Newbie plz help

The computer is running windows me. Adaware couldn't delete the following: ad rotator(8objects), server logic hyperlinker (2objects), IBIS toolbar (2objects), clear search (2objects), claria (22objects), second thought (3objects), 180solutions (1object), DSS agent (1object), VX2 (2objects), and search squire (1object).
Also they are all buried within restore\temp. I tried running spybot search and destroy but it would not respond, neither would regedit and other spyware software.
It also has the following viruses according to AVG: trojan horse startpage 14.bp, trojan horse backdoor agent 7aq, trojan horse backdoor agent 2ay, trojan horse backdoor small 14am, trojan horse startpage 7am, trojan horse downloader generic CFF, trojan horse second thought b, and trojan horse backdoor ruledor c.
Any suggestions or anything else you may need to know?
PS I cannot connect to the internet yet because phone lines are down.

 

Welcome to MajorGeeks.com, please follow the steps below:

It is essential that you follow as many of the steps below as possible. However, if the only place these are being detected is in System Restore. Then disable System Restore to flush all your restore points then enable it again to create a fresh restore point for your computer.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

Not much accomplished

I downloaded the software on a CD-RW, since the computer doesn't have internet. I did try to install AOL, but it stated "Lucent Tech Soft Modem AMR on Com.3 has no dial tone."
Here is what happened:
1. Microsoft windows malicious software said, "linked to missing export ntdll.dll: Ntshutdownsystem"
2. Adaware found the same files as written before. For example c:\_Restore\Temp\A0069639.0.
3. Spybot search and destroy failed to work because I need to install detection updates first by using the integrated update or the manual updater?
4. Windows script host popped up while downloading counterspy, which said windows\temp\{0AD5AD99-6172-4385-385FBE3A1013}\killRunning.vbs. The error message read "object doesn't support properly 'wscript.arguments.named' with a code of 800A01B6. Then when I ran counterspy it said, "installation has an incorrect resource dll."

I did change to a normal setup rather than selective startup, which caused the message "attune_ce caused an error in MSVcrt.dll."

 

Both Ad-Aware and Spybot can be updated manually. I a HijackTHis log at a minimum. Do as much as you can and post your logs.

 

HijackThis report

The previous report lacked the hijackthisreport, sorry
Also disregard the shortened form because as mentioned I cannot print anything or use the internet with that computer.

~ INCOMPLETE HJT LOG REMOVED ~ SPD

 

Updated

I downloaded updates for spybot, adaware, and AVG. Spybot found 22 problems, but could not remove the following Program Files\TimeSink, and Hkey_local_machine\software\classes\cl. As a result the HijackThis reads the same except less 04-HKLM\..\Run:[TimeSinkAdClient], 04-HKLM\..\Run:[Slmss], 04-StartupateManager.ink, and 04-StartuprecisionTime.ink. I plan on running adaware and AVG later to see if the updates help.

 

I need the entire log, not portions of it. You can save the log to your computer than copy it to a disk and post it as an attachment from another computer.

 

Newest HijackThis log

~ INLINE HJT LOG ATTACHED ~ SPD

 

Do not copy and paste logs into your posts. Always attach them.

Download
- Pocket Killbox

Scan with HijackTHis and fix teh following lines:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log as an attachment.

 

Final HijackThis Log?

I plan on reinstalling the printer, and trying the internet connection. I will report back if any problems arise.

Thanks

 

Your log is clean.

Let me know if the internet connection is still broke.

 

Thanks but still have problems

The printer says, "communication not available," and the internet connection took too long so it failed to connect. Also I noticed the following: the printer port is listed as virtual printer port for USB, and the USB composite under my computer devices has a green ?. Lastly, AVG antivirus still finds the following: Trojan Horse Dropper Agent.WJ, Trojan Horse BackDoor Agent.7AQ, Trojan Horse BackDoor Agent.2AY, and 5 more Trojan Horse Dropper Agent.WJ. Should I do a system retore?

 

System Restore will just bring back the infections we cleaned.

