BHO: MagnniPyic: {02EA14EF-1CFF-EE65-B998-72960446F6C0} - C:\ProgramData\MagnniPyic\517edfa47ff57.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SearchNewTab: {EDDC773B-DD09-D7DB-EB3E-098E0519D5FC} - C:\ProgramData\SearchNewTab\51984e9697f77.dll
mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ModeSwitch] "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Frank\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Frank\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{2B440850-6967-4ACF-A9DB-3636FB5F0A38} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{2B440850-6967-4ACF-A9DB-3636FB5F0A38}\9423E49534 : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\magnipic\sprote~1.dll c:\progra~2\easylife\sprote~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [UMonit] C:\windows\SysWOW64\UMonit.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&hid=2732658822&lg=EN&cc=US&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/05/19&hid=2732658822&lg=EN&cc=US
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&hid=2732658822&lg=EN&cc=US&l=1&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-04-29 17:01; h2pfay7d1@ieu-oqtqpa.net; C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\h2pfay7d1@ieu-oqtqpa.net
FF - ExtSQL: 2013-05-19 00:01; vxjvfaaioquo@nvxh-jt.com; C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\vxjvfaaioquo@nvxh-jt.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.privitize.hpOld0 -
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=02b0f2a5000000000000ac8112b8fd1c&q=
FF - user.js: extensions.privitize.id - 02b0f2a5000000000000ac8112b8fd1c
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15824
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.2216:21:16
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.js: extensions.privitize.aflt - orgnl
FF - user.js: extensions.privitize.smplGrp - none
FF - user.js: extensions.privitize.tlbrId - base
FF - user.js: extensions.privitize.instlRef -
FF - user.js: extensions.privitize.dfltLng -
FF - user.js: extensions.privitize.excTlbr - true
FF - user.js: extensions.privitize.ffxUnstlRst - false
FF - user.js: extensions.privitize.admin - false
FF - user.js: extensions.privitize.autoRvrt - false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=02b0f2a5000000000000ac8112b8fd1c
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=02b0f2a5000000000000ac8112b8fd1c
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=02b0f2a5000000000000ac8112b8fd1c
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-10-11 57952]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-10-11 55280]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-10-11 20832]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-10-11 13408]
R2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2010-8-30 96752]
R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2011-10-11 32768]
R2 LenovoCOMSvc;LenovoCOMService;C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [2011-10-11 49152]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-11 2655768]
R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-10-11 57856]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-10-11 947304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 cebal2x64;cebal2x64;C:\windows\System32\drivers\cebal2_x64.sys [2012-8-10 38400]
S3 LitModeCtrl;LitModeCtrl;C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [2011-10-11 81920]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-19 04:00:39 -------- d-----w- C:\ProgramData\StarApp
2013-05-19 04:00:37 -------- d-----w- C:\ProgramData\BetterSoft
2013-05-19 04:00:36 -------- d-----w- C:\ProgramData\SearchNewTab
2013-05-19 04:00:34 -------- d-----w- C:\Program Files (x86)\EasyLife
2013-05-16 22:13:39 -------- d-s---w- C:\windows\SysWow64\Microsoft
2013-05-15 20:33:59 -------- d-----w- C:\Program Files\Enigma Software Group
2013-05-15 20:33:20 -------- d-----w- C:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-05-15 20:33:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-04-29 23:34:47 -------- d-----w- C:\Program Files (x86)\samples
2013-04-29 23:34:46 -------- d-----w- C:\Program Files (x86)\Mentor
2013-04-29 23:34:46 -------- d-----w- C:\Program Files (x86)\key
2013-04-29 23:34:46 -------- d-----w- C:\Program Files (x86)\job
2013-04-29 23:34:46 -------- d-----w- C:\Program Files (x86)\DXF
2013-04-29 23:34:46 -------- d-----w- C:\Program Files (x86)\274-X_Gerber
2013-04-29 23:34:46 -------- d-----w- C:\Program Files (x86)\274-D_Gerber
2013-04-29 20:21:41 -------- d-----w- C:\Users\Frank\AppData\Local\Programs
2013-04-29 20:21:38 -------- d-----w- C:\ProgramData\CLSoft LTD
2013-04-29 20:21:34 -------- d-----w- C:\ProgramData\Premium
2013-04-29 20:21:33 -------- d-----w- C:\Program Files (x86)\MagniPic
2013-04-29 20:21:32 -------- d-----w- C:\ProgramData\MagnniPyic
2013-04-29 20:21:25 -------- d-----w- C:\ProgramData\InstallMate
2013-04-25 20:39:17 -------- d-----w- C:\Users\Frank\AppData\Roaming\Mael
2013-04-25 19:52:39 -------- d-----w- C:\Users\Frank\AppData\Local\AltiumDesignerSummer09
2013-04-25 19:52:37 -------- d-----w- C:\Users\Frank\AppData\Roaming\AltiumDesignerSummer09
2013-04-25 19:52:37 -------- d-----w- C:\ProgramData\AltiumDesignerSummer09_Security
2013-04-25 19:31:53 -------- d-----w- C:\ProgramData\AltiumDesignerSummer09
.
==================== Find3M ====================
.
2013-04-06 23:55:44 3003392 ----a-w- C:\windows\System32\python27.dll
2013-03-18 05:25:45 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-18 05:25:45 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2009-09-04 12:00:28 21019 ----a-w- C:\Program Files (x86)\uninstall.exe
2009-08-02 11:36:02 1069056 ----a-w- C:\Program Files (x86)\viewplot.exe
2004-05-10 12:00:00 40960 ----a-w- C:\Program Files (x86)\CheckKey.exe
.
============= FINISH: 2:37:20.16 ===============




aswMBR:


