Hello! I have been following your instructions for trying to get my system cleaned up. I have had Norton Internet Security running but it has apparently let me down.

I use IE and have found lately that when I click on certain google results, I get sent to places I don't want to be. Most recently weird sex sites. I can connect to the internet but cannot access microsoft.com nor symantec.com. I found one suggestion on a board that said to search the registry for the url of the site I am getting vectored to. When I try to search the registry, the system crashes and reboots. So, I have followed your instructions. AVG scan does the same thing - when scanning the registry the system crashes and reboots - even in safe mode. Therefore I have no log from that package. I have run superantispyware and attach two logs as requested (first scan was stopped pre-maturely due to pilot error). The I ran ccleaner. Upon booting in normal mode, I was no longer able to connect to the network and remember seeing something from a posting somewhere indicating that it could be related to removing rsvp322.dll therefore I restored it from the quarantine and now I can get out to the network. All of the problems that I have experienced continue. Attached are the logs from superantispyware and hijackthis.

Much obliged for any help that can be offered.

Thread moved by Upgrader

Attached Files

	SUPERAntiSpyware Scan Log - 01-06-2008 - 22-15-02.log (8.7 KB, 4 views)
	SUPERAntiSpyware Scan Log - 01-06-2008 - 23-05-49.log (5.4 KB, 2 views)
	hijackthis.log (11.0 KB, 8 views)

hello keller, and welcome to the forums.

Download LSPFix.exe

Instructions for using LSPFix

1. Double click on LSPFix.exe to run it.
2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
3. You'll find a windows with 2 columns. In the left column which is labeled 'Keep', click once to select the entry:
   • rsvp322.dll
4. Then click on the arrow pointing to the right, >>.
   This will move the entry to the right column labeled 'Remove'

Click the Finish button to complete the fix.

Next, you may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'


O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c7.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://www.americangreetings.6184511.com/ultrashim.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/702.../java/RntX.cab

Next, go to start > run > appwiz.cpl and remove the following apps:

viewpoint manager

Then reboot and post a new log please.

thanks,

v

Thank you very much for your quick response. I have performed the functions as specified. I have found many more things cleared from the system. The system seems to be more responsive now but there remains some problems - namely:
1) AVG still crashes the system/reboots when scanning the registry.
2) still cannot access microsoft.com or symantec.com
3) IE still vectoring me off to other sites.

Attached, please find the latest superantispyware and hjt logs.

thanks for your continued effort to bail me out.

norm

Attached Files

	SUPERAntiSpyware Scan Log - 01-07-2008 - 17-54-19.log (2.6 KB, 1 views)
	hijackthis2.log (9.8 KB, 1 views)

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

thanks,

v

OK, here are the combofix and new hjt logs as requested. FYI, there has been no improvement in browser behavior.

thanks
norm

Attached Files

	combofix.txt (11.4 KB, 3 views)
	hijackthis3.log (9.6 KB, 0 views)

Download SDFix from http://downloads.andymanchesta.com/R...ools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

thanks,

v