Post the AVG log, so I can see what it is finding.

Your Winsock may be broken. Run Winsock Fix XP to repair the winsock.

We'll deal with the printer issue after everything else looks good.

 

AVG virus scan as requested

Partition table (MBR) ok Quick checked
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\command
Scanned
System registry WordPad.Document.1\shell\open\command Scanned
System registry inffile\shell\open\command Scanned
System registry vbsfile\shell\open\command Scanned
System registry vbefile\shell\open\command Scanned
C:\PROGRA~1\ACCESS~1\WORDPAD.EXE ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgamsvr.exe ok
Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgcc.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgemc.exe ok Quick checked
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE ok Quick checked
C:\Program Files\Lexmark 3300 Series\lxccmon.EXE ok
Quick checked
C:\Program Files\Lexmark Fax Solutions\fm3032.exe ok
Quick checked
C:\Program Files\Microsoft Money\System\Money Express.exe ok Quick checked
C:\Program Files\Real\RealPlayer\realplay.exe ok Quick checked
C:\WINDOWS\LTSMMSG.EXE ok Quick checked
C:\WINDOWS\NOTEPAD.EXE ok Quick checked
C:\WINDOWS\PCHealth\Support\PCHSCHD.EXE ok Quick checked
C:\WINDOWS\RUNDLL32.EXE ok Quick checked
C:\WINDOWS\SYSTEM\MSHTA.EXE ok Quick checked
C:\WINDOWS\SYSTEM\MSTASK.EXE ok Quick checked
C:\WINDOWS\SYSTEM\SHELL32.DLL ok Quick checked
C:\WINDOWS\SYSTEM\SHIMGVW.DLL ok Quick checked
C:\WINDOWS\SYSTEM\STIMON.EXE ok Quick checked
C:\WINDOWS\SYSTEM\SYSTRAY.EXE ok Quick checked
C:\WINDOWS\SYSTEM\lxcctime.dll ok Quick checked
C:\WINDOWS\System\Restore\STATEMGR.EXE ok Quick checked
C:\WINDOWS\TASKMON.EXE ok Quick checked
C:\WINDOWS\WSCRIPT.EXE ok Quick checked
c:\Program Files\Microsoft Office\Office\WINWORD.EXE ok Quick checked
C:\WINDOWS\SYSTEM\kernel32.dll ok Quick checked
C:\WINDOWS\SYSTEM\wsock32.dll ok Quick checked
C:\WINDOWS\SYSTEM\user32.dll ok Quick checked
C:\WINDOWS\SYSTEM\shell32.dll ok Quick checked
C:\_RESTORE\TEMP\A0108398.CPY Trojan horse Dropper.Agent.WJ Infected
C:\_RESTORE\TEMP\A0096476.CPY Trojan horse BackDoor.Agent.7.AQ Infected
C:\_RESTORE\TEMP\A0096478.CPY Trojan horse BackDoor.Agent.2.AY Infected
C:\_RESTORE\TEMP\A0101482.CPY Trojan horse Dropper.Agent.WJ Infected
C:\_RESTORE\TEMP\A0101483.CPY Trojan horse Dropper.Agent.WJ Infected
C:\_RESTORE\TEMP\A0101486.CPY Trojan horse Dropper.Agent.WJ Infected
C:\_RESTORE\TEMP\A0101493.CPY Trojan horse Dropper.Agent.WJ Infected
C:\_RESTORE\TEMP\A0101528.CPY Trojan horse Dropper.Agent.WJ Infected
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load Scanned
System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Run Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServices Scanned
System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Scanned
System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit Scanned
System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Scanned
System registry exefile\shell\open\command Scanned
System registry scrfile\shell\open\command Scanned
System registry scrfile\shell\config\command Scanned
System registry batfile\shell\open\command Scanned
System registry cmdfile\shell\open\command Scanned
System registry comfile\shell\open\command Scanned
System registry piffile\shell\open\command Scanned
System registry giffile\shell\open\command Scanned
System registry htmlfile\shell\open\command Scanned
System registry htafile\shell\open\command Scanned
System registry jpegfile\shell\open\command Scanned
System registry txtfile\shell\open\command Scanned
System registry regfile\shell\open\command Scanned
System registry cplfile\shell\cplopen\command Scanned
System registry Word.Document.8\shell\open\comma
Scanned
System registry WordPad.Document.1\shell\open\command Scanned
System registry inffile\shell\open\command Scanned
System registry vbsfile\shell\open\command Scanned
System registry vbefile\shell\open\command Scanned
C:\PROGRA~1\ACCESS~1\WORDPAD.EXE ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgamsvr.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgcc.exe ok Quick checked
C:\PROGRA~1\GRISOFT\AVGFRE~1\avgemc.exe ok Quick checked
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE ok Quick checked
C:\Program Files\Lexmark 3300 Series\lxccmon.EXE ok Quick checked
C:\Program Files\Lexmark Fax Solutions\fm3032.exe ok Quick checked
C:\Program Files\Microsoft Money\System\Money Express.exe ok Quick checked
C:\Program Files\Real\RealPlayer\realplay.exe ok Quick checked
C:\WINDOWS\LTSMMSG.EXE ok Quick checked
C:\WINDOWS\NOTEPAD.EXE ok Quick checked
C:\WINDOWS\PCHealth\Support\PCHSCHD.EXE ok Quick checked
C:\WINDOWS\RUNDLL32.EXE ok Quick checked
C:\WINDOWS\SYSTEM\MSHTA.EXE ok Quick checked
C:\WINDOWS\SYSTEM\MSTASK.EXE ok Quick checked
C:\WINDOWS\SYSTEM\SHELL32.DLL ok Quick checked
C:\WINDOWS\SYSTEM\SHIMGVW.DLL ok Quick checked
C:\WINDOWS\SYSTEM\STIMON.EXE ok Quick checked
C:\WINDOWS\SYSTEM\SYSTRAY.EXE ok Quick checked
C:\WINDOWS\SYSTEM\lxcctime.dll ok Quick checked
C:\WINDOWS\System\Restore\STATEMGR.EXE ok Quick checked
C:\WINDOWS\TASKMON.EXE ok Quick checked
C:\WINDOWS\WSCRIPT.EXE ok Quick checked
c:\Program Files\Microsoft Office\Office\WINWORD.EXE ok Quick checked

SORRY ABOUT THE DISPLAY IT Was originally an excel file

 

You have infected restore points. That is what AVG is finding. To flush your restore points follow the directions on how to Disable And Enable System Restore.

 

viruses and malware bgone

The log is clean and viruses are gone, but the printer still cannot connect. Here are a few things I found: within the msconfig startup screen it lists lxccmon.exe, lxccats (rundll32 c:\windows\system\lxcctime.dll), faxcenterserver, and run= (wini.ini, lxccppls.exe); within the devise manager everything needed is there but the usb composite devise has a green question mark. Any ideas? By the way thanks for your help

 

You're welcome.

As it appears that your computer is free of viruses; you may want to post your problem, with the printer, in the software or maybe the hardware forum. As this appears to be a problem with either the drivers for the printer or the USB ports. May even be an issue with the USB Ports themselves.

 

Not really clean

After updating the system, I reran spybot and adaware. They both found alexa and timesink. Now the timesink is another restore file. What happened? Also the Internet went bye-bye.

 

Follow the directions for Using GetRunKey.

Popst runkey.txt and a fresh HijackThis log.

 

I could not run and download runkey. I tried it with a floppy disk and it gave many unknown errors. I also tried it with a cd-rw, and it couldn't find the folder.

 

Your hijackThis log is clean.

GetRunKey has to be unzipped to your desktop.

 

I tried runkeys again but it would not create a txt file. It did find one file though? Since it is clean, I will return it to my brother. As with the printer issue, I say its a hardware issue such as memory or something. I'm just glad that it is clean now. Thanks a bunch.

 

Your welcome