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-20 02:39:27
-----------------------------
02:39:27.248 OS Version: Windows x64 6.1.7601 Service Pack 1
02:39:27.248 Number of processors: 4 586 0x2A07
02:39:27.248 ComputerName: FRANK-PC UserName: Frank
02:39:30.942 Initialize success
02:40:19.146 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:40:19.147 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3FE Size: 953869MB BusType: 11
02:40:19.239 Disk 0 MBR read successfully
02:40:19.241 Disk 0 MBR scan
02:40:19.242 Disk 0 Windows 7 default MBR code
02:40:19.245 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:40:19.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 928093 MB offset 206848
02:40:19.285 Disk 0 Partition 3 00 12 Compaq diag NTFS 25675 MB offset 1900941312
02:40:19.320 Disk 0 scanning C:\windows\system32\drivers
02:40:22.261 Service scanning
02:40:30.404 Modules scanning
02:40:30.408 Disk 0 trace - called modules:
02:40:30.422 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:40:30.425 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dba060]
02:40:30.428 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80077969b0]
02:40:30.430 5 ACPI.sys[fffff88000d587a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007793060]
02:40:30.433 Scan finished successfully
02:40:39.582 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Desktop\MBR.dat"
02:40:39.585 The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-20 02:41:56
-----------------------------
02:41:56.994 OS Version: Windows x64 6.1.7601 Service Pack 1
02:41:56.994 Number of processors: 4 586 0x2A07
02:41:56.994 ComputerName: FRANK-PC UserName: Frank
02:42:02.704 Initialize success
02:44:00.139 AVAST engine defs: 13051901
02:44:21.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:44:21.355 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3FE Size: 953869MB BusType: 11
02:44:21.480 Disk 0 MBR read successfully
02:44:21.480 Disk 0 MBR scan
02:44:21.480 Disk 0 Windows 7 default MBR code
02:44:21.480 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:44:21.496 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 928093 MB offset 206848
02:44:21.527 Disk 0 Partition 3 00 12 Compaq diag NTFS 25675 MB offset 1900941312
02:44:21.636 Disk 0 scanning C:\windows\system32\drivers
02:44:26.129 Service scanning
02:44:38.562 Modules scanning
02:44:38.562 Disk 0 trace - called modules:
02:44:38.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:44:38.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dba060]
02:44:38.578 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80077969b0]
02:44:38.578 5 ACPI.sys[fffff88000d587a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007793060]
02:44:42.025 AVAST engine scan C:\windows
02:44:45.426 AVAST engine scan C:\windows\system32
02:46:14.690 AVAST engine scan C:\windows\system32\drivers
02:46:22.833 AVAST engine scan C:\Users\Frank
02:47:55.577 AVAST engine scan C:\ProgramData
02:48:20.257 File: C:\ProgramData\Premium\MagniPic\MagniPic.exe **INFECTED** Win32:Malware-gen
02:48:21.727 Scan finished successfully
02:51:40.137 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Desktop\MBR.dat"
02:51:40.137 The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"

hi frankfolo,

Sorry for the delay, if you still need help simply reply back.

hi shelf life,

I do still need help.

Thanks

ok: look in your add/remove programs panel and uninstall the following one by one if present: After all are uninstalled reboot your machine.

EasyLife Search 1.74
EasylifeGadget
MagniPic
SearchNewTab
Privitize VPN

We will get two downloads to use: Adwcleaner and Malwarebytes.

Please download Adwcleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode to your desktop.
Right click on AdwCleaner.exe, select "run as admin"
Click on Search button
A logfile will automatically open after the scan has finished
Copy and paste the contents in your next reply.
You can also find the logfile in your root drive C:\AdwCleaner[R1].txt

Malwarebytes:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Hi shelf life,

I uninstalled all of the programs you instructed me to except for Privitize VPN, which wasn't there. I also ran Adwcleaner and Malwarebytes as instructed. However, after restarting my computer as part of the removal of objects in Malwarebytes, I still have easylife as the default page for a new tab in Firefox.

