Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spybot can't fix cmdService


  • Please log in to reply

#1
suite1009

suite1009

    Member

  • Member
  • PipPip
  • 22 posts
When i run my Spybot Search and Destroy program there is always the "Command Service" that gets found with three registry keys that cannot be removed no matter what i do. The three registry keys are:

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService


I've run ad-aware and it doesn't even detect it. I have Avanti Anti-Virus as well as Mcafee. This is my Computer at work that is on a network with maybe 12-14 different computers and I'm running Windows XP Pro, My Computer isn't acting too crazy but who knows what this this malware/adware/virus could be doing behind the scenes. Just FYI...I already have Hijack This v. 1.99.1 installed on my computer.

Any help would be much appreciated.
Thanks in advance.
  • 0

Advertisements


#2
suite1009

suite1009

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Sorry. Following the instructions given, Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 3:38:46 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Mozy\mozybackup.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\omar.DOMAIN1\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E994AC0-675E-4225-901D-AE2AF03802FC} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/...d/fastbidx1.cab
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid2 Class) - http://www.bxwa.com/...d/fastbidx2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://pol.cproject...ewer/msxml4.cab
O16 - DPF: {91FB832C-0E87-11D6-8FCE-00A0CC5783E8} (Cprojects.CpViewer) - https://pol.cproject...r/Cprojects.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol....,20/McGDMgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domain1.local
O17 - HKLM\Software\..\Telephony: DomainName = domain1.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{84662DE3-4E32-4C6D-B81E-4BEDBF8AB11A}: NameServer = 192.168.0.4,206.13.29.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domain1.local
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winnjm32 - winnjm32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MozyBackup - Unknown owner - C:\Program Files\Mozy\mozybackup.exe



Here is the Un-Install list:

Ad-Aware SE Personal
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Communicator (remove only)
AOL Connectivity Services
ATI Control Panel
ATI Display Driver
AutoCAD 2007 - English
Autodesk Architectural Desktop 3.3
Autodesk DWF Viewer
avast! Antivirus
Banctec Service Agreement
BidView
Broadcom Advanced Control Suite 2
CleanUp!
Dell Driver Reset Tool
Dell Support 5.0.0 (766)
Designjet Software & Driver Installation Wizard
Dodge View
DVR Client Program
Easy CD & DVD Creator 6
Folder Lock
Google Earth
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel Application Accelerator
Internet Explorer Default Page
iSqFt Full Viewer V4.01
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Kirby Alarm v2.11
LimeWire PRO 4.12.6
Macromedia Flash Player 8
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Project 2000 SR-1
Mozy 1.6.50.1
On-Screen Takeoff 2.7
PDF4U Pro 2.0 (FULL Version)
PowerDVD 5.3
QuickTime
RealPlayer Basic
Registry Mechanic 5.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
ShowSize PE
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:15:13 PM 11/2/2006

+ Scan result:



:mozilla.12:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.30:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.34:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.25:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned.
:mozilla.10:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.11:C:\Documents and Settings\omar.DOMAIN1\Application Data\AOL Communicator\ac_mail.gkp\cookies.txt -> TrackingCookie.Ru4 : Cleaned.


::Report end


please help
Thanks again.
  • 0

#3
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi there :whistling:

Please run a scan with HijackThis and check the following lines for removal:

O2 - BHO: (no name) - {3E994AC0-675E-4225-901D-AE2AF03802FC} - blank (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O20 - Winlogon Notify: winnjm32 - winnjm32.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.


Please download delcmdservice (by Marckie), and save it to your Desktop.


* Unzip the content to your Desktop (a folder named delcmdservice)
* Double-click on the delcmdservice folder
* Double-click on delreg.bat to launch the tool
* When the tool has finished, please reboot your computer.

Rescan with Spybot and see if it still detects it

Edited by loophole, 02 November 2006 - 07:21 PM.

  • 0

#4
suite1009

suite1009

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Wow! I did what you said, restarted, ran a new scan and it didn't come up! Thank you very much.
What was that and why did it happen?
Thanks again
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Great :whistling: It was just some leftover registry entries. Everything back to normal?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP