task maneger

[aLwEjDaN]

i have a problem with my computer

i was installing a programe then i got an error that i can't install it . .then limewire start to become slower and disconnect evey time . . after that when i press CTRL+ALT+DEL nothing happens!! i can't open my task maneger . . and now even worse i can't access my messenger and can't use my browser i keep clicking on the browser and it's not working

please help

i don't want to formmate the computer . . i have so many things on it and i don't want to lose them !!

 

[Verve]

Looks like a virus. The safest thing is to get rid of p2p programs (lime) and then you can clear the computer with Panda Antivirus and Ad-aware (both free). Also, you should get Hijack This! and post a log here.
Download it here:
http://majorgeeks.com/downloadget3155-1-786f6c07249268d14b584f8717e8bf44.html

Buzz should come along and help you out.

 

[aLwEjDaN]

that's what i got and i get rid of lime

Logfile of HijackThis v1.99.1
Scan saved at 11:08:03 م, on 01/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\system\driver\csrss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wentxp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Documents and Settings\mohamed\Desktop\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ldvvfdsrepunisuqrmsrjjbr...1_NYuPV8sM2XUz6w4KpznyPMBnUbZDnTOtLm06ftu.htm
O2 - BHO: CLSID Support Dll - {32978850-02C0-4F0F-A5E6-C22FB04423FC} - C:\WINDOWS\System32\clsidcore.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\Program Files\RXToolBar\lmf32v.dll (file missing)
O2 - BHO: (no name) - {9A4095B2-1BDD-8270-CE97-BE6F19BC02B5} - C:\DOCUME~1\mohamed\APPLIC~1\TITLER~1\seekbeep.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1836014-8603-8628-98AE-A589DD699A79} - C:\DOCUME~1\mohamed\APPLIC~1\TITLER~1\seekbeep.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PURE FORK USER AUDIO] C:\Documents and Settings\All Users\Application Data\Settings Ball Pure Fork\remote move.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\mohamed\Local Settings\Temporary Internet Files\Content.IE5\ODINGTIZ\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [Hnfbj] C:\Program Files\Ntym\Hyqnfc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [HeartOneJunkWait] C:\Documents and Settings\All Users\Application Data\MAGS LESS HEART ONE\start mix.exe
O4 - HKLM\..\Run: [NS Agnt] msagnts.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [rdvwonqm] C:\WINDOWS\system32\rdvwonqm.exe /setuser
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [Ares Galaxy FasterDownload] "C:\Program Files\Ares Galaxy FasterDownload\Ares Galaxy FasterDownload.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sound Pilot] "C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Mediabird] C:\DOCUME~1\mohamed\APPLIC~1\GPLREC~1\plancake.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_adult/180solutions/ie/bridge-c9.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://67.19.41.100:1995/talk.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: Security Accounts Manager service (rdvwonqm) - Unknown owner - C:\WINDOWS\system32\rdvwonqm.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

 

[just_a_nobody]

Dang, you have a lot of nasty stuff on there.

These entries have been positively identified as malicious programs. In the HijackThis program, place a check mark next to the following entries.

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll
(Description: NewDotNet)

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
(Description: File of this BHO is missing -- probably a remnant of adware or spyware. OK to remove this entry.)

O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - C:\Program Files\RXToolBar\lmf32v.dll (file missing)
(Description: LinkReplacer keyword hijacker)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
(Description: A blank toolbar entry. Possibly an adware toolbar that was removed by an anti-virus or anti-spyware program.)

O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
(Description: Added as a result of the GAOBOT.BIA WORM! )

O10 - Hijacked Internet access by New.Net
(Description: New.Net browser hijacker)

O10 - Hijacked Internet access by New.Net
(Description: New.Net browser hijacker)

O10 - Hijacked Internet access by New.Net
(Description: New.Net browser hijacker)

O10 - Hijacked Internet access by New.Net
(Description: New.Net browser hijacker)

O10 - Hijacked Internet access by New.Net
(Description: New.Net browser hijacker)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab_ad.../bridge-c9.cab
(Description: Advertising delivery service.)

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
(Description: Unknown malware.)

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [Internet Optimizer] \"C:\Program Files\Internet Optimizer\optimize.exe\"
(Description: Internet connection optimizer. Leave this enabled if you find it improves your connection. Otherwise, remove it to free up some system resources. )

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)


1) Press the "Fix checked" button. Then close HijackThis.

2) Then reboot your computer.

3) Uninstall NewDotNet and delete the folder C:\Program Files\NewDotNet\

4) Delete the file LMF32.DLL which resides in C:\WINDOWS\System32\ or C:\WINDOWS\System\

5) Search for and delete the file winupdate.exe

6) Delete the file referenced in the "O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34545}" entry of your log.

7) Empty your recycle bin.

8) Run Windows Update and install all critical updates.

9) Make sure your anti-virus program is up to date with the latest patches. If you do not have an anti-virus program, download and install AVG Personal Edition Anti-Virus, which is free.

10) Reboot one last time.

Now, re-run HJT and post your log at this site: http://www.hijackthis.de/index.php?langselect=english and remove any NASTY entries.

 

[aLwEjDaN]

thanx it solved the problem of accessing the internet, but still nothing happened when i press Ctel+alt+del . . and the computer keep making noise . . it sounds like a fan or something!!
thanx again . . the most imprtant thing to me was accessing the internet

 

[aLwEjDaN]

thanx the problem is solved . . i just wana know what is hijack ?

can i keep it and use it every time i have a problem or remove it from my pc ?

thanx again

 

[Buzz1927]

Dang, you have a lot of nasty stuff on there.

Yes they have, and you missed most of it.

aLwEjDaN, do the scans below and reboot, then post a new Hijackthis log.
http://www.computerforum.com/showthread.php?t=24782

 

[aLwEjDaN]

i used all the scans that you told me to use and that's what i got as a result

Logfile of HijackThis v1.99.1
Scan saved at 04:06:33 م, on 03/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rdvwonqm.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WordWeb\wweb32.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mohamed\My Documents\FaTiMa\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cdllsillthl.com/U13M8HpgUa/NB0vj0XQUy1JtWptx68VCs9PD_R7shPMYbkpntR_C/TXU/tOGEP4w.html
O2 - BHO: CLSID Support Dll - {32978850-02C0-4F0F-A5E6-C22FB04423FC} - C:\WINDOWS\System32\clsidcore.dll
O2 - BHO: (no name) - {9A4095B2-1BDD-8270-CE97-BE6F19BC02B5} - C:\DOCUME~1\mohamed\APPLIC~1\TITLER~1\seekbeep.exe
O2 - BHO: (no name) - {C1836014-8603-8628-98AE-A589DD699A79} - C:\DOCUME~1\mohamed\APPLIC~1\TITLER~1\seekbeep.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PURE FORK USER AUDIO] C:\Documents and Settings\All Users\Application Data\Settings Ball Pure Fork\remote move.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\mohamed\Local Settings\Temporary Internet Files\Content.IE5\ODINGTIZ\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [Hnfbj] C:\Program Files\Ntym\Hyqnfc.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [HeartOneJunkWait] C:\Documents and Settings\All Users\Application Data\MAGS LESS HEART ONE\start mix.exe
O4 - HKLM\..\Run: [NS Agnt] msagnts.exe
O4 - HKLM\..\Run: [rdvwonqm] C:\WINDOWS\system32\rdvwonqm.exe /setuser
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [Ares Galaxy FasterDownload] "C:\Program Files\Ares Galaxy FasterDownload\Ares Galaxy FasterDownload.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sound Pilot] "C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Mediabird] C:\DOCUME~1\mohamed\APPLIC~1\GPLREC~1\plancake.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A920F7FD-1AEC-4A9F-8425-66FF1E9F38B4}: NameServer = 212.77.192.59 212.77.192.60
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: Security Accounts Manager service (rdvwonqm) - Unknown owner - C:\WINDOWS\system32\rdvwonqm.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

 

[Buzz1927]

Go to add\remove programs and select Messenger Plus 3. There should be an option to uninstall the sponsor software. If there isn't, uninstall Messenger Plus.
Also remove-

p2p networking
media gateway

and any other programs you don't recognise.

Download, update and run a full scan with Ewido.
http://download.ewido.net/ewido-setup.exe

Then reboot and post a new Hijackthis log.

Oh, and what country do you live in?

