winutls.js error XP

[lidl]

I get this message after turning my xp on:

http://img525.imageshack.us/img525/6730/errorve.png

Translation:
title: Host of script of Windows XP.
Skrypt: script
Wiersz: line
Znak: character
Błąd (...): error: Automatization server cannot create an object.
Kod: code
Źródło (...): Source: MJS - error of executing time

 

[User0one]

Run the file cleaner ccleaner, that will clear out junk from temp Folders.

The internet doesn't have much info on winutls.js. So I would suspect a Virus problem.

 

[johnb35]

As the other user has said running ccleaner will get rid othat problem. However, lets go deeper and see if your system is still infected.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[lidl]

Malwarebytes' Anti-Malware didn't help.

Malwarebytes' Anti-Malware's log's clean.

HijackThis's log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:03:31, on 2011-01-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\brsvc01a.exe
F:\WINDOWS\system32\brss01a.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\DU Meter\DUMeterSvc.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
F:\Program Files\Brother\ControlCenter2\brctrcen.exe
F:\WINDOWS\system32\RunDll32.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\WhatPulse\WhatPulse.exe
F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
F:\Documents and Settings\jacek\Local Settings\Apps\F.lux\flux.exe
F:\Program Files\DU Meter\DUMeter.exe
F:\Program Files\DAEMON Tools Lite\DTLite.exe
F:\Program Files\RayV\RayV\RayV.exe
F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
F:\Program Files\Opera\opera.exe
F:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
F:\Program Files\Common Files\Java\Java Update\jucheck.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Documents and Settings\jacek\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newversionchecker.com/?redr=www.easiestutils.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 209.85.137.125 gmail.com
O2 - BHO: gwprimawega - {08c5e1b8-74cc-7668-8276-11b665178907} - F:\WINDOWS\system32\-7sud87-9xJ-5.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - F:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - F:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll (file missing)
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] F:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "F:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] F:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [winutils] wscript "F:\DOCUME~1\jacek\USTAWI~1\Temp\winutils.js"
O4 - HKCU\..\Run: [WhatPulse] F:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Steam] "F:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MailBlocker] F:\DOCUME~1\jacek\USTAWI~1\Temp\b.exe
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\jacek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [F.lux] "F:\Documents and Settings\jacek\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [DU Meter] F:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ALLUpdate] "F:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RayV] F:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: neostrada.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = F:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: Freenet Tray.lnk = C:\Freenet\bin\freenettray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1230742021938
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - F:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Freenet background service (freenet) - Unknown owner - C:\Freenet\bin\wrapper-windows-x86-32.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 10029 bytes

 

[johnb35]

Wow, took you 5 months to reply. I still would like to see the malwarebytes log please to make sure you were using the latest version of it, so if you would post the log it would be appreciated.

Also you need to perform the following procedure. Uninstall AVG 8 before proceding and we will install a better program afterwards. Combofix will not run with AVG installed.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://www.bleepingcomputer.com/download/anti-virus/combofix
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running