Try To fix without Restore

ok i found rvlknlg.exe on my computer and took me near an hour to get rid of it and while looking it up to find out how to get rid of it i found something called hijack this, well i used it and not knowing what i was doing fixed some of the things i thought i understood but i probably didnt and now i got some serious problems i think.

1. the first thing i tried to do was restore...well it says my c drive is turned off and i dont know how that is possible.

2. my process has slowed down considerably but my internet seems to have sped up a good bit. ex. on msn messanger it used to work fine now it takes about 10 seconds for my message to show up and be sent. and opening windows takes a little longer than it should

3. here is a list of the items on the hijackthis list

Logfile of HijackThis v1.99.1
Scan saved at 8:28:40 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dogpile.com/info.dogpl.dld.toolbar/dog/forms/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/info.dogpl.dld/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.dogpile.com/info.dogpl.dld.toolbar/dog/forms/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.dld.toolbar/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.dogpile.com/info.dogpl.dld.toolbar/
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45B7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_2d88.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis\HijackThis.exe /startupscan
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBYYYYYYYYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll

 

All that means is that he has or had Limewire. Well, other than a helluva lot of spyware and toolbars I don't see anything wrong. But then again my eye isn't good enough to see if something is missing from that list. Plus I don't know what you deleted.

 

the only stand out there is
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis\HijackThis.exe /startupscan
i think maybe that HijackThis is doing a scan when you start your computer and is probably chewing your resources!

 

hmm well can someone tell me which of those i should delete/fix

 

i have used adaware and have found several objects no matter how many times i use adaware i cant get them permanently deleted....

Vendor:Backdoor.Prorat.16
Category:Malware
Object Type:RegData
Size:46 Bytes
Location:software\microsoft\windows nt\currentversion\winlogon "Shell" (explorer.exe c:\windows\system32\fservice.exe)
Last Activity:8-11-2005
Risk Level:Low
TAC index:8
Comment:
Description:a backdoor which allows unauthorised access or control of the computer from a remote location

Vendor:Backdoor.Prorat.16
Category:Malware
Object Type:RegValue
Size:33 Bytes
Location:software\microsoft\windows\currentversion\policies\explorer\run "DirectX For Microsoft® Windows"
Last Activity:8-11-2005
Risk Level:Low
TAC index:8
Comment:"DirectX For Microsoft® Windows"
Description:a backdoor which allows unauthorised access or control of the computer from a remote location


Vendor:Windows
Category:Vulnerability
Object Type:RegData
Size:46 Bytes
Location:software\microsoft\windows nt\currentversion\winlogon "Shell" (explorer.exe c:\windows\system32\fservice.exe)
Last Activity:8-11-2005
Risk Level:Low
TAC index:3
Comment:Shell Possibly Compromised
Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.



Vendor:Backdoor.Prorat.16
Category:Malware
Object Type:Regkey
Size:31 Bytes
Location:...\{5y99ae78-58tt-11dw-be53-y67078979y}\
Last Activity:8-11-2005
Risk Level:Low
TAC index:8
Comment:
Description:a backdoor which allows unauthorised access or control of the computer from a remote location



Vendor:Backdoor.Prorat.16
Category:Malware
Object Type:RegValue
Size:31 Bytes
Location:...\installed components\{5y99ae78-58tt-11dw-be53-y67078979y} "StubPath"
Last Activity:8-11-2005
Risk Level:Low
TAC index:8
Comment:
Description:a backdoor which allows unauthorised access or control of the computer from a remote location

 

grab a copy of Spyware Doctor and Spybot S&D and see if they can detect and delete those entries adaware found!

 

could i get some free links to safe downloads ?

 

spybot
http://www.safer-networking.org/en/download/
spyware doctor
http://www.pctools.com/