Here are my log files:




Adwcleaner:

# AdwCleaner v2.301 - Logfile created 05/26/2013 at 23:23:34
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Frank - FRANK-PC
# Boot Mode : Normal
# Running from : C:\Users\Frank\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Uninstall.exe
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\searchplugins\EasyLife.xml
Folder Found : C:\Program Files (x86)\EasyLife
Folder Found : C:\Program Files (x86)\MagniPic
Folder Found : C:\ProgramData\clsoft ltd
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\MagnniPyic
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\SearchNewTab
Folder Found : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefcababcdpfgghfpacinhlgkdmalmoe
Folder Found : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkaofgnnopkaaanbinpcbgcbngkjgog
Folder Found : C:\Users\Frank\AppData\LocalLow\MagnniPyic
Folder Found : C:\Users\Frank\AppData\LocalLow\SearchNewTab
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\h2pfay7d1@ieu-oqtqpa.net
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\vxjvfaaioquo@nvxh-jt.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02EA14EF-1CFF-EE65-B998-72960446F6C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EDDC773B-DD09-D7DB-EB3E-098E0519D5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02EA14EF-1CFF-EE65-B998-72960446F6C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EDDC773B-DD09-D7DB-EB3E-098E0519D5FC}
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Found : HKU\S-1-5-21-2903208021-1474375682-2186726498-1001\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/19&hid=2732658822&lg=EN&cc=US
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/19&hid=2732658822&lg=EN&cc=US

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("browser.search.defaultenginename", "EasyLife");
Found : user_pref("browser.search.defaultenginename,S", "EasyLife");
Found : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&[...]
Found : user_pref("browser.search.order.1", "EasyLife");
Found : user_pref("browser.search.order.1,S", "EasyLife");
Found : user_pref("browser.search.selectedEngine,S", "EasyLife");
Found : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/05/19&h[...]
Found : user_pref("extensions.517edfa47fe51.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Found : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&hid=2732658822[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=3[...]
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=[...]
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5093 octets] - [26/05/2013 23:23:34]

########## EOF - C:\AdwCleaner[R1].txt - [5153 octets] ##########




Malwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frank :: FRANK-PC [administrator]

5/26/2013 11:29:19 PM
mbam-log-2013-05-26 (23-29-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 485538
Time elapsed: 26 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\ProgramData\MagnniPyic\517edfa47ff57.dll (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7437Z3E\517edfa499bf6[1].exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7437Z3E\51984e96ac915[1].exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\k9VXzsgD.exe.part (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\NGexDp1w.exe.part (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.

(end)

ok. One more step. Run Adwcleaner once more by clicking the search button. After the log appears you can just close it then click the delete button. Adwcleaner will then reboot your machine to delete the items. After restart a new log will be displayed which you can post in your reply.

easylife seems to be gone now. Could this be it?


Adwcleaner log:

# AdwCleaner v2.301 - Logfile created 05/27/2013 at 12:26:03
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Frank - FRANK-PC
# Boot Mode : Normal
# Running from : C:\Users\Frank\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Uninstall.exe
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\searchplugins\EasyLife.xml
Folder Deleted : C:\Program Files (x86)\EasyLife
Folder Deleted : C:\Program Files (x86)\MagniPic
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\MagnniPyic
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefcababcdpfgghfpacinhlgkdmalmoe
Folder Deleted : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkaofgnnopkaaanbinpcbgcbngkjgog
Folder Deleted : C:\Users\Frank\AppData\LocalLow\MagnniPyic
Folder Deleted : C:\Users\Frank\AppData\LocalLow\SearchNewTab
Folder Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\h2pfay7d1@ieu-oqtqpa.net
Folder Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\vxjvfaaioquo@nvxh-jt.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02EA14EF-1CFF-EE65-B998-72960446F6C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EDDC773B-DD09-D7DB-EB3E-098E0519D5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02EA14EF-1CFF-EE65-B998-72960446F6C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EDDC773B-DD09-D7DB-EB3E-098E0519D5FC}
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/19&hid=2732658822&lg=EN&cc=US --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/19&hid=2732658822&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\prefs.js

C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "EasyLife");
Deleted : user_pref("browser.search.defaultenginename,S", "EasyLife");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&[...]
Deleted : user_pref("browser.search.order.1", "EasyLife");
Deleted : user_pref("browser.search.order.1,S", "EasyLife");
Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/05/19&h[...]
Deleted : user_pref("extensions.517edfa47fe51.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&hid=2732658822[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=3[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=[...]
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5220 octets] - [26/05/2013 23:23:34]
AdwCleaner[R2].txt - [5280 octets] - [27/05/2013 12:25:34]
AdwCleaner[S1].txt - [5330 octets] - [27/05/2013 12:26:03]

########## EOF - C:\AdwCleaner[S1].txt - [5390 octets] ##########

That should take care of it. Using explorer take a look in C:\ProgramData and delete the entire Premium folder if found.

C:\ProgramData\Premium\MagniPic\MagniPic.exe

The Premium folder appears to be gone.

ok Good. You can delete the Adwcleaner icon from your desktop as well as its logs. Keep Malwarebytes and note that in the free version both updates and a scan must be done manually. Always check for updates before a scan.

So if all is good now on your end, some tips to help you avoid malware:

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software are installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing tricks. (http://www.fraud.org/tips/internet/phishing.htm)

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) Your browser risks: The why and how (http://www.cert.org/tech_tips/securing_browser/) to secure your browser for safer surfing. For added protection disable Java (http://disablejava.com/) in your browser.

10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?
More info/tips with pictures, link below.

Happy Safe Surfing.