NCLAUNCH.exe

it wouldnt let me delete lspak.dll in safe mode. it said access denied

heres the new log:

Logfile of HijackThis v1.97.7
Scan saved at 11:06:18 PM, on 7/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab

Download moveonboot from here & the file(s) you choose will be deleted on reboot.

MoveOnBoot allows you to copy, move or delete files on the next system boot. This comes in very handy, if you need to replace or delete files which are locked by other applications, loaded into memory or cannot be changed until next system boot. You could manually enter a line to the wininit files, but using MoveOnBoot is much simpler, since the program can be integrated into shell - it creates the "Copy/Move/Delete on boot" context menu item.

Run the LSP fix again following the same instructions.
Then use moveonboot to remove the file. Just right click on the file after you have installed moveonboot & select delete on reboot.

ah man.......

i dont want to be rash, but why the h**l did you tell me to delete lspak.dll.

that was the internet program. now i cant use any applications that use the internet. (aim, radio@netscape, internet explorer)

everything is shut off cuz the file was deleted.

now i have nothing! nothing!!!!!!!!!!!

is there any salvation sir??

The reason I had you delete it is because it is listed as MALWARE at this site http://www.angeltowns.com/members/zupe/lsps.html
Did you run LSPFIX first? That should have removed the entry correctly before it's manual deletion.
Try the following:
Run LSPFIX again but do not move anything, just hit the finish button.

johnswanson, this particular malware file, lspak.dll, was embedded into your Windows Winsock, or your internet connection.
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
It should not be there, and slows you down. When you deleted it, your winsock was broken, as you know by now. The LspFix is what you need, it was created specifically for the purpose of removing and fixing the damage these types of files cause.

okay, so what do i do now?
running lspfix will give me back the internet?

how do i get the connection back?

i ran lspfix again, it didnt do anything to help get the internet back, are you guys just gonna bail on this project or is there anything you can suggest to fix the problem.

thanks for the time and effort
john

I have advised on the removal of that file on numerous occasions & not had any problems of any kind. I can only assume that an operator or system error occurred in the removal process.

Try the following tool to try & repair the problem;

http://www.spychecker.com/program/winsockxpfix.html