1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with spyware

Discussion in 'Windows - Virus and spyware problems' started by skeg28, Jun 8, 2007.

  1. skeg28

    skeg28 Member

    Joined:
    Jun 8, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    hi... need help with spyware...

    lost my internet connection after getting the the following:
    system32\rsvp32_2.dll

    what are the possible steps to take to restore the internet connection?

    THANKS!!
     
  2. bluecoal

    bluecoal Guest

    On your system with internet access, please download these two files. You can transfer them to the problem system with a diskette, flashdrive, or cd. Put them on the desktop of the infected system, and continue with the HijackThis instructions below.

    Please download HijackThis! SetUp here:
    http://downloads.malwareremoval.com/HJTsetup.exe
    Save the file to your desktop.

    Please also get this program:
    http://cexx.org/lspfix.zip

    Please also print these instructions:
    http://www.bleepingcomputer.com/tutorials/tutorial59.html
    I would anticipate a first step in fixing your problem is to follow these instructions to remove the dll file you referenced in your post.

    If this restores your internet connection,

    Get atf cleaner:
    http://www.atribune.org/content/view/25/2/
    and use it to clean your temporary files, temporary internet files, and cookies (after copying any cookies you want to save).

    Run this online scan, (upper left corner of the page):
    http://www.ewido.net/en/onlinescan/

    If you want additional review of your system, please post the ewido scan log and a hijackthis log.


    Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Check the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

    Then press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Copy the log into this thread.

    Thanks.
    bc
     
    Last edited by a moderator: Jun 8, 2007
  3. skeg28

    skeg28 Member

    Joined:
    Jun 8, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 3:07:19 PM, on 11/06/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\VTTimer.exe
    C:\WINDOWS\System32\S3trayp.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.singnet.com.sg/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.21.83.252:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MotiveReportAgent] "C:\PROGRA~1\COMMON~1\Motive\MCCIBO~1.EXE" /url="-APPKEY=Motive -WindowContext=RA -url=file://C:\PROGRA~1\COMMON~1\Motive\REPORT~1.HTM" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\MotiveBrowser.exe" /hidden
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Removable Storage NtmsSvcdmserver (NtmsSvcdmserver) - Unknown owner - C:\WINDOWS\System32\a234h.exe
     
  4. skeg28

    skeg28 Member

    Joined:
    Jun 8, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    i have performed the lspfix and hijackthis.
    but the internet connection is not restored yet.
    Please advise.... thks!!
     
  5. bluecoal

    bluecoal Guest

    Your situation is beyond the level of knowledge that I have.

    I had googled the file name you posted and I found lots of references where the fix was using lspfix with that file name.

    Here is a link for an additional tool for winsock repair.
    http://windowsxp.mvps.org/winsock.htm

    I don't know what the risks are to you for using it, or what else to suggest if it does not work.

    bc
     

Share This Page