After many hours I now have completed logs

[aquafocus]

Good morning,
I've been asked by my boss to remove all infections off his HP Pavilion dv8000 laptop.

He was experienceing IE redirection as well pop ups that appeared to be system messages telling him to buy a virus checker.

I had problems going through the 8 step process as the laptop wouldn't allow me to install some of the software - you would double click on it and nothing would happen.

All of the software was eventualy installed and updated using my wireless network and after a few days and a few scans the only files that were detected were MS Juan and MS Track System which would be deleted and then appear to re-create themselves.

I connected the machine to the internet to update all of the software and ran another scan and the log files are atttched. While connected to the internet I didn't open any browser and none popped up.

Please help me as this needs to go back to him tomorrow all cleaned up and ready to use and I'm at my wits ends.

Many Thanks

 

[mflynn]

Hi aquafocus

I know it must have been a job. Looks like you did a good job,

OK so when this happens again remember that these things come of in layers. Once you remove some it may uncover others that were hidden on the first run.

That may be what you have here. You show many removals/deletions of Malware So you must run again until the log comes up clean. I think 1 run each with MBAM and SAS will do it but check the logs.

UPDATE every time before running and post each log.

But run these 4 steps first before running MBAM and SAS.

Run CCleaner again on both Temp and Registry twice or more until they come up clean.
--------------------------------------------------------------------------------------------------------
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html

--------------------------------------------------------------------------------------------------------
D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
--------------------------------------------------------------------------------------------------------
Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html

This program is very specific and it runs almost instanly "IF" it finds nothing.

Mike

 

[aquafocus]

Thanks for taking time to write such a thorough and descriptive reply Mike.

I can't get to the laptop until tonight but can assure you that I'll be doing nothing else as this needs fixing tonight.

I'll post up my results / logs.

Thanks again.

 

[mflynn]

10-4

Mike

 

[aquafocus]

I've run the 4 step procedure that you recommended and have updated MBAM, SAS and AVIR.

Currently doing a full scan and hopefully will get a positive result. I'll post the logs.

 

[aquafocus]

So far so bad. Avira scan has finished and detected 6 threats (log file attatched) and SAS has currently found 'adware.vundo variant' but it still running.

Please, any help is greatly appreciated as I don't think I'm going to get any sleep tonight until this is done.

 

[mflynn]

You may consider it bad. But I consider it good that you are finding them.

Mike

 

[aquafocus]

Sorry for the negative spin Mike. It's just that this is really starting to get to me.

All scans have been updated and logs / reports are attatched.

On a positive note MS Juan and MS System Tracker have no longer been detected by MBAM.

 

[mflynn]

Great Job

Run HJT Scan only Select and remove the following.
O2 - BHO: (no name) - {EE1ABAB2-A772-4F1B-9B7E-D0C8CA9A506C} - C:\WINDOWS\system32\mlJAronk.dll (file missing)

I believe you are ok but based on the entry above lets cover a couple more bases.
----------------------------------------------------------------------------------------------------------------------
D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.

----------------------------------------------------------------------------------------------------------------------
ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike

 

[aquafocus]

All steps have been completed as per your advice and I have attatched the combofix log and HJT log.

Can I now change the system configuration utility to 'normal startup'?

 

[aquafocus]

Mike you are truly fantastic!

The laptop has just finished an AVIR and SAS scan and come up clean (MBAM was clean on the last scan). There is no way at all I could of done this so thank you very much for such detailed and patient help.

 

[mflynn]

Great! You did it!

But lets do another Combofix as it had found and cleaned items. I just want to see a clean log.

Then we will begin the thread closing by cleaning up the toools etc.

Mike