Inactive-A Help with Spyware/Malware removal.

Status
Not open for further replies.
Scan Log
Version of virus signature database: 8752 (20130901)
Date: 9/2/2013 Time: 12:30:10 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;F:\Boot sector;Q:\Boot sector;C:\;D:\;F:\;Q:\
Boot sector of disk Q: - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » PROCESS_LIBRARY.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION_CUSTOMIZED.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » HIRING_REQUISITION.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » TRACK_ISSUES.FDT » MIME - is OK (internal scanning not performed)
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab » CAB » POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2\License\license.mht » MIME - is OK (internal scanning not performed)
C:\ProgramData\AVG2013\IDS\config\quarantinedList.zip » ZIP » quarantinedList.xml - error - password-protected file
C:\ProgramData\AVG2013\IDS\config\quarantinedList.zip.bak » ZIP » quarantinedList.xml - error - password-protected file
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/crypto/des/times/aix.cc » MIME - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/crypto/dh/example » MBOX - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/crypto/dh/generate » MIME - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/crypto/pkcs7/t/nav-smime » MBOX - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/cms/comp.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/cms/encr.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/cms/sign.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/maurice/README » MBOX - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/sign/sign.txt » MBOX - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/sign/sig.txt » MBOX - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/smime/encr.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Hewlett-Packard\OpenSource\Openssl\openssl-1.0.0d.tar.gz » GZIP » openssl-1.0.0d.tar » TAR » openssl-1.0.0d/demos/smime/sign.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsd - error opening [4]
C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsG - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.35\deploy\css\fonts_pl_PL.swf » CWS » file.swf - archive damaged - the file could not be extracted.
C:\SWSetup\HPDOC\NoteB1.cab » CAB » AB3.pdf_1 - archive damaged - the file could not be extracted.
C:\SWSetup\HPDOC\NoteB2.cab » CAB » AB3.pdf_1 - archive damaged - the file could not be extracted.
C:\SWSetup\HPDOC\NoteB2.cab » CAB » a.pdf_14 - archive damaged - the file could not be extracted.
C:\SWSetup\HPDOC\NoteB3.cab » CAB » a.pdf_14 - archive damaged - the file could not be extracted.
C:\SWSetup\HPDOC\NoteB3.cab » CAB » E23.pdf_1 - archive damaged - the file could not be extracted.
C:\SWSetup\HPDOC\NoteB4.cab » CAB » E23.pdf_1 - archive damaged - the file could not be extracted.
C:\SWSetup\HPDOC\setup.exe » ADVANCEDINSTALLER » - archive damaged
C:\SWSetup\sp59202\HPSWF.EXE » ADVANCEDINSTALLER » - archive damaged
C:\System Volume Information\Syscache.hve - error opening [4]
C:\System Volume Information\Syscache.hve.LOG1 - error opening [4]
C:\System Volume Information\Syscache.hve.LOG2 - error opening [4]
C:\System Volume Information\{01b732df-12a2-11e3-9a81-28924a1ccf61}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{5cd9ab33-0696-11e3-9999-28924a1ccf61}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{a8a8faf7-0d61-11e3-88f4-28924a1ccf61}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b3af9fe5-1291-11e3-b4af-28924a1ccf61}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b3af9ffa-1291-11e3-b4af-28924a1ccf61}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d76711f9-12a9-11e3-b1d6-28924a1ccf61}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d76711fd-12a9-11e3-b1d6-28924a1ccf61}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\All Users\AVG2013\IDS\config\quarantinedList.zip » ZIP » quarantinedList.xml - error - password-protected file
C:\Users\All Users\AVG2013\IDS\config\quarantinedList.zip.bak » ZIP » quarantinedList.xml - error - password-protected file
C:\Users\All Users\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsd - error opening [4]
C:\Users\All Users\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsG - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\Jones\NTUSER.DAT - error opening [4]
C:\Users\Jones\ntuser.dat.LOG1 - error opening [4]
C:\Users\Jones\ntuser.dat.LOG2 - error opening [4]
C:\Users\Jones\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Jones\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Jones\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Jones\AppData\Local\Microsoft\Windows\WebCache\V01.log - error opening [4]
C:\Users\Jones\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - error opening [4]
C:\Users\Jones\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - error opening [4]
C:\Users\Jones\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml » MIME - is OK (internal scanning not performed)
C:\Users\Jones\AppData\LocalLow\Sun\Java\JRERunOnce.exe » CAB » aucheck - archive damaged - the file could not be extracted.
C:\Users\Jones\AppData\LocalLow\Sun\Java\JRERunOnce.exe » CAB » jaureg - archive damaged - the file could not be extracted.
C:\Users\Jones\AppData\LocalLow\Sun\Java\JRERunOnce.exe » CAB » jucheck - archive damaged - the file could not be extracted.
C:\Users\Jones\AppData\LocalLow\Sun\Java\JRERunOnce.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Users\Jones\AppData\LocalLow\Sun\Java\JRERunOnce.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Users\Jones\AppData\LocalLow\Sun\Java\JRERunOnce.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\parent.lock - error opening [4]
C:\Users\Jones\Desktop\AppRemover.exe » RAR » AVSDKList.zip » ZIP » output.xml - error - password-protected file
C:\Users\Jones\Desktop\AppRemover.exe » RAR » ManualUninstallConfig.zip » ZIP » out.xml - error - password-protected file
C:\Users\Jones\Desktop\AppRemover.exe » RAR » ProductReleaseNotes.zip » ZIP » ProductReleaseNotes.xml - error - password-protected file
C:\Users\Jones\Desktop\AppRemover.exe » RAR » QATestedProducts.zip » ZIP » QATestedProducts.xml - error - password-protected file
C:\Users\Jones\Documents\TransUnion_jsp.mht » MIME - is OK (internal scanning not performed)
C:\Users\Jones\Documents\TransUnion_jspprint.mht » MIME - is OK (internal scanning not performed)
C:\Users\Jones\Downloads\CouponPrinter(1).exe » INDIGOROSE - unsupported option
C:\Users\Jones\Downloads\CouponPrinter.exe » INDIGOROSE - unsupported option
C:\Windows\Installer\6b279fa.msi » MSI » required.cab » CAB - error reading archive
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\385b05f16d709ffd7b655cd65e598eee68f354e1.HomeGroupClassifier\074eeee2560323c9cf92280515e6f262\grouping\db.mdb - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\385b05f16d709ffd7b655cd65e598eee68f354e1.HomeGroupClassifier\074eeee2560323c9cf92280515e6f262\grouping\edb.log - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\385b05f16d709ffd7b655cd65e598eee68f354e1.HomeGroupClassifier\074eeee2560323c9cf92280515e6f262\grouping\tmp.edb - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\Temp\HPSLPSVC0000.log - error opening [4]
Q:\ - error opening [4]
Number of scanned objects: 776196
Number of threats found: 0
Time of completion: 8:50:19 AM Total scanning time: 30009 sec (08:20:09)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 
All processes killed
========== OTL ==========
Process WatGorp.exe killed successfully!
Service WatGorp stopped successfully!
Service WatGorp deleted successfully!
C:\ProgramData\GorillaPrice\WatGorp.exe moved successfully.
C:\ProgramData\GorillaPrice\ChromeAddon\plugin folder moved successfully.
C:\ProgramData\GorillaPrice\ChromeAddon folder moved successfully.
C:\ProgramData\GorillaPrice folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
File\Folder C:\ProgramData\GorillaPrice not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jones
->Temp folder emptied: 1743202 bytes
->Temporary Internet Files folder emptied: 244653 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 267518603 bytes
->Google Chrome cache emptied: 9004243 bytes
->Flash cache emptied: 2361 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5613 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 266.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jones
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jones
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09022013_121544

Files\Folders moved on Reboot...
C:\Users\Jones\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF6G9HSM\index[1].htm moved successfully.
C:\Users\Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNXCBW5C\I[1] moved successfully.
File\Folder C:\Users\Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
The adware has stopped, and the performance seems to be almost as good as it was before. Also, I noticed that GorillaPrice is still on the Programs and Features list. Is this suppose to happen? When the fix is complete will I be able to uninstall it?
 
Most likely it's just registry leftover.

Download UnInstall Cleaner
Unzip downloaded file.
Double click on UIClean.exe to run the tool.
Click on leftover entry and click Delete button.
 
It will not let me remove ESET from my computer. Also ESET blocks me from the UnInstall Cleaner URL. It comes up with a button that says proceed to site but will not let me go to it when I click it. Should I try it in safemode?
 
It will not let me remove ESET from my computer. Also ESET blocks me from the UnInstall Cleaner URL. It comes up with a button that says proceed to site but will not let me go to it when I click it. Should I try it in safemode?
 
Something is wrong here.
I just looked at your post #49 and it looks to me that instead of running Eset online scanner you installed Eset AV program.
You already have AVG installed so you must uninstall Eset.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
831
losdavos
losdavos
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
478
eriksnyman1
E
D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
403
Fastturtle
F

Latest posts

Back