Virus Troubles - Am I virus free?

[JuliusCaesar]

My system is clean, I am very impressed by Comodo.

 

[Bobbye]

A firewall is not going to clean your system.

Here is some information about firewalls to help you understand what they do:

You should have a bi-directional firewall:
(The Windows firewall only listens at incoming ports)
A firewall is an important part of "layered security" in addition to an antivirus and anti-malware program for spyware/adware.

• It can be a software program (Windows firewall, Comodo firewall, Zone Alarm firewall)
• or hardware (as in a router) that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
• If you have a bi-directional firewall, it will 'listen' at both the ports coming in and the ports going out. The means that if malware does get on the system and tries to access the internet from within your system, it will be blocked.

For additional information about firewalls, please read the information Firewall Forensic- What am I seeing?

If you would like me to review the system for remaining malware, please attach the log from Malwarebytes and Superantispyware. Rescan with HJT and paste in new log.

Thanks you for the new ComboFix uninstall switch kritius.

 

[JuliusCaesar]

Hi, I MBAM came up clean, as did Super Anti Spyware. The HJT is attached.

 

[Bobbye]

Please reopen HijackThis to 'do system scan only'. Check the following, if present:
O2 - BHO: (no name) - {2fc01d2a-bd29-44b0-bb3a-5b8b45054743} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Close all open Windows except HijackThis and click on "Fix Checked."

Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities. You are running an old version.

NOTES:
I want to be sure you're aware that you have remote connections loading:
G2AWinLogon.dll
Command: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
Description: Added by the GoToAssist remote support software.
and
C:\Program Files\LogMeIn\x86\LogMeIn.exe
Description: RemotelyAnywhere is a remote administration and remote control applications for Windows.
File Location: C:\Program Files\LogMeIn\x86\LogMeIn.exe

This is legitimate. But think about it- you have processes running for remote assistance, but here you are on this forum which does not require you to run any remote process! But my suggestion for remote entries is don't load them unless you're using them. It's a safety issue.

I suggest you take ALL HP processes off of Startup. You don't need any of them loading on boot- you're putting the HP Digital Imaging software on. It runs in the background the entire time the system is up. Do you use it all day, every day? Examples:
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

HP also puts numerous unnecessary 'up-daters' on Startup. That means that each one is going to be accessing the internet every day, likely numerous times a day, looking for an update. you don't need them running. Examples:
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

Dell also preloads many processes. Many users don't realize they're running and most don't use them. Not only can you stop them from starting up, but you can uninstall them is they're not being used.
Examples:
C:\Program Files\BAE\BAE.dll
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

All of the above processes are legitimate. All of them use system resources. If they start on boot, they run in the background. None of them need to- you can launch from All Programs as needed or uninstall if not used at all.
-----------------------------------
I'd like you to do an online virus scan.

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

If the scan is clean, I'll have you remove the cleaning tools and old restore points. I will also give you some pointers to keep the system clean.

 

[JuliusCaesar]

I ran the scanner, no threats found. I also removed the two things you suggested, and disabled LogMeIn, not sure how to disable the other remote connection. I also do not know how to take the HP stuff off of startup, I don't use HP products, just their printer. I do not know if uninstalling it would affect the printer at all. I do not know how to start the Dell processes from starting. I also updated Adobe.

 

[Bobbye]

I have always used HP peripherals and they have all had the 'junk'1 IT can all be stopped and it won't affect the printer. I see most people with the printer/scanner/etc. on startup. Most don't realize that all that need to be done when use is needed is to use the print function in File!

To remove:
Click on Strt> Run> type in msconfig> enter> Selective Startup> Startup tab> UNCHECK:

All HP Digital Imaging entries: All Smart Web Printing entries
hpqtra08.exe
hpqSTE08.exe
hpqbam08.exe
hpqgpc01.exe
hpswp_printenhancer
HPWuSchd2.exe (GP updater)

All LogMEIn processes:
RaMaint.exe
LogMeIn.exe
LMIGuardian.exe
LogMeInSystray.exe

Dell Processes:
DMXLauncher.exe
DSAgnt.exe
( (If you don't use these at all, Dell Support and Dell Media Launcher, you can uninstall them in Add/Remove Programs.
Disable the Service: Start> Run> type in services.msc> double click on DSBrokerService (brkrsvc)

When you have finished unchecking on Startup> click on Apply> OK.

Reboot the computer. NOTE: Ignore the nag message and close it after checking 'don't show this message again'. Stay in Selective Startup.

Remove all of the tools we used and the files and folders they created

• DownloadOTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.


You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Let me know if I can be of further help.

 

[JuliusCaesar]

I did everything, thank you very much for your help.

 

[Bobbye]

You're welcome. Here are some pointers for security:

Be sure to empty the Recycle Bin

Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

System Restore Guide

2.Stay current on updates:

• Visit the Microsoft Download Sitefrequently.
  You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP1
• Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
• Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

4.Remove Temporary Internet Files regularly: Use

• ATF Cleaner by Atribune or
• TFC

5. Use an AntiVirus Software(only one)

• This can save you a lot of trouble with malware in the future.It should be kept updated and useed to scan regularly.
• See This link for a listing of some online & their stand-alone antivirus programs:
  Virus, Spyware, and Malware Protection and Removal Resources

6.Use a good, bi-directional firewall(one software firewall)
[*]See Understanding and Using Firewalls including links to download a firewall.

7.Consider these programs for Extra Security

• Spywareblaster:
• SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
• IE/Spyad
• This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
• Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. Help and support is only given in the forums but you can send a PM to me and bring my attention
back to the thread.