Can someone please check my logs?

[jacobjack001]

I went through all of the steps. Can please someone check my logs? Thankyou! Also, I was wondering, does AVG generally update every day? Mine used to not, but recently has been finding new updates every day. When I scanned with AVG, it did not find any virus. Then I ran Malwarebytes. Malwarebytes found a virus in the system32 folder called "avgrsstx.dll". Malwarebytes said it was not able to delete it, but it said that it would delete it on the reboot, so I rebooted the computer. Then I uninstalled AVG, downloaded it again from the AVG website, and reinstalled it. Then I did the 8 steps. For step 1, I scanned with AVG and Avira. Please check the logs for me (I attached the Malwarebytes log that found the virus [the Malwarebytes scan prior to me doing the 8 steps]). The SuperAntiSpyware log and the Hijack log is from the 8 steps. Once I finished the 8 steps, I opened Malwarebytes and went to Quarantine, and found that "avgrsstx.dll" was in there, so I clicked on it and pressed delete. It then was removed from that screen. If someone could check my logs it would be greatly appreciated. Thanks for your help.

 

[Bobbye]

FYI: This is a legitimate entry and need to run at startup:

avgrsstx.dll
Command: avgrsstx.dll
Description: Related to the AVG Free antivirus software.

does AVG generally update every day

Usually

Mbam show a Vundo malware entry. DId you reboot?
SAS is clean.

Update Java:

Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 11 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.

Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Also have HijackThis stop these processes:

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:

Start> Run> services.msc> right click on the Viewpoint Service> Properties>Change startup type to Disabled> Stop the Service.

Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK everything EXCEPT the AVG processes> Apply> OK> Reboot.
(the above includes unchecking Malwarebytes and SuperAntispyware also)

Reboot the computer into Normal mode.
NOTE: When you reboot you will get a nag message-you can ignore it after checking ;don't show this message again'> Close. Stay in Selective Startup.

Please run another scan with HijackThis and attach the log.

Run a scan with AVG and attach it to the next post. I may have you run a Vundo fix depending on what's found.

 

[jacobjack001]

yes, I rebooted to get rid of the virus (after malwarebytes did the scan),,,i did everything else you said...i dont understand what you want me to attach to the post from AVG? i scanned it and no viruses were found with AVG...does it look/sound like the system is clean now? thanks for all your help

 

[Bobbye]

I inadvertently had you remove that first R1 entry, so you will need to reset that page. Did you check any of these for HijackThis tor emove?

Quote:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Boot into Safe Mode: Start> Run> services.msc> right click on viewpoint Manager> Properties> Set Startup type to Disabled> Stop the Service>

Reboot into Normal Mode. I would be more comfortable if you updated an scanned with Malwarebytes once more. Attach that log, skip the AVG log.

 

[jacobjack001]

How do I reset that R1 entry page? Yes, I cheecked and put remove on those things listed. I did go into safe mode to do what you said for Viewpoint Manager, but it was already done. It was already on Disabled > Service Stopped. Okay, I will scan once more with Malwarebytes and attach the log. Once again, how do I bring back the one that you accidentally had me remove? Thanks.

 

[jacobjack001]

here is the malwarebytes log from today...

 

[Bobbye]

Good, Mbam is clean. Just reset the home page you want. The entry was okay, I just didn't remove it from the ones I pasted in for you to remove.

Can't figure out why I still see the Viewpoint Service running. You don't show the program installed or running. Just go to Add/remove Programs in the Control Panel and uninstall Viewpoint entry.

Make sure AVG is up and running okay. If the system is running well at this time, we can remove the cleaning tools:

* Download OTCleanIt

http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

Clear your existing System Restore points and establish a new clean restore point:

:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
* Next, go to Start > Run and type in cleanmgr
"Ensure the selection is on C:\ and click on OK"-
* Select the *More options* tab
* Choose the option to clean up System Restore and OK it.
* This will remove all restore points except the new one you just created.

Let us know if we can be of further help.

 

[jacobjack001]

will do. thanks...just wondering, what is the purpose of deleting all previous restore points and making a new one? i understand that i want to make a new one because i just cleaned the system and stuff.