Solve : Daughter's Computer Infected with GamePlay Lab Adware?

1.	Solve : Daughter's Computer Infected with GamePlay Lab Adware?
Answer» Hi, Ran a scan and found she was infected with GamePlay Lab Adware. I just want to be sure it is cleaned and nothing else hanging around since there have been infections on the network. Here are the files: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.22.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ADMINISTRATOR :: MICHELE-6273CB9 [administrator] 7/22/2013 2:57:47 PM mbam-log-2013-07-22 (14-57-47).txt Scan type: Full scan (C:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 291550 Time elapsed: 58 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory MODULES Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------------------------- # AdwCleaner v2.306 - Logfile created 07/22/2013 at 13:33:30 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - MICHELE-6273CB9 # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner(1).exe # Option [Delete] *** [Services] * * [Files / Folders] * Deleted on reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\searchplugins\Askcom.xml File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\searchplugins\Search_Results.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ilividtoolbarguid Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\ilividtoolbarguid Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Program Files\file scout Folder Deleted : C:\Program Files\Search Results Toolbar Folder Deleted : C:\Program Files\Yontoo * [Registry] *** Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Complitly Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\SimplyGen Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [.crossrider.com] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [.crossrider.com] *** [Internet Browsers] * -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=41648106&gct=hp --> hxxp://www.google.com -\\ Mozilla Firefox v22.0 (en-US) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "Search Results"); Deleted : user_pref("browser.search.order.1", "Search Results"); -\\ Google Chrome v28.0.1500.72 File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ********************* AdwCleaner[S1].txt - [5362 octets] - [22/07/2013 13:33:30] ########## EOF - C:\AdwCleaner[S1].txt - [5422 octets] ########## -------------------------------------- Results of screen317's Security Check version 0.99.70 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Please wait while WMIC is being installed.d i s p l a y N a m e ECHO is off. a v a s t ! ECHO is off. A n t i v i r u s ECHO is off. Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````[/u] Out of date HijackThis installed! Malwarebytes Anti-Malware version 1.75.0.1300 HijackThis 2.0.2 CCleaner Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) Google Chrome 27.0.1453.116 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent````````[/u] AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````[/u] Quote Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!) Please defrag your harddrive soon. (SSD means Solid State Drive.) Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a LIST of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your system. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. ***************************************** Download RogueKiller on the desktop Close all the running programs Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator Otherwise just double-click on RogueKiller.exe Pre-scan will start. Let it finish. Click on SCAN button. A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop) If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again I ran the two scans and here are the reports. I will run the defrag as soon as we are done unless you would prefer I run it now. Thanks so much! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.2 (07.22.2013:2) OS: Microsoft Windows XP x86 Ran by Administrator on Tue 07/23/2013 at 18:41:09.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077227758} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{480F9B7D-125E-4F11-B8D2-DA705E457E8F} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wincert" ~~~ FireFox Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml" Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/23/2013 at 18:48:45.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --------------------------------------- RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 07/23/2013 18:55:09 \| ARK \|\| FAK \|\| MBR \| ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1200BEVE-00WZT0 +++++ --- User --- [MBR] 490235036159349e472e6f4870112cd2 [BSP] e1bf717d93861b562449c8e79ac1fe53 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 \| Size: 114463 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07232013_185509.txt >> Yes, run the defrag any time you wish. Please run RogueKiller again and delete those items. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. Leave the check mark next to Remove found threats. •Check •Push the Start** button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt ok sounds good. I will run this scan tonight and post the results. Thanks!Sorry it has taken me so long. Our internet provider had some outages. Will get this posted asap. Thanks!

Answer»

Hi,

Ran a scan and found she was infected with GamePlay Lab Adware. I just want to be sure it is cleaned and nothing else hanging around since there have been infections on the network.

Here are the files:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.22.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMINISTRATOR :: MICHELE-6273CB9 [administrator]

7/22/2013 2:57:47 PM
mbam-log-2013-07-22 (14-57-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291550
Time elapsed: 58 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory MODULES Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-------------------------------------

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 13:33:30
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - MICHELE-6273CB9
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner(1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\Program Files\Search Results Toolbar
Folder Deleted : C:\Program Files\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\SimplyGen
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=41648106&gct=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zj5c0w0m.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5362 octets] - [22/07/2013 13:33:30]

########## EOF - C:\AdwCleaner[S1].txt - [5422 octets] ##########

--------------------------------------

Results of screen317's Security Check version 0.99.70
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
CCleaner
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (22.0)
Google Chrome 27.0.1453.116
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````[/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]
Quote

Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)

Please defrag your harddrive soon. (SSD means Solid State Drive.)

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a LIST of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

I ran the two scans and here are the reports. I will run the defrag as soon as we are done unless you would prefer I run it now. Thanks so much!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Microsoft Windows XP x86
Ran by Administrator on Tue 07/23/2013 at 18:41:09.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077227758}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{480F9B7D-125E-4F11-B8D2-DA705E457E8F}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wincert"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/23/2013 at 18:48:45.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 07/23/2013 18:55:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200BEVE-00WZT0 +++++
--- User ---
[MBR] 490235036159349e472e6f4870112cd2
[BSP] e1bf717d93861b562449c8e79ac1fe53 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07232013_185509.txt >>
Yes, run the defrag any time you wish.
Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
ok sounds good. I will run this scan tonight and post the results. Thanks!Sorry it has taken me so long. Our internet provider had some outages. Will get this posted asap. Thanks!

Solve : Daughter's Computer Infected with GamePlay Lab Adware?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment