33 replies to this topic

[jeffce]

Hi,
 
Per our Terms of Use

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.

 
I would recommend that since this is a business computer, it might probably be in your best interest (and that of your clients) to just back up everything and reformat your system.

[vdicaprio]

jeff

 

Sorry - I wasnt aware of that.  We are a small company and dont have an IT dept.  

 

Any chance we can finish this thread and then I will find other ways to deal with untimely viruses? 

 

If not I understand.

 

Vdicaprio

[jeffce]

Hi,

 

Sorry - I wasnt aware of that.  We are a small company and dont have an IT dept.

No worries.....are you the owner or can you get permission from the owner to continue? 

[vdicaprio]

Jeff

 

I am the owner.

 

thanks

[jeffce]

LOL!!  Ok I guess we can continue. 
 
Are you only seeing the Level Quality Watcher in Add/Remove Programs or anyplace else??
 
  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
• This time, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
  Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

[vdicaprio]

Jeff

 

Below are the logs - and I am only seeing it in the Add/Remove Programs list, nowhere else.

 

# AdwCleaner v3.016 - Report created 28/12/2013 at 11:33:05

# Updated 23/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Jeff - JEFF

# Running from : C:\Documents and Settings\Jeff\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [842 octets] - [28/09/2013 11:10:55]

AdwCleaner[R1].txt - [1048 octets] - [31/10/2013 11:14:29]

AdwCleaner[R2].txt - [1109 octets] - [01/11/2013 06:32:19]

AdwCleaner[R3].txt - [10945 octets] - [02/11/2013 08:35:42]

AdwCleaner[R4].txt - [1488 octets] - [21/12/2013 10:20:46]

AdwCleaner[R5].txt - [1343 octets] - [21/12/2013 10:28:29]

AdwCleaner[R6].txt - [1668 octets] - [23/12/2013 09:01:22]

AdwCleaner[R7].txt - [1728 octets] - [28/12/2013 11:32:13]

AdwCleaner[S0].txt - [908 octets] - [28/09/2013 11:11:48]

AdwCleaner[S1].txt - [1179 octets] - [01/11/2013 06:33:09]

AdwCleaner[S2].txt - [11107 octets] - [02/11/2013 08:36:28]

AdwCleaner[S3].txt - [1553 octets] - [21/12/2013 10:24:47]

AdwCleaner[S4].txt - [1653 octets] - [28/12/2013 11:33:05]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1713 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Microsoft Windows XP x86

Ran by Jeff on Sat 12/28/2013 at 11:40:35.31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 12/28/2013 at 11:44:08.06

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Thanks

 

[jeffce]

Silly question but have you just tried to uninstall it from the Add/Remove Programs??

[vdicaprio]

Jeff

 

When I select Level Quality Watcher in the add/remove programs there is not "remove" button to uninstall it and if I selected and hit the remove/change button in the upper left hand corner nothing happens.

 

Vdicaprio

[jeffce]

Ok good.....it is just a "dead" icon then.....I will be right back. 

[jeffce]

Go to the page here >> http://support.micro...l_and_uninstall

 

On the MS FixIt icon press the Run Now button and follow all directions.  Once complete, check and see if it is still in the Add/Remove Programs list. 

 

Let me know what happens. 

[vdicaprio]

Jeff

 

It is removed. 

 

thakns

[jeffce]

Good! 
 
Let's check for anything else hiding in there. 
 
Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 
ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

----------

[vdicaprio]

Jeff

 

Below are the log files.  Malwarebytes didnt find anything and the Eset scan listed 26 potential threats but most of them were in adwcleaner/quarantine.

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.30.06

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Jeff :: JEFF [administrator]

 

12/30/2013 1:52:27 PM

mbam-log-2013-12-30 (13-52-27).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233103

Time elapsed: 5 minute(s), 47 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\ChromeModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\FirefoxModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\InternetExplorerModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Application Data\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Local Settings\Application Data\SweetPacks\ldrtbSwee.dll.vir a variant of Win32/Toolbar.Conduit.P application

C:\AdwCleaner\Quarantine\C\Documents and Settings\Jeff\Local Settings\Application Data\SweetPacks\tbSwee.dll.vir a variant of Win32/Toolbar.Conduit.B application

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\ChromeModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\FirefoxModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\InternetExplorerModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D application

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application

C:\AdwCleaner\Quarantine\C\Program Files\SweetPacks\ldrtbSwee.dll.vir a variant of Win32/Toolbar.Conduit.P application

C:\AdwCleaner\Quarantine\C\Program Files\SweetPacks\tbSwee.dll.vir a variant of Win32/Toolbar.Conduit.B application

C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\update.exe.vir a variant of Win32/Wajam.D application

C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\WajamUpdaterV3.exe.vir Win32/Wajam.D application

C:\AdwCleaner\Quarantine\C\WINDOWS\system32\dmwu.exe.vir a variant of Win32/Toolbar.Perion.G application

C:\AdwCleaner\Quarantine\C\WINDOWS\system32\ARFC\wrtc.exe.vir a variant of Win32/Toolbar.Perion.G application

C:\Documents and Settings\Jeff\Desktop\javara-setup.exe Win32/DownloadAdmin.G application

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP493\A0043689.msi multiple threats

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP507\A0044334.old Win32/AdWare.Adpeak.B application

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP514\A0044648.msi a variant of Win32/AdWare.Adpeak.B application

 

things seem to be better.

 

thanks

[jeffce]

Good.  You are correct....those entries found by ESET were either quarantined or in a restore point that will be fixed when we remove our tools.
 
Please open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste

del "C:\Documents and Settings\Jeff\Desktop\javara-setup.exe"

Press Enter (you won't actually see anything happen)
Close the Command Prompt window.
 
What are your remaining malware related problems?

[vdicaprio]

jeff

 

I deleted the javara-setup.exe file as you recommended.

 

Everything seems to be back to "normal".  I don't  believe that there are any other malware issues.

 

Thanks