script errors pop ups, viruses, plzs help 11 replies

  • 1
  • 2

Please wait...

Andrew0853

don't be scared, touch it

50 XP

30th January 2006

0 Uploads

38 Posts

0 Threads

#1 12 years ago

nortan keeps telling me that i have a viruses at c/windows/system32/winwim32.dll also i keep getting scrpit errors coming from documents and settings/andrew/temp"various files" i have dleted these once but now there back, nortan tell me the viruse was unable to be repaired th it says access is denied, i even tried to delet it in safe mode i don't know what to do heres my hijack log file any help is greatly appericiated. Logfile of HijackThis v1.99.1 Scan saved at 4:45:17 PM, on 7/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\ICROSO~1\POOLSV~1.EXE C:\WINDOWS\system32\MsPMSPSv.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\PROGRA~1\STEM32~1\javaw.exe C:\WINDOWS\TEMP\win47.tmp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dll (file missing) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vxclci] c:\windows\system32\vxclci.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Vilev] C:\WINDOWS\ICROSO~1\POOLSV~1.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\nopdb.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




groddy VIP Member

The Real Forums Old Skool

50 XP

12th April 2002

0 Uploads

5,781 Posts

0 Threads

#2 12 years ago

:moved: to tech discussion




MassKiller

no..your a nooB

50 XP

18th July 2006

0 Uploads

144 Posts

0 Threads

#3 12 years ago

get a diff virus protection (i had bad problems with norton) and start up in safe mode and run a scan




Andrew0853

don't be scared, touch it

50 XP

30th January 2006

0 Uploads

38 Posts

0 Threads

#4 12 years ago

any redcomandatin for the new virus protection? anything else u can recomend cuz the pop up litterally comes up every 30 sreconds




Shintsu

For the glory of Helghan

50 XP

9th April 2005

0 Uploads

12,926 Posts

0 Threads

#5 12 years ago

Try Avast!, its pretty good and free. Theres also a browser based virus scan that I think is pretty good but I don't remember what it's called.




MassKiller

no..your a nooB

50 XP

18th July 2006

0 Uploads

144 Posts

0 Threads

#6 12 years ago

pretty much any virus protection will give u a free web based scan




Logi

-Analytical+

50 XP

12th January 2005

0 Uploads

620 Posts

0 Threads

#7 12 years ago

bah, norton hasnt given me any probs and kept me virus free for 5 years now, and ive scanned for various other viruses with other progs and nottin :P. have u tryed going to the site for help? it should come up with a link on the virus and how to remove itwhen ur tryin to remove it make sure ur not online, unplug ur lan, once u print out the instructions or wat not, cuz whos knows wats in ur computer right now so its a good idea to cut your comp off the net. just in case




MassKiller

no..your a nooB

50 XP

18th July 2006

0 Uploads

144 Posts

0 Threads

#8 12 years ago

i use mcAfee.its a good virus protection and firewall.Norton just didnt work that great. just my opion




Homer Gonerson

...

50 XP

22nd December 2003

0 Uploads

6,234 Posts

0 Threads

#9 12 years ago

Your HiJack This! logfile is clean, if you want to see it, go here http://hjt.networktechs.com/parse.php?log=240951

I had problems with Norton 2004 and WinXP SP2, Windows wouldn't allow it to run, it'd crash on startup every time.




Andrew0853

don't be scared, touch it

50 XP

30th January 2006

0 Uploads

38 Posts

0 Threads

#10 12 years ago

thansk for the advice i got help from http://www.bullguard.com/forum someoen gave me some directions took about 3 hour to complete (2 of them the scan) they seem pretty genaric so anyone can clean thewre computer with them USE THESE AT UR OWN RISK I AM NOT RESPONCIBLE I AM STUPID Hi, 1.Download Pocket Killbox. http://www.atribune.org/downloads/KillBox.exe *Select the "Delete on Reboot" option. *Select "All Files" *Copy the file names below to the clipboard by highlighting them and pressing Control-C: C:\WINDOWS\SYSTEM32\winwim32.dll C:\WINDOWS\system32\nopdb.dll c:\windows\system32\vxclci.exe *Return to Killbox, go to the File menu, and choose "Paste from Clipboard". *Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If the computer doesn't restart, just restart manually.

2. Go to Control Panel, Add/Remove programs and uninstall any programs by OIN If you do not see any icon for "OIN" or "(program) by OIN" in Add/Remove Programs, please download their stand-alone uninstaller. http://www.outerinfo.com/OiUninstaller.exe.

3. Please download SmitfraudFix: http://siri.geekstogo.com/SmitfraudFix.php Extract the content (a folder named SmitfraudFix) to your Desktop. Next, please reboot your computer in Safe Mode by rebooting the computer, and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from the options listed. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt 4. Please, download ewido anti-spyware http://www.ewido.net/en/download/ and save that file to your desktop. This is a 30 day trial of the program 1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. 2. Once the setup is complete you will need run ewido and update the definition files. 3. On the main screen select the icon "Update" then select the "Update now" link. *Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. 4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. 5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". 6. Under "Reports" *Select "Automatically generate report after every scan" *Un-Select "Only if threats were found" Close ewido anti-spyware, Do Not run a scan just yet. * Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess: * Launch ewido-anti-spyware by double-clicking the icon on your desktop. * Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". * Ewido will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: * If you have any infections you will prompted, then select "Apply all actions" * Next select the "Reports" icon at the top. * Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). * Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan. 5. ATF Cleaner by Atribune. http://www.atribune.org/ccount/click.php?id=1 Reboot your computer into Safe Mode. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.

Finally run hijackthis and fix these entries(if still present): O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dll (file missing) O4 - HKLM\..\Run: [vxclci] c:\windows\system32\vxclci.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKCU\..\Run: [Vilev] C:\WINDOWS\ICROSO~1\POOLSV~1.EXE O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\STEM32~1\javaw.exe" -vt yax O20 - AppInit_DLLs: C:\WINDOWS\system32\nopdb.dll O20 - Winlogon Notify: winwim32 - C:\WINDOWS\SYSTEM32\winwim32.dll Post a new hiijackthis log.




  • 1
  • 2