hi... need help with spyware... lost my internet connection after getting the the following: system32\rsvp32_2.dll what are the possible steps to take to restore the internet connection? THANKS!!
On your system with internet access, please download these two files. You can transfer them to the problem system with a diskette, flashdrive, or cd. Put them on the desktop of the infected system, and continue with the HijackThis instructions below. Please download HijackThis! SetUp here: http://downloads.malwareremoval.com/HJTsetup.exe Save the file to your desktop. Please also get this program: http://cexx.org/lspfix.zip Please also print these instructions: http://www.bleepingcomputer.com/tutorials/tutorial59.html I would anticipate a first step in fixing your problem is to follow these instructions to remove the dll file you referenced in your post. If this restores your internet connection, Get atf cleaner: http://www.atribune.org/content/view/25/2/ and use it to clean your temporary files, temporary internet files, and cookies (after copying any cookies you want to save). Run this online scan, (upper left corner of the page): http://www.ewido.net/en/onlinescan/ If you want additional review of your system, please post the ewido scan log and a hijackthis log. Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Check the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start. Then press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Copy the log into this thread. Thanks. bc
Logfile of HijackThis v1.99.1 Scan saved at 3:07:19 PM, on 11/06/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\VTTimer.exe C:\WINDOWS\System32\S3trayp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\Grisoft\AVG7\avgvv.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.singnet.com.sg/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.21.83.252:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MotiveReportAgent] "C:\PROGRA~1\COMMON~1\Motive\MCCIBO~1.EXE" /url="-APPKEY=Motive -WindowContext=RA -url=file://C:\PROGRA~1\COMMON~1\Motive\REPORT~1.HTM" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Removable Storage NtmsSvcdmserver (NtmsSvcdmserver) - Unknown owner - C:\WINDOWS\System32\a234h.exe
i have performed the lspfix and hijackthis. but the internet connection is not restored yet. Please advise.... thks!!
Your situation is beyond the level of knowledge that I have. I had googled the file name you posted and I found lots of references where the fix was using lspfix with that file name. Here is a link for an additional tool for winsock repair. http://windowsxp.mvps.org/winsock.htm I don't know what the risks are to you for using it, or what else to suggest if it does not work. bc