 

[aLwEjDaN]

i wasn't able to find p2p network, so i didn't remove it; however i removed lime wire and kazza

i live in Qatar a country in the Arabian Peninsula

Logfile of HijackThis v1.99.1
Scan saved at 03:54:45 ص, on 04/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wentxp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\mohamed\My Documents\FaTiMa\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PURE FORK USER AUDIO] C:\Documents and Settings\All Users\Application Data\Settings Ball Pure Fork\remote move.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\mohamed\Local Settings\Temporary Internet Files\Content.IE5\ODINGTIZ\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [Hnfbj] C:\Program Files\Ntym\Hyqnfc.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [NS Agnt] msagnts.exe
O4 - HKLM\..\Run: [rdvwonqm] C:\WINDOWS\system32\rdvwonqm.exe /setuser
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [Ares Galaxy FasterDownload] "C:\Program Files\Ares Galaxy FasterDownload\Ares Galaxy FasterDownload.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sound Pilot] "C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c10.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A920F7FD-1AEC-4A9F-8425-66FF1E9F38B4}: NameServer = 212.77.192.59 212.77.192.60
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: Security Accounts Manager service (rdvwonqm) - Unknown owner - C:\WINDOWS\system32\rdvwonqm.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

 

[Buzz1927]

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

Exit Spy Sweeper.

Then reboot and post a new Hijackthis log.

 

[aLwEjDaN]

after using Ewido scan that you told me to use . . the compute become slower and i keep get this error message
"Insufficient system resources exist to complete the requested service" . . . the computer is becoming slower and i have to restart it every 30 min because i can't open any folders, files, or programs.

isn't there any program that repair windows without losing my files because i have large foldres and many projeacts and i don't have time to copy them on dvd's and i don't have large space on the D drive

please help

 

[Buzz1927]

Uninstall Ewido and Spysweeper after scanning with it. Reboot and post a new Hijackthis log. And have you got your Windows disc?

 

[aLwEjDaN]

i don't have a windows disk !

Logfile of HijackThis v1.99.1
Scan saved at 11:53:51 م, on 04/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\wentxp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rdvwonqm.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mohamed\My Documents\FaTiMa\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [NS Agnt] msagnts.exe
O4 - HKLM\..\Run: [rdvwonqm] C:\WINDOWS\system32\rdvwonqm.exe /setuser
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System service79] C:\WINDOWS\\\etb\\pokapoka79.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sound Pilot] "C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131083912140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: Security Accounts Manager service (rdvwonqm) - Unknown owner - C:\WINDOWS\system32\rdvwonqm.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

 

[Buzz1927]

Please download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe

Save it to your desktop.

• Double-Click LQfix.exe and click Next > Next > Install.
• Leave the default settings, if you change them, the fix will Fail!
• You need an active Internet connection, so make sure your connection is enabled.
• Now make sure the "Launch LQfix" box is checked.
• Click the Finish button, after clicking the Finish button the fix will start.
• Follow the on-screen prompts.
• Your system will reboot afterwards.
• Please be patient after the reboot, there is a script running in the background that needs to complete.

Then do a scan with HJT and post a new log

 

[aLwEjDaN]

nothing happened when i install the programe . . it only restarts the computer

Logfile of HijackThis v1.99.1
Scan saved at 12:39:22 ص, on 05/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\rdvwonqm.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mohamed\My Documents\FaTiMa\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [NS Agnt] msagnts.exe
O4 - HKLM\..\Run: [rdvwonqm] C:\WINDOWS\system32\rdvwonqm.exe /setuser
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sound Pilot] "C:\Program Files\Invention Pilot\Sound Pilot\SndPilot.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131083912140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A920F7FD-1AEC-4A9F-8425-66FF1E9F38B4}: NameServer = 212.77.192.59 212.77.192.60
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: Security Accounts Manager service (rdvwonqm) - Unknown owner - C:\WINDOWS\system32\rdvwonqm.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

 

[Buzz1927]

Download Brute Force Uninstaller.
Unzip it to it’s own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\p2pnetwork.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Then please run HijackThis, click Scan, and check the following:

O4 - HKLM\..\Run: [NS Agnt] msagnts.exe
O4 - HKLM\..\Run: [rdvwonqm] C:\WINDOWS\system32\rdvwonqm.exe /setuser
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: Security Accounts Manager service (rdvwonqm) - Unknown owner - C:\WINDOWS\system32\rdvwonqm.exe


Close all open windows and click Fix Checked.

Make sure you can see hidden files, then find and delete these folders\files.

C:\WINDOWS\system32\rdvwonqm.exe
C:\Program Files\Common Files\Windows
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

Search for and delete this file.

msagnts.exe

Then reboot and post a new Hijackthis log.

 

[aLwEjDaN]

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

i can't download from this link!

 

[Buzz1927]

It looks like Geekstogo is down at the moment. I don't think there's a mirror for this, just keep trying until it's back up.

 

[Buzz1927]

Back now.