View Full Version : cmdService removal
Sappy3339
2006-09-28, 03:09
I've followed the directions of other threads on this topic, but it looks like I need somebody to analyze my last HijackThis log to delete the Command Service stuff that is still causing pop-ups. Please assist...and thanx ahead of time...
Hi there.
Please see our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Copy paste the HJT log here into this thread along with the results of the on-line anti-virus scan, and a helper will advise you as soon as available to do so.
Cheers.
Sappy3339
2006-09-28, 19:36
Ran Panda, got this...
Incident Status Location
Adware:adware/systemdoctor Not disinfected c:\windows\system32\issearch.exe
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/safetybar Not disinfected c:\documents and settings\all users\desktop\Online Security Guide.url
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\LocalService\Cookies\system@go[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@as-us.falkag[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@atwola[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@bravenet[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@ccbill[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@drivecleaner[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@fortunecity[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@go[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@realmedia[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@stats1.reliablestats[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Robert Sapko\Cookies\robert sapko@www.drivecleaner[1].txt
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Robert Sapko\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Robert Sapko\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\Robert Sapko\Local Settings\Temp\b111.exe[eltadperf.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Robert Sapko\Local Settings\Temp\b111.exe[²ÜÇ\nsRandom.dll]
Sappy3339
2006-09-28, 19:37
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Robert Sapko\Local Settings\Temp\sa18A.exe[Spy-Quake2.exe]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Robert Sapko\Local Settings\Temp\win16B.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Robert Sapko\Local Settings\Temporary Internet Files\Content.IE5\7U87N905\srvgof[1].exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\BDEData2.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\BDEDownloader.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\BDEDATA2.CAB[BDEData2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\BDEDOWN.CAB[BDEDownloader.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\FILES\NSSETUP1.EXE[BDEData2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\FILES\NSSETUP1.EXE[BDEDOW~1.DLL]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\FILES\NSSETUP1.EXE[BDEFdi.dll]
Virus:Trojan Horse.AP2 Not disinfected C:\Maya\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEMAIN\bdemaindll.cab[NPBDMain.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{B46FA586-07C9-1033-1207-010320020001}\services.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\BDEData2.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\BDEDownloader.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\BDEDATA2.CAB[BDEData2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\BDEDOWN.CAB[BDEDownloader.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\FILES\NSSETUP1.EXE[BDEData2.dll]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\FILES\NSSETUP1.EXE[BDEDOW~1.DLL]
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEINSTA\FILES\NSSETUP1.EXE[BDEFdi.dll]
Virus:Trojan Horse.AP2 Not disinfected C:\unzipped\AliasWavefront Maya4 Final\tempdat\Virtual Reality\Maya 4 Final\PLUGINS\B3D\COMMON\BDEMAIN\bdemaindll.cab[NPBDMain.dll]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Duce6.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\SYSTEM32\components\flx7.dll
Virus:Trojan Horse.AP2 Disinfected C:\WINDOWS\SYSTEM32\NPBDMain.dll
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\SYSTEM32\urroxtl.dll_tobedeleted
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\__delete_on_reboot__w_i_n_5_7_._t_m_p_._e_x_e_
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Um9iZXJ0IFNhcGtv\oA62trLXKIh1w3QS.vbs
Sappy3339
2006-09-28, 19:39
I then ran Spybot in Safe mode and removed the 1 problem it found. Then I ran HJT and got this...
Logfile of HijackThis v1.99.1
Scan saved at 12:30:39 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSAC-FD1\MSSTAT.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\hijackthis\HijackThis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = squid.basspro.com:1378
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CDC3816-9AB5-11AA-DA2D-0002567FDA30} - C:\WINDOWS\system32\ixfivgg.dll
O2 - BHO: (no name) - {50B8EF84-D4F8-72FD-F005-09FDEF1034C7} - C:\WINDOWS\system32\qdjwten.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {D3EBE76F-87BE-4A9E-BAEB-D4072439EA6D} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [catf8606] RUNDLL32.EXE w324e201.dll,n 004f860200000002324e201
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinopes.exe ELT001
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: .protected
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130022255562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
LonnyRJones
2006-10-03, 15:45
Hello
Please download VundoFix.exe (http://www.atribune.org/content/view/24/2/)
to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
Double-click VundoFix.exe to run it.
Click scan for vundo, when it is finished scanning if these files were not added add them>
Right click the list box then select add files and add
C:\WINDOWS\system32\ssqrp.dll
do the same for this file
C:\WINDOWS\SYSTEM32\winhld32.dll
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Wait two mimutes then turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Next: Fallow the instrutions here, including posting the requested logs/reports
http://forums.spybot.info/showthread.php?t=4015
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.