It started with the ib.adnxs.com adware, and now I have Easylife. I have generally been seeing out of place/more frequent advertisements while browsing.
We will get two downloads to use: Adwcleaner and Malwarebytes.
Please download Adwcleaner by Xplode to your desktop.
Right click on AdwCleaner.exe, select "run as admin"
Click on Search button
A logfile will automatically open after the scan has finished
Copy and paste the contents in your next reply.
You can also find the logfile in your root drive C:\AdwCleaner[R1].txt
Malwarebytes:
Please download the free version of Malwarebytes to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
I uninstalled all of the programs you instructed me to except for Privitize VPN, which wasn't there. I also ran Adwcleaner and Malwarebytes as instructed. However, after restarting my computer as part of the removal of objects in Malwarebytes, I still have easylife as the default page for a new tab in Firefox.
Here are my log files:
Adwcleaner:
# AdwCleaner v2.301 - Logfile created 05/26/2013 at 23:23:34
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Frank - FRANK-PC
# Boot Mode : Normal
# Running from : C:\Users\Frank\Desktop\AdwCleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Program Files (x86)\Uninstall.exe
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\searchplugins\EasyLife.xml
Folder Found : C:\Program Files (x86)\EasyLife
Folder Found : C:\Program Files (x86)\MagniPic
Folder Found : C:\ProgramData\clsoft ltd
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\MagnniPyic
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\SearchNewTab
Folder Found : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefcababcdpfgghfpacinhlgkdmalmoe
Folder Found : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkaofgnnopkaaanbinpcbgcbngkjgog
Folder Found : C:\Users\Frank\AppData\LocalLow\MagnniPyic
Folder Found : C:\Users\Frank\AppData\LocalLow\SearchNewTab
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\h2pfay7d1@ieu-oqtqpa.net
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ypokwgqk.default\extensions\vxjvfaaioquo@nvxh-jt.com
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02EA14EF-1CFF-EE65-B998-72960446F6C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EDDC773B-DD09-D7DB-EB3E-098E0519D5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02EA14EF-1CFF-EE65-B998-72960446F6C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EDDC773B-DD09-D7DB-EB3E-098E0519D5FC}
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Found : HKU\S-1-5-21-2903208021-1474375682-2186726498-1001\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("browser.search.defaultenginename", "EasyLife");
Found : user_pref("browser.search.defaultenginename,S", "EasyLife");
Found : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&[...]
Found : user_pref("browser.search.order.1", "EasyLife");
Found : user_pref("browser.search.order.1,S", "EasyLife");
Found : user_pref("browser.search.selectedEngine,S", "EasyLife");
Found : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/05/19&h[...]
Found : user_pref("extensions.517edfa47fe51.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Found : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/19&hid=2732658822[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=3[...]
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=[...]
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");
ok. One more step. Run Adwcleaner once more by clicking the search button. After the log appears you can just close it then click the delete button. Adwcleaner will then reboot your machine to delete the items. After restart a new log will be displayed which you can post in your reply.
# AdwCleaner v2.301 - Logfile created 05/27/2013 at 12:26:03
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Frank - FRANK-PC
# Boot Mode : Normal
# Running from : C:\Users\Frank\Desktop\AdwCleaner.exe
# Option [Delete]
ok Good. You can delete the Adwcleaner icon from your desktop as well as its logs. Keep Malwarebytes and note that in the free version both updates and a scan must be done manually. Always check for updates before a scan.
So if all is good now on your end, some tips to help you avoid malware:
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software are installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing tricks.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista, Windows 7 and Windows 8 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) Your browser risks: The why and how to secure your browser for safer surfing. For added protection disable Java in your browser.
10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Do you really trust the source of the file?
More info/tips with pictures, link below.
Happy Safe Surfing.
Last edited by tashi; 2013-06-24 at 20:27.
Reason: Thank you shelf life. :-)