Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 5.9.2025 / 00:20
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help with spyware
Show topics
 
Forums
Forums
Need help with spyware
  Jump to:
 
Posted Message
skeg28
Newbie
_ 		8. June 2007 @ 04:50 _ Link to this message    Send private message to this user   
hi... need help with spyware...

lost my internet connection after getting the the following:
system32\rsvp32_2.dll

what are the possible steps to take to restore the internet connection?

THANKS!!
[ + quote]
Advertisement
_ 		__
bluecoal
Suspended due to non-functional email address
_ 		8. June 2007 @ 05:53 _ Link to this message    Send private message to this user   
On your system with internet access, please download these two files. You can transfer them to the problem system with a diskette, flashdrive, or cd. Put them on the desktop of the infected system, and continue with the HijackThis instructions below.

Please download HijackThis! SetUp here:
http://downloads.malwareremoval.com/HJTsetup.exe
Save the file to your desktop.

Please also get this program:
http://cexx.org/lspfix.zip

Please also print these instructions:
http://www.bleepingcomputer.com/tutorials/tutorial59.html
I would anticipate a first step in fixing your problem is to follow these instructions to remove the dll file you referenced in your post.

If this restores your internet connection,

Get atf cleaner:
http://www.atribune.org/content/view/25/2/
and use it to clean your temporary files, temporary internet files, and cookies (after copying any cookies you want to save).

Run this online scan, (upper left corner of the page):
http://www.ewido.net/en/onlinescan/

If you want additional review of your system, please post the ewido scan log and a HijackThis log.


Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Check the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

Then press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Copy the log into this thread.

Thanks.
bc
[ + quote]

This message has been edited since posting. Last time this message was edited on 8. June 2007 @ 06:48
skeg28
Newbie
_ 		10. June 2007 @ 23:11 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 3:07:19 PM, on 11/06/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\S3trayp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.singnet.com.sg/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.21.83.252:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\PROGRA~1\COMMON~1\Motive\MCCIBO~1.EXE" /url="-APPKEY=Motive -WindowContext=RA -url=file://C:\PROGRA~1\COMMON~1\Motive\REPORT~1.HTM" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Removable Storage NtmsSvcdmserver (NtmsSvcdmserver) - Unknown owner - C:\WINDOWS\System32\a234h.exe
[ + quote]
skeg28
Newbie
_ 		10. June 2007 @ 23:21 _ Link to this message    Send private message to this user   
i have performed the lspfix and HijackThis.
but the internet connection is not restored yet.
Please advise.... thks!!
[ + quote]
Advertisement
_ 		__
 
_
bluecoal
Suspended due to non-functional email address
_ 		11. June 2007 @ 12:36 _ Link to this message    Send private message to this user   
Your situation is beyond the level of knowledge that I have.

I had googled the file name you posted and I found lots of references where the fix was using lspfix with that file name.

Here is a link for an additional tool for winsock repair.
http://windowsxp.mvps.org/winsock.htm

I don't know what the risks are to you for using it, or what else to suggest if it does not work.

bc
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help with spyware
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork