also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

Can someone please check my log

Discussion in 'Virus and Malware Removal' started by hchu00, Jul 14, 2008.

Thread Status:
Not open for further replies.

  1. hchu00 Newcomer, in training

    For some reason today it didnt load some pages and it would freeze when I sign in to my email. loading my homepage was find but i couldn't go on facebook, and some other sites i usually go to.



    Thank You
    hchu00, Jul 14, 2008
    #1

  2. Blind Dragon Newcomer, in training

    We need to get rid of one of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

    Code:
    @echo off
sc stop Viewpoint Manager Service
sc delete Viewpoint Manager Service
del service.cmd and exit

    Save it to your desktop as File name: service.cmd
    Save as type: All Files

    Once done, double click service.cmd to run it. A command window will open briefly, then close. This is quite normal.

    Go to add/remove programs and uninstall Viewpoint

    Then navigate to and delete C:\program files\Viewpoint

    ------------------------------------------------------------------------------------

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: (no name) - {5F505979-B759-4A89-B9E0-3C2A17C68D76} - C:\WINDOWS\system32\rqRKBTkK.dll
      O2 - BHO: (no name) - {C1D0A6B1-6D9B-4BEF-979D-E86A42056690} - C:\WINDOWS\system32\xxyxYQJY.dll
      O2 - BHO: {a9f86cf9-84df-efea-9fa4-b18f19ee924e} - {e429ee91-f81b-4af9-aefe-fd489fc68f9a} - C:\WINDOWS\system32\iruqfr.dll
      O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
      O4 - HKLM\..\Run: [e85e6f77] rundll32.exe "C:\WINDOWS\system32\jtdyfjcj.dll",b
      O4 - HKLM\..\Run: [BMeb6d5ceb] Rundll32.exe "C:\WINDOWS\system32\ivjbpcul.dll",s
      O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
      O20 - Winlogon Notify: rqRKBTkK - C:\WINDOWS\SYSTEM32\rqRKBTkK.dll
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    --------------------------------------------------------------------------------------

    OTMoveit2 by OldTimer
    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b]C:\WINDOWS\system32\rqRKBTkK.dll
C:\WINDOWS\system32\xxyxYQJY.dll
C:\WINDOWS\system32\iruqfr.dll
C:\WINDOWS\system32\jtdyfjcj.dll
C:\WINDOWS\system32\ivjbpcul.dll
C:\Program Files\xInsIDE
C:\WINDOWS\SYSTEM32\rqRKBTkK.dll[/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    --------------------------------------------------------------------------------------
    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please attach the C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    -------------------------------------------------------------------------

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    ---------------------------------------------------------------------------

    Run another scan with Hijackthis and attach it here along with:

    1) OTMoveit2! log
    2) Vundofix log
    3) MBAM log
    4) The new hjt log
    Blind Dragon, Jul 14, 2008
    #2

  3. hchu00 Newcomer, in training

    I followed all the instructions that was listed. One more thing, when my computer starts up i receive and error.

    Error loading C:\Windows\system32\masxabtx.dll
    The specified module couldn't be found.

    Heres my logs.



    Thank You
    hchu00, Jul 15, 2008
    #3

  4. Blind Dragon Newcomer, in training

    Disable Norton AntiVirus Script Blocking feature by:

    1. Right-mouse click the Norton AntiVirus icon in the system tray.

    2. Select Norton AntiVirus Options.

    3. Under System, click Script Blocking.

    4. Make sure Enable Script Blocking option is de-selected.

    5. Click OK.

    -----------------------------------------------------------------------------

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
    Blind Dragon, Jul 15, 2008
    #4

  5. hchu00 Newcomer, in training

    For the disabling the norton antivirus script I could't find the box.
    I posted the two logs. THank you
    hchu00, Jul 15, 2008
    #5
Thread Status:
Not open for further replies.