Please review this HJT log

Status
Not open for further replies.
You may want to download LSPFix beforehand, but...

Boot into Safe Mode, disable system restore.

download and run LSPFix from http://cexx.org/lspfix.htm
1. Run LSPFix.
2. Check 'I know what I'm doing'.
3. Select 'mdnsnsp.dll'
4. Click the right-pointing arrow (moves it to the "remove" page).
5. Click 'Finished'.

Go to start -> run and type the following lines then hit enter one at a time...
regsvr32 /u c:\program files\bonjour\mdnsnsp.dll
regsvr32 /u C:\WINDOWS\system32\ssqrr.dll

Open task manager and end the following processes if present...
mDNSResponder.exe
ps2.exe

run HJT again and let it fix any of the following should they exist...

C:\Program Files\Bonjour\mDNSResponder.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ssqrr.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

delete the following files and directories and remove them from the recycle bin...
c:\program files\bonjour\mdnsnsp.dll - remove directory in bold
C:\WINDOWS\system32\ssqrr.dll
C:\Program Files\Bonjour\mDNSResponder.exe - remove directory in bold
C:\WINDOWS\system32\ps2.exe

turn system restore back on and reboot. run HJT again and post a new log so we can see if it's got it all.
 
Thanks for all your help so far!

Unfortunately, I think my problem might be a little more difficult to fix. I ran LSPFix and removed "mdnsnsp.dll". That worked fine.

I then tried to enter the "regsvr32 /u c:\program files\bonjour\mdnsnsp.dll" command, but it wouldn't let me. It said "LoadLibrary("c:\program") failed - The specified module could not be found". I even tried looking for it myself by showing all hidden files and looking for it manually, but I saw the other files in the "bonjour" folder and not that one. I spell-checked the command to make sure I was typing it right, and I even made little variations, but it still wouldn't work. I typed the same command for "regsvr32 /u c:\WINDOWS\system32\ssqrr.dll, and that one worked fine (I'm assuming). All I know is that it said something succeeded, and I clicked on "OK" afterward.

I went ahead and continued, hoping that I could still go on without that one step. I ended the tasks you told me to using the task manager. I fixed everything you asked when I ran HJT again.

I tried deleting the "bonjour" folder, but it wouldn't let me because it said the "mdnsnsp.dll" file was running. Even when I couldn't even see it in the folder with all hidden files viewable. I also could not find "ssqrr.dll" after looking in the system32 folder for about 10 minutes. I WAS able to locate the ps2.exe file and delete it, but I did notice a file next to that also said ps2. The only difference is that the icon had a little gear in the middle, and when I checked to see what type of file it was, it said it was a "MS-DOS Batch File". Is this something that should concern me?

I started to go through the whole process again to see if something's wrong. I ran LSPFix again, but "mdnsnsp.dll" wasn't there anymore. I looked for the two items in the task manager, and they weren't there (they were also missing the first time I went through this step so I think this is normal). I ran HJT again, and it seems that most of what I tried to fix came back.

Is there anything else I can try to fix this? Again, I really appreciate you taking the time to help me out.
 
I'm terribly sorry. I may have screwed up the order in which I told you to do things.

Most of the nasties I mentioned the first time around seem to have gone from your HJT file, although I note that you didn't fix ALL 016 entries (because I forgot to tell you too! :blush:

anyways, go to start -> run -> type cmd and press enter. Try the following...

at the command prompt, type regsvr32 /u C:\WINDOWS\system32\ssqrr.dll and hit enter.

then, at the command line, type erase c:\windows\system32\ssqrr.txt and hit enter.

If the latter of these two commands didn't work, try them in Safe Mode. If they do work, run HJT and fix the following 2 entries if present, and while you're there, fix ALL 016 entries...

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ssqrr.dll
20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll

Also, with that ps2.bat, is your keyboard a hewlett packard one?

sorry about the mess :dead:
 
Status
Not open for further replies.
Back